Incident Response Lead

Incident Response Lead

About CGI

At CGI, our Security Experts work on high-impact cyber security projects that protect and support real-world organisations. Our work spans a wide range of clients and critical environments, delivering meaningful outcomes in systems risk and security.

We’ve been recognised in the Sunday Times Best Places to Work 2025 and named a UK ‘Best Employer’ by the Financial Times.

We offer a competitive salary, strong pension, private healthcare, and a share scheme (3.5% + 3.5% matching), making you a CGI Partner rather than just an employee.

We are committed to inclusivity and diversity, actively supporting careers in tech across all backgrounds, including the Armed Forces community. We also hold a Gold Award under the Armed Forces Corporate Covenant.

This is a hybrid role.

Role Overview

As an Incident Response Lead, you will be part of CGI’s Global Security Operations Centre (GSOC), responsible for security monitoring, detection, and incident response across the organisation.

You will lead complex, technical incident response engagements, define response strategies, and guide teams through investigation, containment, and remediation activities across cloud, on-premise, and remote environments.

You will also act as a senior technical authority during live incidents and ensure clear communication across all levels of the business.

Key Responsibilities

• Lead end-to-end incident response engagements, ensuring timely investigation and remediation
• Define and execute incident response plans across complex environments
• Provide technical leadership across cloud, on-premise, and remote systems
• Conduct advanced digital forensics (host-based and network-based analysis)
• Act as senior subject matter expert during major security incidents
• Improve SOC capability, processes, and maturity through best practice
• Deliver malware analysis using static and dynamic techniques, including basic reverse engineering
• Participate in a 24/7 on-call rota for incident response support
• Collaborate with other teams to deliver mitigation strategies and post-incident lessons learned
• Provide mentoring and support to junior analysts within the GSOC

Required Skills & Experience

• Proven experience leading incident response engagements
• Strong understanding of incident response methodologies and tooling
• Solid knowledge of networking fundamentals
• Strong experience with Windows, Linux, and Unix systems
• Understanding of system vulnerabilities and exploitation techniques
• Experience with SIEM tools (e.g. Splunk, ArcSight, Logpoint, ELK)
• Experience with EDR platforms (e.g. CrowdStrike, SentinelOne, Microsoft Defender, Cortex)
• Knowledge of network detection and response (NDR) technologies
• Experience in malware analysis (static and dynamic) and reverse engineering
• Experience using threat intelligence platforms and sources
• Experience with behavioural analysis and insider threat investigations

Life at CGI

At CGI, you’ll be part of a culture built on ownership, teamwork, respect, and belonging.

As a CGI Partner, you’ll contribute to impactful security work while developing your career in a supportive, global organisation. You’ll have access to strong learning opportunities, leadership support, and the chance to work on meaningful, real-world challenges.