The Incident Response Team Leader is responsible for leading cybersecurity incident response activities, managing complex investigations, and overseeing the delivery of incident response services across customer and enterprise environments. The role provides technical leadership, operational oversight, and strategic direction for incident response engagements while ensuring effective coordination of resources during security incidents.
This role serves as the primary escalation point for major cybersecurity incidents and plays a key role in strengthening incident response readiness, improving operational maturity, and ensuring compliance with NCSC licensing requirements.
Responsibilities:
Incident Response Leadership
- Lead cybersecurity incident response engagements from identification through recovery.
- Direct technical response teams during Major security incidents, Ransomware attacks and Data breaches
- Coordinate containment, eradication, recovery, and remediation activities.
- Act as the primary incident commander during major incidents.
Advanced Incident Investigation
- Oversee complex investigations involving Malware outbreaks, Insider threats, Targeted attacks and Data exfiltration incidents
- Validate investigation findings and response recommendations.
- Provide technical leadership during high-severity incidents.
- Support digital forensics activities where required.
Team Management & Development
- Lead, mentor, and develop Incident Response Analysts.
- Conduct Technical coaching, Performance management, Skills development initiatives and Incident response readiness activities
- Support recruitment and onboarding of new team members.
- Drive continuous capability development across the incident response function.
Governance & Stakeholder Management
- Serve as the primary customer-facing lead during major incidents.
- Provide executive briefings and incident status updates.
- Support regulatory, compliance, and reporting obligations.
- Ensure adherence to Incident response policies, Service level agreements and NCSC operational requirements
Program Development & Continuous Improvement
- Develop and maintain Incident response frameworks, Playbooks, Runbooks and Response procedures
- Lead tabletop exercises and simulation activities.
- Conduct post-incident reviews and lessons learned sessions.
- Drive improvements to organizational cyber resilience and response capabilities.
Our Culture & Code of Conduct:
At ZainTECH, we take pride in a culture built on collaboration, innovation, and uncompromising integrity. We are looking for individuals who share these values and are committed to customer-centricity and ethical excellence. All employees are expected to uphold our Code of Conduct, which serves as a guiding framework for responsible behavior across everything we do — from how we work with each other to how we engage with clients and partners globally.
Requirements
- Bachelor's degree (minimum) in information technology or a related field.
- Minimum 5 years in cybersecurity / information security, including 3 or more years specifically in incident response.
- At least one valid NCSC-approved IR certification like (ECIH , CCIM, or Blue Team Level 2, or another equivalent certification in the same field that is approved by the NCSC
- Technical command. Hands-on expertise in incident triage, forensics-aware investigation, containment, and recovery across endpoint, network, and cloud.
- Leadership. Proven ability to lead an analyst team under pressure and communicate clearly with clients and the NCSC.
- Advanced degree in cybersecurity or a related discipline is preferable.
- Additional credentials such as GCIH, GCFA, or vendor EDR/SOAR is preferable.
- Experience in an MSSP, telco-affiliated SOC, or national CERT/CSIRT environment is preferable.
