Principal Incident Response Investigator

F-Secure

  • United Kingdom
  • Permanent
  • Full-time
  • 6 days ago
Job DescriptionAt WithSecure™, we protect businesses all over the world. Our SaaS solutions safeguard against modern cyber threats, and our innovative Co-security approach reflects our belief that true protection requires collaboration and shared expertise. No one can solve every cyber security problem alone. Our vision is to become Europe's flagship in cyber security. Every day, our talented teams work to prevent cyber extortion, secure critical infrastructure, and prevent misuse of sensitive data. At WithSecure, it's our people who make us exceptional - a diverse community that values passion, purpose, and a commitment to workplace well-being. If you're ready to make an impact with a company that's transforming cybersecurity, we'd love to hear from you.As a Principal Incident Response Investigator, you will be at the forefront of our IR practice, leading complex, high-profile cyber incident engagements for clients across government, critical national infrastructure, and the private sector.This senior role requires exceptional technical expertise, the ability to manage incidents under pressure, and strong communication skills to brief both executives and technical stakeholders. Due to the sensitive nature of much of our work, DV clearance (or the ability to attain it) is essential, and ChCSP - Incident Response certification (or the ability to attain) is highly desirable.You will serve as a trusted advisor to our clients, guiding them through critical incidents and helping them strengthen their resilience. Internally, you will drive capability development, mentor investigators, and contribute thought leadership to the wider security community.Key Responsibilities· Client-Facing Investigations: Lead end-to-end incident response engagements, from triage and containment to forensic analysis and recovery.· Incident Leadership: Act as incident commander/advisor for major client breaches, co-ordinating efforts across client stakeholders, third parties, and law enforcement.· Forensic Expertise: Conduct advanced forensic investigations across endpoints, servers, networks, cloud platforms, and SaaS environments.· Threat Attribution: Analyse adversary behaviour and integrate threat intelligence to inform attribution, client reporting, and proactive defences.· Executive Engagement: Deliver concise, risk-focused briefings to client executives, boards, and regulators during and after incidents.· Advisory Role: Provide clients with guidance on incident readiness, detection engineering, and response capability improvements.· Playbook & Tooling Development: Evolve methodologies, tools, and processes to ensure delivery excellence and repeatability.· Mentorship & Leadership: Coach and mentor junior investigators and consultants, developing the next generation of responders.· Knowledge Sharing: Contribute to white papers, conference talks, and internal knowledge repositories to advance our consultancy's reputation and capabilitiesWhat are we looking for?
  • DV clearance, or the ability to attain DV clearance, is essential.
  • Experience in incident response, digital forensics, or threat hunting, with significant consultancy or client-facing exposure.
  • Demonstrable experience leading large-scale or high-profile investigations, including ransomware, insider threats, and targeted intrusions.
  • Expertise in forensic acquisition and analysis across Windows, Linux, macOS, and cloud environments.
  • Deep understanding of attacker tactics, techniques, and procedures (TTPs), and frameworks such as MITRE ATT&CK.
  • Hands-on skills with SIEMs, EDRs, and forensics tools.
  • Scripting capability (Python, PowerShell, Bash) for investigation acceleration and automation.
  • Excellent communication skills, with the ability to build client trust and explain technical findings to non-technical audiences.
Preferred Qualifications/Experience
  • ChCSP - Incident Response certification, or the ability to attain, is highly desirable.
  • Certifications such as GIAC (GCFA, GEIR, GCFE, GREM, GNFA), CREST CRTIR, CISM, or CISSP.
  • Consulting experience across multiple sectors (e.g., government, financial services, healthcare, critical national infrastructure).
  • Knowledge of malware reverse engineering and adversary tradecraft.
  • Experience liaising with regulators, insurers, and legal counsel during incident engagements.
  • Contribution to the wider security community (research, publications, speaking engagements)
  • Familiarity with regulatory and legal considerations relevant to incident response
What will you get from us· Competitive remuneration (plus overtime and on-call allowances)· Research time· Fully funded certifications· The opportunity to lead investigations into some of the most significant cyber incidents globally.· Client variety, work across technologies, sectors and industries, tackling diverse and challenging cases.Work with great peopleKinga BaranProduct Operations Lead"You can develop yourself in many contexts."Joni Vatjus-AnttilaDirector, Customer Success Management"Being able to say that our job is to keep our customers safe is everything to me. It creates a sense of purpose."Łukasz KwiecińskiSenior Manager, R&D"Working here has been a transformative experience - the sophisticated challenges drive rapid growth, while the friendly, supportive team makes even the toughest problems easier to tackle."Great Place to WorkOver 900 amazing colleagues in 18 officesPossibility to protect the worldWork with best of class experts who careRelaxed, open and fun working environment70+ nationalitiesGlobal with the spirit of a small companyAbout the companyPurpose - Why we exist
We are here to build and sustain trust in a digital society
We are here to build and sustain trust in a digital society - trust that is threatened by uncertainty, fear and worry caused by cyber attacks and crime.Vision - Where we are heading
No one should experience a serious loss because of a cyber attack
We envision a future where no one should experience a serious loss or be put out of business because of cyber attack or crime. At least no one who puts their trust in us.Mission - What we do
Accelerate transition to outcome-based security
Our mission is to research, innovate and build technologies, human expertise and delivery-business models that will accelerate our customers' and partners' transition to outcome-based security.Diversity & Inclusion:WithSecure is an equal opportunity employer and believe that employing a diverse workforce is central to our success. We are committed to ensuring all qualified applicants will receive consideration for employment without regard to nationality, colour, race, ethnic or national origin, sex, gender (including gender reassignment), sexual orientation, religion or belief, age, marital status or physical or mental disability.
We will do everything we can to support you during your application. If you need us to make any adjustments to our recruitment process, speak to our recruitment team who will be happy to support you!

F-Secure