Endava is seeking a highly experienced Senior Cyber Incident Response Analyst to lead incident response activities and strengthen cyber defence capabilities across enterprise client environments.
This senior technical role operates within a hybrid security operations model that includes managed SOC providers and internal cyber defence capabilities. The role is responsible for coordinating complex incident response investigations, improving detection and response capabilities, and driving operational maturity across security monitoring, automation, and incident management processes.
Working closely with Security Operations, Cyber Engineering, Threat Intelligence, and IT operations teams, the Senior Cyber Incident Response Analyst ensures that security incidents are detected, investigated, and contained rapidly while driving continuous improvements in monitoring coverage, response playbooks, and automation capabilities.
The role will also act as a technical escalation point for security operations and play a key role in strengthening cyber resilience through operational governance, incident testing, and detection engineering improvements.
Responsibilities:
- Lead and coordinate cyber incident response activities across internal teams, managed SOC providers, and technology stakeholders.
- Act as the senior technical escalation point for security operations and incident response investigations.
- Investigate complex security incidents including malware infections, account compromise, insider threats, and advanced attack activity.
- Coordinate containment, remediation, and recovery actions during cyber incidents.
- Improve security monitoring and response processes by refining detection logic, alert triage processes, and response playbooks.
- Partner with SOC, Threat Intelligence, and Vulnerability Management teams to strengthen detection coverage and threat visibility.
- Lead the development and maintenance of incident response playbooks and response procedures.
- Drive improvements in cyber defence capabilities through automation using SOAR and security tooling integrations.
- Analyse incident trends and root causes to identify security control gaps and recommend preventative improvements.
- Ensure accurate incident documentation, audit trails, and post-incident reviews including lessons learned and improvement actions.
- Participate in cyber incident simulations and response exercises to improve organisational readiness.
- Support service governance with managed SOC providers, ensuring service delivery meets defined SLAs and operational KPIs.