Security Incident Response Engineer
NonStop Consulting • Warrington, Cheshire • Posted July 02, 2026
About the Role
Key Details at a Glance
Role: Security Incident Response Engineer
Location: Warrington - hybrid, typically 2 days per week on site
Contract length: 6 months (with strong potential for extension based on performance and project needs)
IR35 status: Out of Scope
Rate: 100/hour
Clearance: Existing SC preferred or strong eligible candidates
Day-to-day environment: Digital / Cyber, working closely with Cyber Operations / CSOC
What You Would Be Doing
This role sits at the intersection of cyber operations and ServiceNow engineering. You would be responsible for designing and embedding robust incident response capabilities in the ServiceNow Security Incident Response (SIR) module, closely aligned to NCSC and best-practice frameworks.
ServiceNow SIR workflow design & development
Review existing incident processes and translate them into effective ServiceNow SIR workflows, covering triage, escalation paths, case lifecycle, evidence management,...
Role: Security Incident Response Engineer
Location: Warrington - hybrid, typically 2 days per week on site
Contract length: 6 months (with strong potential for extension based on performance and project needs)
IR35 status: Out of Scope
Rate: 100/hour
Clearance: Existing SC preferred or strong eligible candidates
Day-to-day environment: Digital / Cyber, working closely with Cyber Operations / CSOC
What You Would Be Doing
This role sits at the intersection of cyber operations and ServiceNow engineering. You would be responsible for designing and embedding robust incident response capabilities in the ServiceNow Security Incident Response (SIR) module, closely aligned to NCSC and best-practice frameworks.
ServiceNow SIR workflow design & development
Review existing incident processes and translate them into effective ServiceNow SIR workflows, covering triage, escalation paths, case lifecycle, evidence management,...