VP – Digital Forensics & Incident Response (DFIR) Manager

Nicoll Curtin

  • United Kingdom
  • £90,000 per year
  • Permanent
  • Full-time
  • 1 month ago
VP - Digital Forensics & Incident Response (DFIR) Manager
Job DescriptionRole: VP - Digital Forensics & Incident Response (DFIR) ManagerLocation: London (Hybrid working available)Salary: Up to £90,000 + benefitsSector: Cyber Security / Financial ServicesOverviewA leading financial services organisation is seeking a VP-level DFIR Manager to lead its Digital Forensics and Incident Response (DFIR) team. This is a hands-on leadership role focused on incident response, threat detection, and forensics within a complex, regulated environment.You'll be responsible for advancing the organisation's incident response capabilities, leading investigations, and driving threat detection maturity through development of use cases, threat intelligence, and vulnerability management.Key Responsibilities
  • Lead the DFIR function, overseeing incident detection, investigation, and response activities.
  • Develop and implement IR methodologies (MITRE ATT&CK, Kill Chain, Threat Modelling, Diamond Model).
  • Conduct forensic investigations on systems, networks, and endpoints.
  • Refine threat hunting and threat intelligence capabilities.
  • Support and mature security monitoring use cases (SIEM, packet inspection, IOCs).
  • Coordinate cross-functional security incident response with SOC, Threat Intelligence, and Red/Blue teams.
  • Engage with technical and business teams on cyber risk reduction strategies.
  • Contribute to vulnerability management and remediation plans.
Required Skills & Experience
  • Proven experience managing DFIR or cyber incident response teams.
  • Deep technical knowledge of IR and forensic analysis (e.g. Wireshark, packet capture, host-based artifacts).
  • Strong understanding of security monitoring frameworks (MITRE ATT&CK, NIST, etc.).
  • Experience working in financial services or a regulated environment preferred.
  • Hands-on experience with SIEM tools, network forensics, and endpoint detection.
  • Knowledge of CIS benchmarks, cloud security, IAM, DLP, and vulnerability management.
  • Familiarity with Windows, Linux/Unix, networking, and virtualisation (VMware).
Certifications (preferred):GCIA, GCIH, GCFA or equivalent.What's on Offer
  • Up to £90,000 base salary
  • Hybrid/flexible working arrangements
  • Opportunity to build and lead a growing DFIR capability in a major enterprise setting
  • Supportive, inclusive culture with emphasis on work-life balance

Nicoll Curtin