
S-RM · London
WHO WE ARE S-RM is a global intelligence and cyber security consultancy. Since 2005, we’ve helped some of the most demanding clients in the world solve some ...
S-RM is a global intelligence and cyber security consultancy. Since 2005, we’ve helped some of the most demanding clients in the
world solve some of their toughest information security challenges.
We’ve been able to do this because of our outstanding people. We’re committed to developing sharp, curious, driven individuals
who want to think critically, solve complex problems, and achieve success.
But we also know that work isn’t everything. It’s about the lives and careers it helps us build. We’re immensely proud of
this culture and we invest in our people’s wellbeing, learning, and ideas every day.
We’re excited you’re thinking about joining us.
Our Cyber Security division is the fastest-growing part of S-RM. The cyber sector is always evolving, and our Advisory, Ethical
Hacking, and Incident Response practices are in more demand than ever.
We’re building a team to meet this challenge. We’re quick to respond, innovate, and improve. We don’t get too hung up on
hierarchy or bureaucracy. If your ideas are good enough, we’ll empower you to implement them. If you’re the best person to talk
to a customer, you’ll get that opportunity, regardless of the title in your email signature. And when you need a hand, your team
will always have your back.
We also don’t believe there’s a typical cyber security professional. We’ve built a team of intelligence analysts, technical
specialists, software developers, investigators, risk managers, and more. You’ll always find a range of perspectives
and expertise to help you learn and grow.
If that sounds like your kind of team, we’d like to hear from you.
Our Incident Response Consultants are a critical part of our Cyber Security consulting practice’s success. As a Technical Lead,
you will deploy your incident response expertise in a senior, client‑facing delivery role across our incident response services.
You will work across the full lifecycle of security incidents to help our clients respond and recover, spanning both traditional
incident response scenarios (such as ransomware, business email compromise and intrusion investigations) and modern incidents
affecting cloud platforms, CI/CD pipelines and software delivery environments.
You will be responsible for leading and delivering technical investigations for clients, including:
the project team.
We will support you to deepen your technical knowledge and share it across the wider team through internal initiatives,
training and capability development.
Providing 24×7×365 incident response coverage for our clients.
No two days are the same. You will respond to a diverse range of incidents across public and private sector clients, industries
and technology stacks.
In addition to incident response, you will have opportunities to contribute to related consulting work such as post‑incident
reviews, incident readiness, threat exposure assessments and broader advisory projects.
Incident response can be intense, high‑pressure work. We are mindful of work/life balance and offer flexible working
arrangements to support wellbeing.
Candidates with the following experience and attributes are likely to succeed as Incident Response Consultants at S‑RM.
That said, if you don’t meet every criterion below but are interested in the role, we encourage you to apply. We value individuals
who are particularly strong in certain areas and keen to develop in others.
We nurture a culture of equality, diversity and inclusion and are committed to building a workforce with varied backgrounds,
skills and perspectives.
Experience
Approach
Technical skillset
scenarios.
Threat awareness
traditional enterprise environments and modern cloud‑based systems.
Communication
Qualifications
Relevant certifications are not required, but the following (or similar) are beneficial:
GCFE, GCFA, EnCE, CFSR, CISSP, GREM, CCNA, MCFE, OSCP, Network+, Security+
Cloud and platform‑focused certifications (AWS, Azure, GCP, Kubernetes, Terraform) are also advantageous.
The successful candidate must have permission to work in the UK by the start of their employment.
We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, this
We want to get to know you, and for you to get to know us, to see if we’d be a good fit. We are responsive and respectful of
people’s time throughout our hiring process.
Please apply via: Job Application for Technical Lead, Incident Response at S-RM
WHO WE ARE S-RM is a global intelligence and cyber security consultancy. Since 2005, we’ve helped some of the most demanding clients in the world solve some of their toughest information security challenges. We’ve been able to do this because of our outstanding people. We’re committed to developing sharp, curious, driven individuals who want to think critically, solve complex problems, and achieve success. But we also know that work isn’t everything. It’s about the lives and careers it helps us build. We’re immensely proud of this culture and we invest in our people’s wellbeing, learning, and ideas every day. We’re excited you’re thinking about joining us. WORKING IN CYBER AT S-RM Our Cyber Security division is the fastest-growing part of S-RM. The cyber sector is always evolving, and our Advisory, Ethical Hacking, and Incident Response practices are in more demand than ever. We’re building a team to meet this challenge. We’re quick to respond, innovate, and improve. We don’t get too hung up on hierarchy or bureaucracy. If your ideas are good enough, we’ll empower you to implement them. If you’re the best person to talk to a customer, you’ll get that opportunity, regardless of the title in your email signature. And when you need a hand, your team will always have your back. We also don’t believe there’s a typical cyber security professional. We’ve built a team of intelligence analysts, technical specialists, software developers, investigators, risk managers, and more. You’ll always find a range of perspectives and expertise to help you learn and grow. If that sounds like your kind of team, we’d like to hear from you. THE ROLE Our Incident Response Consultants are a critical part of our Cyber Security consulting practice’s success. As a Technical Lead, you will deploy your incident response expertise in a senior, client‑facing delivery role across our incident response services. You will work across the full lifecycle of security incidents to help our clients respond and recover, spanning both traditional incident response scenarios (such as ransomware, business email compromise and intrusion investigations) and modern incidents affecting cloud platforms, CI/CD pipelines and software delivery environments. WHAT YOU WILL DO You will be responsible for leading and delivering technical investigations for clients, including: * Leading technical incident response engagements from first contact through to closure * Acting as the primary technical resource on response cases, applying your own expertise and providing guidance to colleagues on the project team. * Overseeing host‑, network‑ and cloud‑based investigations, including: * Triage and containment * System recovery and remediation support * Technical evidence collection and forensic analysis * Log, malware and root cause analysis * Investigating a wide range of incident types, including but not limited to: * Ransomware and extortion incidents * Business Email Compromise (BEC) * Unauthorised access and data breaches * Incidents involving cloud environments, CI/CD pipelines, automation and software supply chains * Applying cloud and DevOps‑related expertise where required, for example when incidents involve: * Compromised cloud identities, APIs or control planes * Abuse of CI/CD pipelines, source code repositories or secrets * Infrastructure‑as‑Code and automated deployment workflows * Developing and sharing domain expertise We will support you to deepen your technical knowledge and share it across the wider team through internal initiatives, training and capability development. * Participating in an on‑call rotation Providing 24×7×365 incident response coverage for our clients. OTHER FEATURES OF THE ROLE * Variety of casework No two days are the same. You will respond to a diverse range of incidents across public and private sector clients, industries and technology stacks. * Range of opportunities In addition to incident response, you will have opportunities to contribute to related consulting work such as post‑incident reviews, incident readiness, threat exposure assessments and broader advisory projects. * Flexible working practices Incident response can be intense, high‑pressure work. We are mindful of work/life balance and offer flexible working arrangements to support wellbeing. WHAT WE’RE LOOKING FOR Candidates with the following experience and attributes are likely to succeed as Incident Response Consultants at S‑RM. That said, if you don’t meet every criterion below but are interested in the role, we encourage you to apply. We value individuals who are particularly strong in certain areas and keen to develop in others. We nurture a culture of equality, diversity and inclusion and are committed to building a workforce with varied backgrounds, skills and perspectives. Experience * 5+ years’ experience in a technical cyber security, cloud security, DevSecOps, platform engineering or related role. * Direct experience working in a consulting or in‑house incident response team is beneficial, but not essential. Approach * A strong investigative mindset, with the ability to work through complex problems using limited or incomplete information. * Comfortable operating in high‑pressure, time‑critical client situations. Technical skillset * Strong technical foundations suitable for investigating a range of incident types, including ransomware and intrusion scenarios. * Experience or strong interest in cloud and modern infrastructure, such as: * AWS, Azure or GCP * CI/CD platforms and automation * Identity, logging and audit trails in cloud environments * Comfortable using scripting and automation to support investigations and analysis. Threat awareness * Demonstrable knowledge of cyber threat actors and their tactics, techniques and procedures, including those targeting both traditional enterprise environments and modern cloud‑based systems. Communication * Able to clearly communicate technical findings and risk to non‑technical client audiences in a professional consulting setting. Qualifications Relevant certifications are not required, but the following (or similar) are beneficial: GCFE, GCFA, EnCE, CFSR, CISSP, GREM, CCNA, MCFE, OSCP, Network+, Security+ Cloud and platform‑focused certifications (AWS, Azure, GCP, Kubernetes, Terraform) are also advantageous. OUR BENEFITS We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, including: * Maternity and paternity benefits including: * Maternity leave: 26 weeks full pay followed by 13 weeks half pay * Paternity leave: 6 weeks of full pay * 25 holiday days per year, which increases with service to a maximum of 30 days + public holidays * 7% matching pension contribution * Several options around mobility such as an OV-card or a lease car * 4 x annual salary life insurance * EAP for your mental wellbeing, including counselling sessions available to you and your family * Free access to the world-famous mindfulness app Headspace * Flexible working hours * Extensive training available, including through LinkedIn Learning with access to more than 13,000 different courses The successful candidate must have permission to work in the Netherlands by the start of their employment. THE APPLICATION PROCESS We want to get to know you, and for you to get to know us, to see if we’d be a good fit. We are responsive and respectful of people’s time throughout our hiring process. A typical application process includes: * Initial screening of your application by our recruiting team. * An interview to assess your baseline technical skills. * An interview to discuss your previous experience and broader competencies. * An final interview to determine alignment with the role. Please apply via:Job Application for Technical Lead, Incident Response at S-RM
Our everyday digital experiences are in the midst of a realtime revolution. Whether chatting alongside a livestreaming event, receiving realtime financial information, or working with colleagues in an online collaborative environment - consumers simply expect realtime digital experiences as standard. At Ably we’re not just witnessing this revolution, we’re powering it - at scale. At the heart of our mission lies a commitment to putting developers first. Ably provides a suite of products to build, extend, and deliver powerful digital experiences in realtime, delivering billions of messages for millions of devices every day and supporting organizations like Harness, EA, Panasonic and HubSpot. Working at Ably means helping to build the infrastructure and technology that will power and shape the future of the internet. The opportunity in front of us is immense. And we’d like your help. ABOUT THIS ROLE As the Technical Lead for Developer Experience at Ably you will report directly to our CTO and co-own the DevEx vision and strategy, transforming our dashboard, documentation platform, and control plane into a world-class experience. You are a senior, hands-on engineer who’s passionate about building for developers like yourself; someone who’ll obsess over the developer journey and elevate the user experience of the Ably platform. You’ll blend deep full-stack expertise with a strong product mindset and lead a team of five engineers where the feedback loop is immediate, because you and your team are the target users of the very ecosystem you are building. DAY TO DAY YOU WILL * Obsess over developer experience. You’ll have broad responsibility for elevating how developers interact with Ably’s platform and services, partnering with the DevEx PM as a unified leadership team to deliver a developer experience that becomes a reference point for the industry. * Lead technical execution and vision. You’ll lead a team of five engineers building customer-facing web applications and own the technical architecture and design decisions for our dashboard, docs platform, marketing website, and billing UI. * Drive a product-first engineering culture. You’ll foster an environment where engineers are themselves principal stakeholders of product features, and obsess over customer outcomes. You’ll challenge the "feature factory" mentality and build a team that takes true ownership of the product. * Thrive in a rapid iteration environment. You’ll operate in a high-velocity workspace where PMs, customers, and engineers co-create features. You’ll lead the team in working full-stack to iterate, improve, and ship improvements quickly. * Champion AI-assisted development. You’ll be a catalyst for AI adoption across the team. You’ll leverage LLMs and AI tools to accelerate velocity without compromising on engineering integrity. * Guide engineering outcomes and quality. You’ll set and enforce high standards for code review, testing, and production readiness. You will participate in incident response and coordinate with the Infrastructure team on platform dependencies and deployments. * Mentor and grow the team. You’ll manage performance, career development, and hiring. You will hold the team accountable for delivery commitments while providing the mentorship needed to turn engineers into product-minded leaders. WE'D LOVE TO TALK IF YOU HAVE * A natural empathy for developer customers because you are the target audience. You are genuinely excited about building developer tools and instinctively understand what good looks like. You're fluent in API design, documentation, and the nuances that differentiate a great developer journey. * Extensive experience leading teams at B2B SaaS or API-first companies. You have a track record of building product-minded engineering cultures where teams take initiative and ownership of product outcomes. * A strong software engineering background with expertise in React, TypeScript, and modern JavaScript, alongside backend experience in Ruby on Rails or Node.js. You're comfortable writing code and building prototypes using our APIs, and have built and shipped customer-facing web applications at scale. * An AI-first mindset. You champion the use of LLMs and AI tools as productivity multipliers for the team. You see AI as an enabler for higher velocity and output, not a replacement for engineering judgment. * Experience at a startup or growth-stage company or adaptability to thrive in a fast-paced, agile environment with a focus on rapid iteration. To be effective in this role you’ll need excellent communication and cross-functional collaboration skills. BONUS POINTS IF YOU HAVE * Experience delivering solutions used by software developers (developer tooling or APIs) or similar technical personas. * An understanding of pub/sub and familiarity with distributed systems and event based architectures. WHAT’S IT LIKE TO WORK AT ABLY? We’re tackling planet-scale problems and our ambitions are a testament to that. You’ll join a successful, deeply motivated and collaborative team that thrives on innovation, experimentation and autonomy. To get a sense of life at Ably, visit our careers page. You can also read about the origins of Ably's core values on our blog. We believe in fostering a culture that's built on inclusivity and mutual respect among all team members, and we recognise that each individual is different and will want to be supported in their role in different ways. We provide a range of perks and benefits to aid folks' development and wellbeing, allowing them to be their best selves and do great work. * A remote-first and flexible work environment. UK-based teams come together in person once per month in our London hub (next to Old Street) and we get together as a company twice per year. Aside from that, you’re welcome to work wherever suits best for you. * Equity. We’re a growing start-up and we want all team to members to share in the success of the company through our EMI share options programme. * Enhanced holiday allowance. Our policy provides Ablyans with 28 days of paid annual leave (27 regular days, plus a day off to enjoy your birthday). * Enhanced parental leave package, so that you can take the time you need to get to know your new family member, rest and recover. * Home workstation budget of £500 on joining (and £150 p/a thereafter), so that your home office is set up to serve you well and that you have everything you need to work comfortably. * Personal learning and development budget of £1000 annually, and 5% L&D time during working hours to focus on improving your skillset. * Private healthcare with BUPA. * Medical cash plan to cover a range medical and dental costs. * Mental wellbeing coaching and counselling from Self Space. * Monthly wellbeing budget via Juno. * Life assurance and income protection. * Access to Tech & Cycle to Work schemes. * Weekly snack allowance for our end-of-week “Need To Know” meeting. * A fully-paid one-month sabbatical after five years with Ably. DIVERSITY, INCLUSION & BELONGING AT ABLY We believe our differences as individuals is what makes us great. Our people are at the heart of what we do, and we encourage everyone to be their most authentic self at Ably: we see inclusivity and openness as fundamental to creating long-term success as an organization. We encourage applications from all backgrounds regardless of age, disability, gender, sexual orientation, parental status, race, religion, educational background or neurodiversity. Ably has an amazing opportunity ahead of us, and we want anyone to be able to contribute to that opportunity. If you enjoy working as part of a technology company, value open source, and love solving hard problems - then we’d love to hear from you, regardless of whether you fit the job description exactly or not. If in doubt, drop us an email; we’d be more than happy to give you some advice on your application.
ABOUT EYE SECURITY Eye Security is providing cybersecurity with embedded cyber insurance solutions for organizations in Europe. Headquartered in the Netherlands, we are already over 170 FTEs and continue to grow internationally. We combine cutting-edge technology with hands-on expertise to detect, respond to, and recover from cyber threats in real time. Our team brings together talent from intelligence, military, tech, and consulting backgrounds — all united by a shared mission: to make enterprise-grade cybersecurity accessible to every business, not just the big players. At Eye, you’ll work on projects with an international footprint, solving real-world challenges and helping to build a safer digital future for our clients. ABOUT THIS ROLE We are looking for a Staff Cyber Security Specialist (f/m/x) to strengthen our Incident Response and Security Operations capabilities. This is a senior individual contributor role for an experienced incident responder who enjoys solving complex security challenges and helping organizations navigate critical cyber incidents. In this role, you will lead incident response engagements from investigation through recovery, working directly with customers during some of their most challenging moments. You will act as a trusted technical authority within the team, mentor less experienced responders, and help drive improvements across our security operations. Unlike traditional consultancy environments, you will operate within a product-driven MDR organization serving more than 1,000 customers across Europe. This gives you the opportunity to work at scale, leverage large security datasets, and contribute improvements that strengthen protections across our entire customer base. You will work with state-of-the-art security tooling while collaborating with security professionals from intelligence, military, consulting, national CERT, and technology backgrounds. Alongside operational response work, you'll have opportunities to contribute to internal research initiatives, Bug Bounty Fridays, Capture The Flag events, and other technical projects that help push our capabilities forward. This position is based in the Netherlands and reports directly to the Director of Security Operations. WHAT YOU WILL DO * Act as a leading technical authority within Security Operations, taking ownership of strategic improvement initiatives and helping shape the future direction of our incident response and security operations capabilities. * Lead cyber incident response engagements from intake through recovery. * Act as the technical lead during investigations, coordinating response activities and driving outcomes. * Conduct forensic investigations to determine attack scope, root cause, and impact. * Support customers during active cybersecurity incidents and provide clear technical guidance. * Support MDR and Security Operations activities when not engaged in active incident response cases. * Work with internal and external stakeholders, including management, legal counsel, law enforcement, and regulators when required. * Mentor junior and medior responders and help raise the technical maturity of the team. * Contribute to the continuous improvement of incident response methodologies, playbooks, and operational processes. WHAT YOU WILL NEED * 6+ years of experience in cybersecurity with significant hands-on experience in Incident Response, Digital Forensics, Security Operations, or related disciplines. * Proven ability to independently lead and manage cybersecurity incidents end-to-end. * In-depth knowledge of Windows, Linux, and macOS operating systems, file systems, security architecture, and attack surfaces. * Strong knowledge of enterprise infrastructure, networking, and network security principles. * Experience with EDR platforms such as CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne, or similar technologies. * Knowledge of cloud environments and cloud security concepts across Microsoft 365, Azure, AWS, or Google Cloud. * Strong investigative and analytical skills with experience collecting and analysing evidence during security incidents. * Ability to communicate technical findings clearly to both technical and non-technical stakeholders. * Experience mentoring or coaching other security professionals. * Strong ownership, collaboration, and communication skills. * Fluency in English (internal working language) * Fluency in Dutch (required for client communication) Nice-to-have * Experience developing scripts, tools, or automations to support investigations and response activities. * Experience conducting technical security research. * Knowledge of threat actors and attacker tactics, techniques, and procedures (TTPs). * Experience working in a CERT, CSIRT, MDR, or DFIR environment. WHAT WE OFFER * A meaningful mission: protect organizations across Europe from real-world cyber threats * Work with top-tier professionals from national CERTs, intelligence agencies, and leading tech backgrounds * A remote-friendly culture with quarterly meetups and annual company retreats (in Spain, Portugal, Italy…) * Thursday socials to stay connected * A generous time-off policy, including wellbeing and volunteering days