We’re looking for a seasoned Incident Response Lead to step in and support a busy cyber team that’s currently managing multiple live incidents. This role will take command of incident response efforts, reduce backlog, and help stabilise operations.

What you’ll do

• Lead live security incidents end-to-end (assess, contain, eradicate, recover).
• Coordinate war-rooms and manage communications with stakeholders.
• Conduct investigations across endpoints, cloud, and identity platforms (M365/Azure).
• Work with the SOC to improve detections and playbooks.
• Deliver timelines, after-action reviews, and recommendations to harden defences.

What we’re looking for

• Proven experience as an Incident Response lead/commander managing concurrent incidents.
• Strong background with EDR and SIEM tools (Microsoft Defender, Sentinel, Splunk, CrowdStrike etc.).
• Ability to switch between hands-on log hunting/triage and stakeholder coordination.
• Excellent communication skills across technical and executive audiences.

Bonus skills (nice to have)

• Exposure to forensics (disk, memory, network).
• Certifications such as GCIH, GCFA, GREM or equivalent.
• Experience working in regulated sectors.

What’s on offer

• 6-month initial contract with flexibility to extend.
• Hybrid working model (NZ business hours, on-call during peaks).
• Opportunity to make a tangible impact in the first 4–6 weeks by reducing MTTR, triaging backlog, and embedding stronger response processes.

Apply now if you’re ready to step into a leadership role, bring stability, and drive best-practice incident response.