Security Incident Response Engineer
Posted on Jul 3, 2026 by CV-Library
Warrington, Cheshire, United Kingdom
Public Sector
Immediate Start
£100 - £100 Hourly
Contract/Project
Key Details at a Glance
Role: Security Incident Response Engineer
Location: Warrington - hybrid, typically 2 days per week on site
Contract length: 6 months (with strong potential for extension based on performance and project needs)
IR35 status: Out of Scope
Rate: 100/hour
Clearance: Existing SC preferred or strong eligible candidates
Day-to-day environment: Digital / Cyber, working closely with Cyber Operations / CSOC
What You Would Be Doing
This role sits at the intersection of cyber operations and ServiceNow engineering. You would be responsible for designing and embedding robust incident response capabilities in the ServiceNow Security Incident Response (SIR) module, closely aligned to NCSC and best-practice frameworks.
ServiceNow SIR workflow design & development
Review existing incident processes and translate them into effective ServiceNow SIR workflows, covering triage, escalation paths, case lifecycle, evidence management, and integration with CSOC tooling.
Platform configuration & enhancement
Configure and customise SIR forms, fields, templates, routing rules, severity models, and guided response actions. You will also identify gaps in capability and define enhancements in line with platform governance and architecture standards.
Systems integration & automation
Support integration of SIR with SIEM/SOC tools, threat intelligence feeds, SOAR modules, email ingestion, and ITSM processes (Change, Problem, Incident). A key focus is on building automations that reduce manual effort and improve response times.
Data, reporting & dashboards
Define and implement operational dashboards for CSOC analysts, KPIs for senior management, and compliance/audit-ready reporting. You will help ensure clear visibility of incident trends, response performance, and workflow bottlenecks.
Documentation & playbooks
Translate existing cyber response processes into guided SIR workflows and create user guides, SOPs, technical configuration documentation, data flow diagrams, and integration maps to support long-term maintainability.
Training & BAU handover
Deliver hands-on training for Cyber Operations and process owners, and provide detailed handover materials to embed SIR into BAU operations.
What Our Client Is Looking For
Proven ServiceNow experience, ideally with a strong focus on SecOps / SIR.
Solid background in cyber security and incident response, ideally within SOC/CSOC or similar environments.
Comfortable engaging with stakeholders across Cyber Operations, IT, and senior management, with the ability to explain both technical detail and business impact.
Experience working in or with public sector / regulated environments is beneficial but not essential if you bring strong SIR and IR credentials.
Why This Contract Might Appeal to You
Opportunity to shape and build a critical incident response capability on ServiceNow rather than simply maintaining an existing setup.
Direct impact on how a major organisation responds to cyber incidents, with visibility to senior stakeholders.
Hybrid working model, combining meaningful on-site collaboration with flexibility.
Work within the Cyber / Public Sector space, contributing to the protection of nationally important services
Role: Security Incident Response Engineer
Location: Warrington - hybrid, typically 2 days per week on site
Contract length: 6 months (with strong potential for extension based on performance and project needs)
IR35 status: Out of Scope
Rate: 100/hour
Clearance: Existing SC preferred or strong eligible candidates
Day-to-day environment: Digital / Cyber, working closely with Cyber Operations / CSOC
What You Would Be Doing
This role sits at the intersection of cyber operations and ServiceNow engineering. You would be responsible for designing and embedding robust incident response capabilities in the ServiceNow Security Incident Response (SIR) module, closely aligned to NCSC and best-practice frameworks.
ServiceNow SIR workflow design & development
Review existing incident processes and translate them into effective ServiceNow SIR workflows, covering triage, escalation paths, case lifecycle, evidence management, and integration with CSOC tooling.
Platform configuration & enhancement
Configure and customise SIR forms, fields, templates, routing rules, severity models, and guided response actions. You will also identify gaps in capability and define enhancements in line with platform governance and architecture standards.
Systems integration & automation
Support integration of SIR with SIEM/SOC tools, threat intelligence feeds, SOAR modules, email ingestion, and ITSM processes (Change, Problem, Incident). A key focus is on building automations that reduce manual effort and improve response times.
Data, reporting & dashboards
Define and implement operational dashboards for CSOC analysts, KPIs for senior management, and compliance/audit-ready reporting. You will help ensure clear visibility of incident trends, response performance, and workflow bottlenecks.
Documentation & playbooks
Translate existing cyber response processes into guided SIR workflows and create user guides, SOPs, technical configuration documentation, data flow diagrams, and integration maps to support long-term maintainability.
Training & BAU handover
Deliver hands-on training for Cyber Operations and process owners, and provide detailed handover materials to embed SIR into BAU operations.
What Our Client Is Looking For
Proven ServiceNow experience, ideally with a strong focus on SecOps / SIR.
Solid background in cyber security and incident response, ideally within SOC/CSOC or similar environments.
Comfortable engaging with stakeholders across Cyber Operations, IT, and senior management, with the ability to explain both technical detail and business impact.
Experience working in or with public sector / regulated environments is beneficial but not essential if you bring strong SIR and IR credentials.
Why This Contract Might Appeal to You
Opportunity to shape and build a critical incident response capability on ServiceNow rather than simply maintaining an existing setup.
Direct impact on how a major organisation responds to cyber incidents, with visibility to senior stakeholders.
Hybrid working model, combining meaningful on-site collaboration with flexibility.
Work within the Cyber / Public Sector space, contributing to the protection of nationally important services
Reference: 225329455
https://jobs.careeraddict.com/post/113509648
Security Incident Response Engineer
Posted on Jul 3, 2026 by CV-Library
Warrington, Cheshire, United Kingdom
Public Sector
Immediate Start
£100 - £100 Hourly
Contract/Project
Key Details at a Glance
Role: Security Incident Response Engineer
Location: Warrington - hybrid, typically 2 days per week on site
Contract length: 6 months (with strong potential for extension based on performance and project needs)
IR35 status: Out of Scope
Rate: 100/hour
Clearance: Existing SC preferred or strong eligible candidates
Day-to-day environment: Digital / Cyber, working closely with Cyber Operations / CSOC
What You Would Be Doing
This role sits at the intersection of cyber operations and ServiceNow engineering. You would be responsible for designing and embedding robust incident response capabilities in the ServiceNow Security Incident Response (SIR) module, closely aligned to NCSC and best-practice frameworks.
ServiceNow SIR workflow design & development
Review existing incident processes and translate them into effective ServiceNow SIR workflows, covering triage, escalation paths, case lifecycle, evidence management, and integration with CSOC tooling.
Platform configuration & enhancement
Configure and customise SIR forms, fields, templates, routing rules, severity models, and guided response actions. You will also identify gaps in capability and define enhancements in line with platform governance and architecture standards.
Systems integration & automation
Support integration of SIR with SIEM/SOC tools, threat intelligence feeds, SOAR modules, email ingestion, and ITSM processes (Change, Problem, Incident). A key focus is on building automations that reduce manual effort and improve response times.
Data, reporting & dashboards
Define and implement operational dashboards for CSOC analysts, KPIs for senior management, and compliance/audit-ready reporting. You will help ensure clear visibility of incident trends, response performance, and workflow bottlenecks.
Documentation & playbooks
Translate existing cyber response processes into guided SIR workflows and create user guides, SOPs, technical configuration documentation, data flow diagrams, and integration maps to support long-term maintainability.
Training & BAU handover
Deliver hands-on training for Cyber Operations and process owners, and provide detailed handover materials to embed SIR into BAU operations.
What Our Client Is Looking For
Proven ServiceNow experience, ideally with a strong focus on SecOps / SIR.
Solid background in cyber security and incident response, ideally within SOC/CSOC or similar environments.
Comfortable engaging with stakeholders across Cyber Operations, IT, and senior management, with the ability to explain both technical detail and business impact.
Experience working in or with public sector / regulated environments is beneficial but not essential if you bring strong SIR and IR credentials.
Why This Contract Might Appeal to You
Opportunity to shape and build a critical incident response capability on ServiceNow rather than simply maintaining an existing setup.
Direct impact on how a major organisation responds to cyber incidents, with visibility to senior stakeholders.
Hybrid working model, combining meaningful on-site collaboration with flexibility.
Work within the Cyber / Public Sector space, contributing to the protection of nationally important services
Role: Security Incident Response Engineer
Location: Warrington - hybrid, typically 2 days per week on site
Contract length: 6 months (with strong potential for extension based on performance and project needs)
IR35 status: Out of Scope
Rate: 100/hour
Clearance: Existing SC preferred or strong eligible candidates
Day-to-day environment: Digital / Cyber, working closely with Cyber Operations / CSOC
What You Would Be Doing
This role sits at the intersection of cyber operations and ServiceNow engineering. You would be responsible for designing and embedding robust incident response capabilities in the ServiceNow Security Incident Response (SIR) module, closely aligned to NCSC and best-practice frameworks.
ServiceNow SIR workflow design & development
Review existing incident processes and translate them into effective ServiceNow SIR workflows, covering triage, escalation paths, case lifecycle, evidence management, and integration with CSOC tooling.
Platform configuration & enhancement
Configure and customise SIR forms, fields, templates, routing rules, severity models, and guided response actions. You will also identify gaps in capability and define enhancements in line with platform governance and architecture standards.
Systems integration & automation
Support integration of SIR with SIEM/SOC tools, threat intelligence feeds, SOAR modules, email ingestion, and ITSM processes (Change, Problem, Incident). A key focus is on building automations that reduce manual effort and improve response times.
Data, reporting & dashboards
Define and implement operational dashboards for CSOC analysts, KPIs for senior management, and compliance/audit-ready reporting. You will help ensure clear visibility of incident trends, response performance, and workflow bottlenecks.
Documentation & playbooks
Translate existing cyber response processes into guided SIR workflows and create user guides, SOPs, technical configuration documentation, data flow diagrams, and integration maps to support long-term maintainability.
Training & BAU handover
Deliver hands-on training for Cyber Operations and process owners, and provide detailed handover materials to embed SIR into BAU operations.
What Our Client Is Looking For
Proven ServiceNow experience, ideally with a strong focus on SecOps / SIR.
Solid background in cyber security and incident response, ideally within SOC/CSOC or similar environments.
Comfortable engaging with stakeholders across Cyber Operations, IT, and senior management, with the ability to explain both technical detail and business impact.
Experience working in or with public sector / regulated environments is beneficial but not essential if you bring strong SIR and IR credentials.
Why This Contract Might Appeal to You
Opportunity to shape and build a critical incident response capability on ServiceNow rather than simply maintaining an existing setup.
Direct impact on how a major organisation responds to cyber incidents, with visibility to senior stakeholders.
Hybrid working model, combining meaningful on-site collaboration with flexibility.
Work within the Cyber / Public Sector space, contributing to the protection of nationally important services
Reference: 225329455
Share this job:
Alert me to jobs like this:
Amplify your job search:
Expert career advice
Increase interview chances with our downloads and specialist services.
Visit Blog