Senior Manager, Cyber Incident Response

* Sony Pictures - GBR - London

Sony Pictures Entertainment

View company page

Senior Manager, Cyber Incident Response


Please note that this role is based in the United Kingdom. In order to enable us to meet statutory and regulatory obligations of the United Kingdom immigration system you must have the appropriate immigration permission needed to work and reside in the United Kingdom.

The Incident Response Sr Manager reports to the Incident Response Director in delivering incident response duties and initiatives.

This role performs sophisticated computer and network forensic investigations that pertain to different types of cyber threats, including malware, data theft, denial of service, and data breaches. They collaborate with the SOC to quickly evaluate, resolve, or escalate incidents for appropriate action. Additionally, the incumbent works with IT and other teams to pinpoint the underlying issues and create effective corrective and preventive measures. To enhance the organization's security posture and incident response capabilities, the employee collaborates with peers in threat assessment and provides recommendations to the Incident Response Exec Director.


  • Develop and implement comprehensive incident response plans, policies, and procedures to effectively address cybersecurity incidents.
  • Oversee the monitoring and analysis of security alerts and events from various sources, including security tools, logs, and threat intelligence feeds.
  • Conduct thorough investigations of security incidents to determine the breaches' scope, impact, and root cause.
  • Collaborate with other teams, such as IT, network security, and legal, to gather relevant information during incident investigations.
  • Coordinate the response efforts during cybersecurity incidents, ensuring timely and effective actions to contain and mitigate threats.
  • Work closely with technical teams to implement security measures and configurations to prevent similar incidents from recurring.
  • Assist in recovering and restoring affected systems and data following incident resolution.
  • Prepare and present incident reports to executive leadership and relevant stakeholders, including recommendations for improvement and lessons learned.
  • Act as a point of contact for communication with internal teams, external partners, law enforcement, and regulatory authorities during incidents.
  • Stay up to date with the latest cybersecurity threats, attack techniques, and industry best practices.
  • Use threat intelligence to enhance the organization's defence mechanisms and incident response capabilities.
  • Collaborate with the vulnerability management team to proactively identify and address potential security weaknesses.

Some travel may be required.

What you'll do:

The job’s most important functions and responsibilities and percentage of time.

30% Lead and coordinate the organization's incident response efforts. Oversee the detection, analysis, containment, eradication, and recovery of cybersecurity incidents. Ensure timely and effective incident handling to minimize damage and reduce downtime.

20% Analyse hacker techniques, tools, and motivations to identify potential threats and vulnerabilities. Develop and implement strategies to mitigate and prevent future security incidents. Stay updated on emerging cyber threats and adapt incident response strategies accordingly.

25% Work with technical teams to address security weaknesses and improve overall security posture during incident investigations. Collaborate with the IT and security teams to implement security measures effectively.

10% Conduct in-depth investigations of cybersecurity incidents. Analyse file system images, memory images, and network packet captures to understand incident scope. Extract and analyse relevant indicators to identify potential threats and patterns.

10% Coordinate with the corporate VM team to help prioritize the remediation of vulnerabilities and assess if policy exceptions should be implemented. Provide guidance on any PER from a technical standpoint.

5% Communicate incident details, response plans, and progress to internal and external stakeholders. Collaborate with cross-functional teams, including IT, legal, privacy, content, and executive leadership during incident response efforts.

5% Stay current with the latest security technologies, industry trends, and best practices. Drive innovation within the incident response team to improve incident handling capabilities and champion automation wherever possible.

What you'll have:

The ideal candidate for this role should possess the following knowledge, skills, and abilities:

Knowledge of:

  • Familiarity with hacker techniques, tools, and motivations.
  • Comprehensive understanding of various operating systems, including Windows, OS X, Linux, and UNIX.
  • Proficiency in multilayer security architectures and controls.
  • In-depth application architecture knowledge encompassing mainframes, databases, web, middleware, and virtual environments.
  • Expertise in network architecture, including firewalls, routers, switches, and load balancers.
  • Familiarity with security technologies such as IDS/IPS, advanced endpoint protection, and antivirus solutions.


  • Ability to analyze file system images, memory images, and network packet captures.
  • Proficiency in using both commercial and open-source security tools. (Autopsy, Axiom, Encase, FTK, X Ways, etc)
  • Strong problem-solving skills, especially in situations with missing information and tight deadlines.
  • Experience in dynamic malware analysis and indicator extraction.
  • Proficient in indicator pivoting, tracking, and analysis. (Splunk)
  • Capable of prioritizing multiple tasks rapidly, formulating effective plans, and communicating with customers and leadership.
  • Incident and Forensic Security certification (SANS)

Desired skills (not required):

  • Programming proficiency in two or more languages: C, Java, .NET, SQL, Python.
  • Experience with shell scripting in two or more of the following: PowerShell, Bash, WMI.
  • Familiarity with reviewing application source code for security vulnerabilities.
  • Proficiency in using debuggers and/or de-compilers.
  • Experience in reverse engineering complex code using tools such as IDA Pro, OllyDBG, WinDBG, and similar software.
  • Ability to speak languages other than English (e.g., Japanese, Chinese, etc.).
  • Information Security certification, Ethical Hacking Certifications and/or Vendor certifications.

Ability to:

  • Adapt and take on new responsibilities to deliver consistent results.
  • Communicate effectively with strong verbal and concise written communication skills.
  • Run multiple tasks efficiently with strong organizational and multitasking abilities.
  • Demonstrate a willingness to learn new skills through self-learning and on-the-job training.
  • Exhibit an innovative mindset and stay up-to-date with evolving security technologies.

How we take care of you:

  • Competitive salary, with annual bonus eligibility.
  • A choice of comprehensive health plan options that fit your lifestyle including private medical insurance.
  • Rest and recharge during a week off during the winter holidays, in addition to the 25 days of paid annual leave.
  • Participate in extensive learning & development opportunities at all levels, including curated instructor-led classes and high impact online resources.
  • Build your community by joining our Employee Business Resource Groups, and/or Sony Pictures Action – our racial equity and inclusion strategy.
  • Access to an employee online store filled with a variety of discounted Sony products.
  • Watch the newest movies and TV shows at our exclusive employee screenings at work.
  • Entitlement to apply for an interest-free season ticket loan.
  • Automatic enrolment in the Company’s Pension Plan
  • Free counselling and advisory service.
  • You will be automatically enrolled in the Company’s Life Insurance and Group Income Protection Plans subject to any applicable service requirements.
  • The opportunity to attend various social events in our state-of-the-art offices in Paddington.
  • In addition to the above we have a range of other optional discounted benefits that are reviewed regularly (e.g., gym memberships, travel insurance, activity passes, car leasing, experience days and many more!)

If you require any reasonable adjustments with any part of the recruitment process, including the application or interview process, please contact us Please put Reasonable Adjustment Request in the subject line of the email.

Sony Pictures Entertainment is committed to equal opportunity in all its employment practices, policies and procedures. No worker or potential worker will therefore receive less favourable treatment due to their race, age, creed, sexual orientation, colour, nationality, ethnic origin, disability, religion, gender, marital status or Trade Union membership (if applicable).


* Sony Pictures - GBR - London
Apply now Apply later
  • Share this job via
  • or

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Automation Autopsy Bash C Compilers EnCase Ethical hacking Firewalls IDS Incident response IPS Java Linux Malware Monitoring Network security OllyDbg PowerShell Privacy Python Reverse engineering SANS Scripting SOC Splunk SQL Strategy Threat intelligence UNIX Vulnerabilities Vulnerability management WinDbg Windows

Perks/benefits: Career development Competitive pay Equity Fitness / gym Health care Insurance Medical leave Salary bonus Team events

Region: Europe
Country: United Kingdom
Job stats:  9  0  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.