Cyber Security Lead - Incident Response

Job Type IT
Location Bracknell Campus
Partnership Level 6
Closing Date 09/10/2022
Vacancy Type Permanent
Salary £56,700.00 - £83,600.00
Salary Frequency Annual
Hours of Work 35


We want all of our Partners to have a good work-life balance and we support flexible working. This might mean flexible or compressed hours, job sharing or shorter hour contracts, where it is possible to do so. Please discuss this further with the hiring manager during your interview.


Working in Partnership for a happier world – our shared Purpose that guides us in everything we do and inspires 3 important principles; happier people, happier business, happier world. The John Lewis Partnership is a truly unique business, one that seeks to make a positive difference to the lives of everyone.

What’s the role about?

The John Lewis Partnership’s Cyber Security strategy is bold and ambitious. We provide a collection of security services, delivered through people, processes and technology. Working collaboratively, these services ensure that customers can shop with us efficiently, safely and securely, every single day.

As one of our Cyber Security Leads, you will be responsible for the day-to-day operation of our Incident Response service which provides our front line of cyber defence - mitigating and defending against malicious cyber activity and adapting to an ever-changing threat landscape. It’s a fantastic opportunity to get hands-on with market leading next-generation cyber security tools, where you’ll be empowered to innovate within a supportive, collaborative and social team environment and agile culture.

If you are passionate about cyber security, if you thrive and perform in fast-paced, high-demand scenarios, and if you want to make a real difference at the UK’s largest co-owned retailer, currently executing an exciting business plan investing in digital retail, modernisation of physical retail, financial services and build to rent, then this role is for you.

Please note, internally this role is known as 'Information Security Lead'.

For more information about our Partnership Information Security team, please watch this short video here.

To view the job outline:


External candidates - view via the attachment

Internal candidates - view the job description here using your internal email address only

What will you be doing?

As one of our Cyber Security Leads for our Incident Response Service you will be highly technical, experienced and a subject matter expert for your service, leading investigations and providing technical expertise for all types of cyber security incident. You will be coordinating resolution activities across a wide range of stakeholders, providing an escalation path when required and will be supporting the development of the Incident Response analysts through coaching and training.

You will assist with the development of use cases, playbooks, policies and custom tooling to improve our security maturity, recommend improvements or new features where the service is deemed to be lacking and define ways of working or process amendments that allow the team to meet the objectives of security, reliability and availability.

You will also inform and influence task management for all team members of the service and for reporting key performance metrics to the service owner. The Cyber Security Lead will additionally act as deputy for the Cyber Security Manager when required.

Please note that as part of this role there will be a requirement to join an on call rota, supporting the business as and when needed outside of normal business hours.

What you'll have:

  • Demonstrable experience performing a lead technical analyst role in a SOC environment or similar, with a focus on cyber security incident detection, response and resolution to excellent best practise standards.

  • Hands-on technical control experience directly relevant to Information Security Incident Response, e.g. SIEM. 

  • Experience in working with internal stakeholders and third parties such as the NCSC and managed service providers.

  • Proven ability to work under pressure in a fast-paced environment and succeeding in ambiguity, including experience of major cyber security incidents. 

  • Strong attention to detail with an analytical mind and problem-solving skills, especially in performing tasks such as log analysis.

  • Great awareness of cybersecurity trends and hacking techniques both internal and external to the Partnership, and a familiarity with tools like Kali Linux, Burp Suite, Nmap or similar.

  • Coaching other members of the team in a highly collaborative environment.

What else could you bring?

  • Expertise across a number of the following areas: Google scripting, ServiceNow, JIRA, Splunk, Reverse engineering, Digital Forensics

  • Experience in creating and maintaining BAU runbooks, use-case definitions and operating procedures.

  • Experience and expertise in the use of security frameworks such as Mitre ATT&CK, NIST or the ISF’s Standard of good practice.

  • Some exposure to Threat intelligence and Threat hunting within an enterprise organisation

  • An accreditation such as ISC2 CISSP or Certified Ethical Hacker (C|EH).

Please note:

  • We occasionally close vacancies early in the event that we receive a high volume of applications. Therefore, we recommend that you apply early.

  • The application form consists of a CV upload followed by application questions. Please ensure you refresh the page each time you complete a task to ensure you complete everything that you need to in time. (If internal, please check your Workday notifications).

  • This role is based at our Bracknell Head Office. It will require working in the office and times when you will work from home. If you are offered the role you can discuss with your People Manager when you will be needed to work in the office.

We positively celebrate Diversity & Inclusion in the John Lewis Partnership. Our aim is to become the UK’s most inclusive business - for our Partners and for our customers, reflecting and connecting with the diverse communities that we serve. We want people from all walks of life to feel valued for their individuality, thrive in our business and share a sense of belonging. To find out more about D&I in the John Lewis Partnership visit this site -

Attachment: Job Outline - INFORMATION SECURITY LEAD (Google Site) (2) (1).pdf 


Latest IT opportunities

Cyber Security Lead - Incident Response
  • Bracknell Campus,
  • £56700 - £83600
  • Closing Date: 09/10/2022
Front-end Software Engineer
  • London - Victoria,
  • £47100 - £69500
  • Closing Date: 27/11/2022
Back-end Software Engineer
  • London - Victoria,
  • £47100 - £69500
  • Closing Date: 27/11/2022