Endava is seeking a highly experienced Senior Cyber Incident Response Analyst to lead incident response activities and strengthen cyber defence capabilities across enterprise client environments.

This senior technical role operates within a hybrid security operations model that includes managed SOC providers and internal cyber defence capabilities. The role is responsible for coordinating complex incident response investigations, improving detection and response capabilities, and driving operational maturity across security monitoring, automation, and incident management processes.

Working closely with Security Operations, Cyber Engineering, Threat Intelligence, and IT operations teams, the Senior Cyber Incident Response Analyst ensures that security incidents are detected, investigated, and contained rapidly while driving continuous improvements in monitoring coverage, response playbooks, and automation capabilities.

The role will also act as a technical escalation point for security operations and play a key role in strengthening cyber resilience through operational governance, incident testing, and detection engineering improvements.

Responsibilities:

• Lead and coordinate cyber incident response activities across internal teams, managed SOC providers, and technology stakeholders.
• Act as the senior technical escalation point for security operations and incident response investigations.
• Investigate complex security incidents including malware infections, account compromise, insider threats, and advanced attack activity.
• Coordinate containment, remediation, and recovery actions during cyber incidents.
• Improve security monitoring and response processes by refining detection logic, alert triage processes, and response playbooks.
• Partner with SOC, Threat Intelligence, and Vulnerability Management teams to strengthen detection coverage and threat visibility.
• Lead the development and maintenance of incident response playbooks and response procedures.
• Drive improvements in cyber defence capabilities through automation using SOAR and security tooling integrations.
• Analyse incident trends and root causes to identify security control gaps and recommend preventative improvements.
• Ensure accurate incident documentation, audit trails, and post-incident reviews including lessons learned and improvement actions.
• Participate in cyber incident simulations and response exercises to improve organisational readiness.
• Support service governance with managed SOC providers, ensuring service delivery meets defined SLAs and operational KPIs.

Experience:

• 10+ years of experience in cybersecurity or IT, with at least 6 years in Security Operations Centre (SOC) or Incident Response roles.
• Demonstrated experience leading or coordinating cyber incident investigations in enterprise environments.
• Hands-on experience performing digital forensics, threat investigation, and incident containment activities.
• Experience working within hybrid security operations models that include outsourced SOC providers or managed security services.
• Experience developing incident response processes, playbooks, and operational procedures.
• Experience improving detection engineering and response capabilities using SIEM, EDR, and security automation platforms.
• Experience analysing threat intelligence and attacker techniques to improve detection use cases.
• Relevant cybersecurity certifications such as GIAC, CISM, OSCP, CEH, or equivalent are desirable.

Technical Skills:

• Hands-on experience with modern cyber defence technologies including:SIEM platforms (e.g., Splunk, Sentinel, or equivalent)
• Endpoint Detection and Response (e.g., Crowd Strike, Microsoft Defender)
• Security Orchestration and Automation (SOAR) platforms
• Threat intelligence platforms and monitoring tools
• Strong knowledge of incident response methodologies and cyber kill chain analysis.
• Experience analysing attacker techniques and mapping detections using frameworks such as MITRE ATT&CK.
• Experience developing detection use cases and improving alert fidelity.
• Familiarity with cyber incident management metrics such as:Mean Time to Detect (MTTD)
• Mean Time to Respond (MTTR)
• Detection coverage and response effectiveness
• Understanding of digital forensics techniques including log analysis, endpoint investigation, and network event analysis.
• Ability to translate threat intelligence, incident learnings, and vulnerability insights into improvements in security controls and detection capabilities.
• Experience scripting or automating response workflows to improve security operations efficiency is advantageous.
• Familiarity with regulatory and compliance obligations related to incident reporting and evidence preservation (e.g., GDPR, NIS2) is beneficial.

Discover some of the global benefits that empower our people to become the best version of themselves:

• Finance: Competitive salary package, share plan, company performance bonuses, value-based recognition awards, referral bonus;
• Career Development: Career coaching, global career opportunities, non-linear career paths, internal development programmes for management and technical leadership;
• Learning Opportunities: Complex projects, rotations, internal tech communities, training, certifications, coaching, online learning platforms subscriptions, pass-it-on sessions, workshops, conferences;
• Work-Life Balance: Hybrid work and flexible working hours, employee assistance programme;
• Health: Global internal wellbeing programme, access to wellbeing apps;
• Community: Global internal tech communities, hobby clubs and interest groups, inclusion and diversity programmes, events and celebrations.

At Endava, we’re committed to creating an open, inclusive, and respectful environment where everyone feels safe, valued, and empowered to be their best. We welcome applications from people of all backgrounds, experiences, and perspectives—because we know that inclusive teams help us deliver smarter, more innovative solutions for our customers. Hiring decisions are based on merit, skills, qualifications, and potential. If you need adjustments or support during the recruitment process, please let us know.

Technology is our how. And people are our why. For over two decades, we have been harnessing technology to drive meaningful change.

By combining world-class engineering, industry expertise and a people-centric mindset, we consult and partner with leading brands from various industries to create dynamic platforms and intelligent digital experiences that drive innovation and transform businesses.

From prototype to real-world impact - be part of a global shift by doing work that matters.