Cyber Digital Forensics & Incident Response Manager

Company: Capgemini
Apply for the Cyber Digital Forensics & Incident Response Manager
Location: Inverness
Job Description:

About the job you’re considering

This is a Hybrid Role Onsite 2-3 Days Per Week

Work Location either Manchester or Inverness

An excellent opportunity has arisen within our Team for a Digital Forensics & Incident Response (DFIR) Manager. DFIR (Digital Forensics and Incident Response) is a specialist cyber security capability which is responsible for delivering rapid, high‑impact incident response and investigation during significant cyber events, such as Malware or Ransomware attacks or Cyber security breaches.

The Digital Forensics and Incident Response Manager is a leadership position within Capgemini’s Cyber Defence Centre’s (CDC’s) team, this role will oversee the DFIR Service, taking responsibility for all aspects of service delivery, and the successful candidate will be one of the foremost technical experts for all aspects of cyber incident response, ensuring that the team are all suitably trained and that cyber incidents are handled in accordance with the requirements of our clients. You will manage a team of DFIR analysts and be responsible for the management of the services provided to our clients, ensuring they cover the key contractual deliverables/requirements and that clients are satisfied with the quality and performance of the services.

You will need to demonstrate experience of developing, managing and mentoring a Team and ensuring that appropriate resources are in place to deliver a first‑class service, delivering against SLAs and KPIs.

You will also need excellent Stakeholder management skills including the ability to translate complex technical threats and vulnerabilities into executive-friendly insights that articulate potential business risks and recommended actions.

Who You’ll Work With

You’ll led a close-knit team of DFIR analysts within a 24×7 on‑call model, Cyber Threat Intelligence (CTI) analysts and collaborating with DFIR, CDC, and client teams. You’ll be surrounded by professionals who are passionate about cybersecurity and committed.

Hybrid working

The places that you work from day to day will vary according to your role, your needs, and those of the business; it will be a blend of Company offices, client sites, and your home; noting that you will be unable to work at home 100% of the time.

Your role

  • Lead and coordinate end-to-end cyber incident response activities, ensuring effective containment, eradication, and recovery during high‑severity incidents
  • Oversee and perform digital forensic investigations, including evidence collection, preservation, and analysis across endpoint and cloud‑based environments
  • Own the delivery of incident reporting and executive briefings, translating technical findings into business risk and actionable recommendations
  • Establish and maintain DFIR processes, playbooks, and runbooks, ensuring alignment with recognised standards such as NCSC CIR
  • Lead, mentor, and manage a team of DFIR analysts, ensuring operational readiness, on‑call coverage, and delivery against SLAs and KPIs

Your skills and experience

  • Experienced in managing a distributed team of DFIR specialists and related technical teams.
  • Strong experience leading cyber incident response, managing high‑severity incidents and coordinating technical and stakeholder response
  • Hands‑on expertise in digital forensics, including evidence collection and analysis across endpoint and cloud environments (e.g. AWS, Azure)
  • Ability to deliver clear incident reports and executive briefings, translating technical findings into business impact and actions
  • Experience developing and improving DFIR processes and playbooks, aligned to recognised frameworks such as NCSC CIR
  • Relevant industry certifications such as CREST (CPIA/CRIA) or SANS (GCIA, GCIH, GCFA).

We are a Disability Confident Employer

Capgemini is proud to be a Disability Confident Employer (Level 2) under the UK Government’s Disability Confident scheme. As part of our commitment to inclusive recruitment, we will offer an interview to all candidates who:

  • Declare they have a disability, and
  • Meet the minimum essential criteria for the role.

Please opt in during the application process.

Your security clearance and pre‑employment checks

If you are successfully offered this position, you will go through a series of pre‑employment checks, including: identity, nationality (single or dual) or immigration status, employment history going back 3 continuous years, and unspent criminal record check (known as Disclosure and Barring Service)

Some roles will also require an additional level of security clearance:

Security Check (SC) Clearance

To be successfully appointed to this role, it is a requirement to obtain Security Check (SC) clearance.

To obtain SC clearance, the successful applicant must have resided continuously within the United Kingdom for the last 5 years, along with other criteria and requirements.

Throughout the recruitment process, you will be asked questions about your security clearance eligibility such as, but not limited to, country of residence and nationality.

Some posts are restricted to sole UK Nationals for security reasons; therefore, you may be asked about your citizenship in the application process.

#J-18808-Ljbffr…

Posted: June 28th, 2026