Job Description

Assurance Directorate

Are you an experienced and capable Cyber Incident Response Lead? Oxford University's Information Security Operations team (OxCERT) is seeking someone like you to manage and coordinate our cyber response. The role is crucial in protecting the collegiate university's digital infrastructure and data, supporting its research, innovation, and teaching; and their administration. Location: Central Oxford / Hybrid Salary: 48,235 - 62,407 per annum Contract: Full Time, Permanent

About Us

Spanning the historic streets of the "city of dreaming spires," the University of Oxford has been ranked the world's leading university for nine consecutive years. A place where centuries of tradition meet world-changing innovation, we offer you the chance to shape the future while working in an inspiring environment that promotes excellence. Here, you'll contribute to ground-breaking research that tackles global challenges - from advancing sustainability to pioneering healthcare solutions - and join a diverse, inclusive community that champions your wellbeing, development, and aspirations. Apply now to become part of our extraordinary legacy.

The Information Security Operations team is part of the university's Information Security (InfoSec) department, which is headed by the Chief Information Security Officer (CISO). InfoSec is responsible for safeguarding the university's digital assets while enabling its strategic objectives. Within this structure, the Operations team focuses on the Protect, Detect, and Respond functions of the NIST Cybersecurity Framework.

What We Offer

Working at the University of Oxford offers several exclusive benefits, such as:
38 days of annual leave (inclusive of public holidays) to support your wellbeing, with the option to purchase up to 10 extra days and additional leave after long service. One of the most generous family leave schemes in UK higher education, offering up to 26 weeks of full-pay maternity and adoption leave, plus 12 weeks of full-pay paternity/partner leave. A commitment to hybrid and flexible working to suit your lifestyle. An excellent contributory pension scheme. Affordable and sustainable commuting options, including a cycle loan scheme, discounted bus travel, and season ticket loans. Access to a vibrant community through our social, cultural, and sports clubs.
About the Role
As Cyber Incident Response Lead, you will oversee the full lifecycle of cybersecurity incidents--from detection and containment to recovery and post-incident analysis. You'll act as the primary escalation point for high-impact threats and collaborate closely with the wider InfoSec team to enhance detection capabilities, deploy new tools, and improve automated response mechanisms.
You'll lead and develop a team of Cyber Security Analysts, guiding their professional growth and performance. Your role will also involve contributing to IT policy development and designing secure systems, while continuously identifying opportunities to strengthen the university's security posture.
In addition, you'll manage threat detection and analysis activities, including monitoring SIEM, IDS/IPS, and endpoint protection systems. You'll lead threat hunting and forensic investigations, maintain and refine incident response plans and playbooks, and drive ongoing improvements through lessons learned and regular simulation exercises.

About You

Proven experience in cyber incident response Strong technical knowledge of SIEM, EDR, IDS/IPS, and networking Excellent communication and leadership skills
This role meets the criteria for sponsorship under the Skilled Worker visa. The University will meet the cost of the Skilled Worker visa and NHS surcharge for applicants that require a visa.

Please let us know in your application if you require sponsorship.

Acceptance into this role is subject to security pre-employment University Enhanced Level Screening including a satisfactory DBS BASIC check

Application Process

To apply, please upload:
A covering letter/supporting statement that addresses each of the selection criteria with an example of a situation, what you thought, what you did and how your action achieved or improved the desired outcome Your CV The details of two referees
The closing date for applications is 12 noon on 14th July

Interviews will take place in late Jul and will be in person in Oxford