Incident Response Lead

If you need support in completing the application or if you require a different format of this document, please get in touch with at with the subject line: “Application Support Request”.

Role: Incident Response Lead

Job Type: Permanent

Location: Dublin (2 days per week in the office and monthly travel to Letterkenny, Donegal)

Careers at TCS: It means more

TCS is a purpose-led transformation company, built on belief. We do not just help businesses to transform through technology. We support them in making a meaningful difference to the people and communities they serve - our clients include some of the biggest brands in the UK and worldwide. For you, it means more to make an impact that matters, through challenging projects which demand ambitious innovation and thought leadership.

• Gain access to endless learning opportunities.
• Fast track your growth with diverse career opportunities internally.
• Grow your career, while being exposed to new technologies.

The Role

The Incident Response (IR) Lead is accountable for establishing, maturing, and governing the organisation’s incident response capability. Acting as a strategic partner to the Security Operations Centre (SOC), the role defines “what good looks like” for incident response, ensures readiness across people, process, and technology, and leads the organisation’s response to major security incidents.

The IR Lead owns incident response maturity and preparedness, ensuring the organisation can effectively detect, respond to, recover from, and learn from cyber incidents. The role leads tabletop exercises and simulations, drives continuous learning, and feeds lessons learned back into security engineering, control improvements, and operational practices to strengthen overall resilience.

Key Responsibilities:

• Act as strategic partner to the SOC, providing incident response leadership, escalation support, and clear ownership across detection, response, and recovery activities.
• Own incident response readiness and maturity, defining the IR operating model, roles, playbooks, and governance required to meet organisational and regulatory expectations.
• Define and drive “what good looks like” for IR capability, establishing standards, metrics, and maturity targets aligned to business risk and threat landscape.
• Lead and coordinate response to major security incidents, ensuring effective decision‑making, communications, containment, and recovery.
• Design and deliver incident response playbooks and runbooks, covering priority threat scenarios, critical systems, and third‑party dependencies.
• Lead regular tabletop exercises and simulations, testing people, processes, and tooling, and validating readiness across technical, operational, and executive stakeholders.
• Drive post‑incident reviews and lessons learned, translating findings into actionable improvements across security engineering, tooling, and controls.
• Oversee incident response reporting and metrics, including executive updates, regulatory reporting inputs, and continuous improvement tracking.
• Coordinate cross‑functional and third‑party engagement, including IT, cloud, identity, legal, communications, and external response partners

Your Profile

Essential skills/knowledge/experience:

• Experience in cybersecurity or security operations, with at least 3+ years in a senior or lead incident response role.
• Proven experience owning and maturing incident response capability, including readiness, playbooks, exercises, and governance in a complex enterprise environment.
• Strong hands‑on understanding of security incidents, including containment, eradication, recovery, and coordination with SOC and engineering teams.
• Demonstrated experience leading tabletop exercises, simulations, and crisis scenarios involving technical, operational, and executive stakeholders.
• Ability to translate incidents into improvement, feeding lessons learned into security design, engineering, and preventative controls.
• Strong leadership and communication skills, able to lead under pressure and communicate clearly with senior leadership and non‑technical stakeholders.
• Operationally focused and outcome‑driven, with a strong bias toward preparedness, clarity of ownership, and resilience.
• Experience working in regulated or safety‑critical environments, with awareness of reporting, audit, and compliance considerations.
• Relevant security or incident response certifications (e.g. CISSP, GCIH, GCED, CSIR, or equivalent).
• Experience working closely with or managing SOC operations, including tiered escalation models and detection-to-response workflows.
• Familiarity with MITRE ATT&CK, threat‑led response modelling, and adversary‑focused exercises.
• Experience with SIEM, SOAR, and investigation tooling, including orchestration and response automation.
• Knowledge of crisis management and executive communications during cyber incidents.
• Experience coordinating third‑party incident response providers and managing shared responsibility during incidents.
• Understanding of regulatory and legal considerations related to security incidents, including data protection and reporting obligations.
• Exposure to cloud, identity, and network‑related incident scenarios in modern enterprise environments.

TCS is consistently voted a Top Employer in the UK and globally. Our competitive salary packages feature pension, health care, life assurance, laptop and access to extensive training resources and discounts within the larger Tata network.

We offer health & wellness initiatives and sports events; we are the proud sponsor of the London Marathon and partner with our local communities in Ireland.

Diversity, Inclusion and Wellbeing

Tata Consultancy Services UK&I is committed to meeting the accessibility needs of all individuals in accordance with the Ireland Employment Equality Acts 1998-2011 (as amended) and the Equal Status Acts 2 as amended).

We welcome and embrace diversity in race, nationality, ethnicity, disability, neurodiversity, gender identity, age, physical ability, gender reassignment, sexual orientation. We are a disability inclusive employer and encourage disabled people to apply for this role.

As a Disability Confident Employer, we offer an interview to applicants with disabilities or long-term conditions who meet the minimum criteria for the role. Please email us at if you would like to opt in.

If you are an applicant who needs any adjustments to the application process or interview, please contact us at with the subject line: “Adjustment Request” or email to request an adjustment. We welcome requests prior to you completing the application and at any stage of the recruitment process.

Beware of Fraudulent offers

This is to notify you that TCS does not ask for any sort of payment or security deposit from candidates at any stage of the recruitment process. The firm never sends out job offers from free internet email services like Gmail, Yahoo Mail, and so on. TCS has not authorised any third-party company to collect money on their behalf. As a vigilant job seeker, beware of fraudulent recruitment activity and protect your interests! You can write to to report any fraudulent activity.

Due to the high volume of applications, we will be unable to contact each applicant individually on the status of their application. If you have not received a direct response within 30 days, then it should be deemed unsuccessful on this occasion. xcfaprz

Join us and do more of what matters. Apply online now.