1 to 25 of 115 Incident Response Jobs in the East of England

will focus on creating a business strategy, gap analysis and implementation, for securing their Azure-based infrastructure, integrating security automation, ensuring PCI DSS compliance, vulnerability and penetration testing and incident response. This role will focus on developing and maintaining secure, scalable Azure DevOps pipelines and Infrastructure as Code (IaC) using Terraform. Their ideal candidate will have a strong background … every stage. Cloud Security Implementation: Leverage Azure Security Centre, Microsoft Defender for Cloud, and Microsoft Sentinel for advanced security monitoring. Threat Detection & SOAR Automation: Oversee Security Orchestration, Automation, and Response (SOAR) solutions including SOC Prime. Network & Application Security: Manage Web Application Firewalls (WAF) and Intrusion Prevention Systems (IPS). Vulnerability & Penetration Testing: Review Penetration Testing, vulnerability assessments, and security … proactively identify and remediate risks. PCI DSS Compliance: Conduct security audits, risk assessments, and ensure regulatory compliance. DNS Security: Implement and monitor DNS security solutions to prevent cyber threats. Incident Response: Formulating and documenting a solid process utilising a 3rd party support partner Security Monitoring & Logging: Develop SIEM solutions, logging strategies, and real-time threat intelligence. Monitor, audit More ❯

will focus on creating a business strategy, gap analysis and implementation, for securing their Azure-based infrastructure, integrating security automation, ensuring PCI DSS compliance, vulnerability and penetration testing and incident response. This role will focus on developing and maintaining secure, scalable Azure DevOps pipelines and Infrastructure as Code (IaC) using Terraform. Their ideal candidate will have a strong background … every stage. Cloud Security Implementation: Leverage Azure Security Centre, Microsoft Defender for Cloud, and Microsoft Sentinel for advanced security monitoring. Threat Detection & SOAR Automation: Oversee Security Orchestration, Automation, and Response (SOAR) solutions including SOC Prime. Network & Application Security: Manage Web Application Firewalls (WAF) and Intrusion Prevention Systems (IPS). Vulnerability & Penetration Testing: Review Penetration Testing, vulnerability assessments, and security … proactively identify and remediate risks. PCI DSS Compliance: Conduct security audits, risk assessments, and ensure regulatory compliance. DNS Security: Implement and monitor DNS security solutions to prevent cyber threats. Incident Response: Formulating and documenting a solid process utilising a 3rd party support partner Security Monitoring & Logging: Develop SIEM solutions, logging strategies, and real-time threat intelligence. Monitor, audit More ❯

will focus on creating a business strategy, gap analysis and implementation, for securing their Azure-based infrastructure, integrating security automation, ensuring PCI DSS compliance, vulnerability and penetration testing and incident response. This role will focus on developing and maintaining secure, scalable Azure DevOps pipelines and Infrastructure as Code (IaC) using Terraform. Their ideal candidate will have a strong background … every stage. Cloud Security Implementation: Leverage Azure Security Centre, Microsoft Defender for Cloud, and Microsoft Sentinel for advanced security monitoring. Threat Detection & SOAR Automation: Oversee Security Orchestration, Automation, and Response (SOAR) solutions including SOC Prime. Network & Application Security: Manage Web Application Firewalls (WAF) and Intrusion Prevention Systems (IPS). Vulnerability & Penetration Testing: Review Penetration Testing, vulnerability assessments, and security … proactively identify and remediate risks. PCI DSS Compliance: Conduct security audits, risk assessments, and ensure regulatory compliance. DNS Security: Implement and monitor DNS security solutions to prevent cyber threats. Incident Response: Formulating and documenting a solid process utilising a 3rd party support partner Security Monitoring & Logging: Develop SIEM solutions, logging strategies, and real-time threat intelligence. Monitor, audit More ❯

is responsible for securing and monitoring Draper's digital assets as well as maintaining the highest level of information assurance across the enterprise. Job Description: Duties/Responsibilities * Leads Incident Response processes, ensuring issues are identified, remediated, and have documented root cause * Reviews existing, and author additional information security processes and standards * Resolves a wide range of security … security posture * Conducts network or software vulnerability assessments and penetration testing utilizing reverse engineering techniques. * Perform vulnerability analysis and exploitation of applications, operating systems or networks. Identifies intrusion or incident path and method. Isolates, blocks or removes threat access. * Performs analysis of complex software systems to determine both functionality and intent of software systems. * Mentors junior staff, provide development … of their abilities * Performs other duties as assigned Skills/Abilities * Proficient with industry standard security technologies, including firewalls, IDS/IPS, SIEM tools, endpoint monitoring, etc. * Knowledge of incident response procedures and best practices * Familiarity with threat intelligence process and integration * Highly developed communication skills * Excellent organizational skills Education Bachelor's Degree in Computer Science, and/ More ❯

systems and applications. Lead architectural reviews and assurance of designs working with System Integrators & partner resources. Conduct threat modeling and risk assessments on network infrastructure and recommend mitigations. Support incident response teams during network-related security incidents and perform root cause analysis. Evaluate and recommend security tools and technologies, and stay informed on emerging threats and vulnerabilities. Required More ❯

alerts to identify root causes and take corrective actions. Triage and escalate incidents based on severity, organizational policies, and operational impact, ensuring timely resolution and minimal downtime. Perform initial incident response actions , including containment, mitigation, and support for recovery, working closely with IT and security teams. Collaborate with IT and security teams to investigate and resolve both security … and minimizing impact on services. Ensure the availability and performance of services, proactively identifying potential issues that could affect users, and collaborating with teams to resolve operational incidents. Maintain incident logs, documentation, and reports , tracking all events and resolutions for auditing, compliance, and continuous improvement purposes. Analyse trends in security threats and vulnerabilities , staying ahead of emerging risks and … continuously refining response strategies to mitigate future incidents. Participate in threat hunting and vulnerability assessments, working with cross-functional teams to identify and close gaps in security while ensuring business operations run smoothly. Support internal and external stakeholders to ensure security configurations, operational practices, and incident management processes are always improving. Assist in developing and refining SOC procedures More ❯

for the advanced detection, investigation, and mitigation of complex cyber threats. As a senior member of the SOC, you will leverage your deep technical expertise to lead high-impact incident response efforts and guide the strategic direction of the organization's security posture. Responsibilities: Lead complex incident investigations, coordinating with internal and external stakeholders to resolve critical … security issues. Perform advanced threat hunting, identifying sophisticated attack vectors and emerging threat patterns. Develop and refine incident response playbooks, integrating threat intelligence and proactive defense strategies.Conduct deep forensic analysis and root cause investigations for high-severity incidents to prevent recurrence. Provide mentorship and guidance to junior analysts, promoting best practices in incident detection and response. Collaborate … validate security controls and improve SOC readiness. Support compliance and audit activities by providing expert analysis and reporting. Skills/Must Have: 4+ years of experience in a SOC, incident response, or cybersecurity operations role. Extensive experience with SIEM tools (e.g., Splunk, QRadar, Sentinel) and EDR solutions. Proficiency in scripting or programming languages (e.g., Python, PowerShell) for automation More ❯

team, ensuring the protection of our clients' digital assets while maintaining service excellence. Level 3 Analysts will take on additional responsibilities, such as mentoring junior team members, leading complex incident investigations, and driving strategic security improvements. What’s in it for you? Work with cutting-edge security technologies and develop expertise in industry-leading tools. Be part of an … SOC, ensuring timely detection and resolution in line with SLAs. Conduct thorough threat analysis and vulnerability assessments to identify potential security risks and implement mitigation strategies. Develop and refine incident response plans and playbooks to enhance SOC effectiveness. Perform root cause analysis (RCA) for high-priority incidents and contribute to service improvements. Provide expert recommendations on security measures … and solutions to clients and colleagues. Engage in knowledge sharing within the SOC and wider teams to enhance security awareness. Participate in on-call rota for critical incident response and escalation. Work within designated shift patterns to ensure 24/7 SOC operations. Contribute to process optimization, knowledge base development, and efficiency improvements. Support the smooth onboarding of More ❯

month contract. *This role will involve on site work in Cambridge 2-3 days per week. *Inside IR35. Security Automation & Detection Engineer Role Overview: Utilising knowledge of security operations, incident response, and detection engineering, you will be responsible for the delivery of SIEM detections and security automations. The successful candidate will be proficient in automation and orchestration tools … tools (e.g., SIEM, EDR, firewalls) APIs, and Case Management tools for data enrichment. Responsibilities: • Build security automations, logging, and SIEM detections to improve the CDO's efficiency, scalability, and incident response capabilities. • Design, implement, and maintain automated workflows and playbooks to streamline CDO operations, including incident response, threat hunting, cyber threat intelligence and vulnerability management. • Collaborate … with CDO analysts to identify repetitive tasks and automate them to improve operational efficiency. • Collaborate with Threat Intelligence, Incident Response, and Attack Surface Management to build and tune robust SIEM detections for both proactive and reactive response actions. • Continuously evaluate automation solutions for performance, reliability, and scalability, making improvements, as necessary. • Collaborate with third-party vendors and More ❯

Role Overview: Utilising knowledge of security operations, incident response, and detection engineering, you will be responsible for the delivery of SIEM detections and security automations. The successful candidate will be proficient in automation and orchestration tools (e.g., SOAR platforms, scripting languages like Python, PowerShell) and have experience with integrating security tools (e.g., SIEM, EDR, firewalls) APIs, and Case … Management tools for data enrichment. Responsibilities: Build security automations, logging, and SIEM detections to improve the CDO's efficiency, scalability, and incident response capabilities. Design, implement, and maintain automated workflows and playbooks to streamline CDO operations, including incident response, threat hunting, cyber threat intelligence and vulnerability management. Collaborate with CDO analysts to identify repetitive tasks and … automate them to improve operational efficiency. Collaborate with Threat Intelligence, Incident Response, and Attack Surface Management to build and tune robust SIEM detections for both proactive and reactive response actions. Continuously evaluate automation solutions for performance, reliability, and scalability, making improvements, as necessary. Collaborate with third-party vendors and service providers to leverage automation opportunities and ensure More ❯

Role Summary Responsibilities : By stepping into Costello Medical’s first Cybersecurity Analyst role, you will be responsible for conducting security incident detection, monitoring and response, as well as supporting with the delivery of key IT security projects for our Technical Operations team. Salary : £35,000 to £40,000 per annum, depending on your qualifications and previous experience. Benefits … guide cybersecurity training initiatives. Additionally, you will have ample opportunities to enhance Costello Medical’s security by proposing and delivering security projects of your own. Key responsibilities will include: Incident detection and response using EDR/XDR and SIEM technologies, including Microsoft Defender and Sentinel. Contributing to the development and maintenance of security procedures, including vulnerability scanning, remediation … security standards and helping the company achieve certifications such as CyberEssentials+ and ISO27001. As you gain experience and confidence within the role, you will have the opportunity to lead incident response efforts, implement process improvements, and spearhead the development of new security strategies. You will become the go-to person for IT security and risk mitigation, establishing yourself More ❯

join a purpose-driven organisation on a part-time basis . In this role, you'll take the lead in strengthening the organisation's security posture by driving forward incident response, vulnerability management, and compliance initiatives. You'll be a key player in embedding security best practices across the business and ensuring alignment with industry standards. Responsibilities Work More ❯

the-job, and external training, including industry-recognized certifications with SANS Institute and OFFSEC. You will be paired with a mentor and gain hands-on experience in threat detection, incident response, and operational strategies. Opportunities for travel, conferences, and staying abreast of cyber security innovations are available but not mandatory. Rewards and Benefits Starting salary of More ❯

IDPS) Security information and event management (SIEM) system Vulnerability scanning and penetration testing Cloud security Identity and access management (IAM) Data loss prevention (DLP) Endpoint protection Security operations and incident response Experience in developing and implementing security policies, procedures, and standards. Understanding of legal and regulatory frameworks (e.g., GDPR, ISO 27001, NIST SP 800-171). Excellent communication More ❯

seeks a Microsoft Security (Sentinel) Automation & Detection Engineer for a 6-month contract to start ASAP, based in Cambridge ( Hybrid), Inside IR35 Role Overview: Utilising knowledge of security operations, incident response, and detection engineering, you will be responsible for the delivery of Microsoft SIEM detections and security automations. The successful candidate will be proficient in automation and orchestration … operations. Responsibilities: Lead technical migration of log sources into Microsoft Sentinel SIEM. Build security automations, logging, and SIEM detections to improve the Cyber Defence Operation’s efficiency, scalability, and incident response capabilities. Design, implement, and maintain automated workflows and playbooks to streamline CDO operations, including incident response, threat hunting, cyber threat intelligence and vulnerability management. Collaborate … with Cyber Defence Operation analysts to identify repetitive tasks and automate them to improve operational efficiency. Collaborate with Threat Intelligence, Incident Response, and Attack Surface Management to build and tune robust SIEM detections for both proactive and reactive response actions. Continuously evaluate automation solutions for performance, reliability, and scalability, making improvements, as necessary. Collaborate with third-party More ❯

seeks a Microsoft Security (Sentinel) Automation & Detection Engineer for a 6-month contract to start ASAP, based in Cambridge ( Hybrid), Inside IR35 Role Overview: Utilising knowledge of security operations, incident response, and detection engineering, you will be responsible for the delivery of Microsoft SIEM detections and security automations. The successful candidate will be proficient in automation and orchestration … operations. Responsibilities: Lead technical migration of log sources into Microsoft Sentinel SIEM. Build security automations, logging, and SIEM detections to improve the Cyber Defence Operation’s efficiency, scalability, and incident response capabilities. Design, implement, and maintain automated workflows and playbooks to streamline CDO operations, including incident response, threat hunting, cyber threat intelligence and vulnerability management. Collaborate … with Cyber Defence Operation analysts to identify repetitive tasks and automate them to improve operational efficiency. Collaborate with Threat Intelligence, Incident Response, and Attack Surface Management to build and tune robust SIEM detections for both proactive and reactive response actions. Continuously evaluate automation solutions for performance, reliability, and scalability, making improvements, as necessary. Collaborate with third-party More ❯

and visionary cybersecurity leader to head global security operations at an innovative, fast-paced technology organisation. This role will drive the strategic and operational excellence of our threat detection, incident response, and vulnerability management functions across a globally distributed digital estate. Reporting directly to the Chief Information Security Officer (CISO), this high-impact position is responsible for setting … and executing the direction of our detection and response capabilities—ensuring our resilience against ever-evolving cyber threats. You’ll also play a central role in executive-level crisis planning, team growth, and cybersecurity thought leadership across the business. What You’ll Be Doing: Shape and deliver the long-term roadmap for detection and response aligned with business … communication skills, with the ability to translate complex risk issues into business-relevant insight and strategy. A strategic thinker with deep domain knowledge across enterprise security, threat intelligence, and incident response, and who can effectively influence C-Suite stakeholders. Demonstrated experience leading and mentoring cross-functional, high-performing teams with a focus on development and psychological safety. Preferred More ❯

and visionary cybersecurity leader to head global security operations at an innovative, fast-paced technology organisation. This role will drive the strategic and operational excellence of our threat detection, incident response, and vulnerability management functions across a globally distributed digital estate. Reporting directly to the Chief Information Security Officer (CISO), this high-impact position is responsible for setting … and executing the direction of our detection and response capabilities—ensuring our resilience against ever-evolving cyber threats. You’ll also play a central role in executive-level crisis planning, team growth, and cybersecurity thought leadership across the business. What You’ll Be Doing: Shape and deliver the long-term roadmap for detection and response aligned with business … communication skills, with the ability to translate complex risk issues into business-relevant insight and strategy. A strategic thinker with deep domain knowledge across enterprise security, threat intelligence, and incident response, and who can effectively influence C-Suite stakeholders. Demonstrated experience leading and mentoring cross-functional, high-performing teams with a focus on development and psychological safety. Preferred More ❯

and visionary cybersecurity leader to head global security operations at an innovative, fast-paced technology organisation. This role will drive the strategic and operational excellence of our threat detection, incident response, and vulnerability management functions across a globally distributed digital estate. Reporting directly to the Chief Information Security Officer (CISO), this high-impact position is responsible for setting … and executing the direction of our detection and response capabilities—ensuring our resilience against ever-evolving cyber threats. You’ll also play a central role in executive-level crisis planning, team growth, and cybersecurity thought leadership across the business. What You’ll Be Doing: Shape and deliver the long-term roadmap for detection and response aligned with business … communication skills, with the ability to translate complex risk issues into business-relevant insight and strategy. A strategic thinker with deep domain knowledge across enterprise security, threat intelligence, and incident response, and who can effectively influence C-Suite stakeholders. Demonstrated experience leading and mentoring cross-functional, high-performing teams with a focus on development and psychological safety. Preferred More ❯

organisation from evolving threats. We focus on anticipating and mitigating risks by identifying emerging threats and reducing uncertainty. Our CTI team collaborates closely with internal teams, including Security Operations, Incident Response, Vulnerability Management, and Security Engineering, as well as external intelligence-sharing communities, to enhance detection, response, and our understanding of the global threat landscape. We are … Commitment to continuous improvement through workflow optimisation and automation. Experience relevant for this job: • 2-4 years of cybersecurity analysis experience in roles like: Threat Intelligence, Security Operations, or Incident Response. • Candidates with a strong Intelligence background and proven technical skills also considered. • Experience of delivery into large complex enterprises. • CTI relevant certifications or industry equivalent (desirable). • Cybersecurity More ❯

valued and recognised. Key Responsibilities: Develop, implement, and maintain robust cyber security measures to protect the council's digital assets and infrastructure. Develop and deploy innovative ICT solutions in response to evolving business demands, contributing to organisational growth and resilience. Conduct regular security assessments, cyber risk assessments, vulnerability scans, and penetration tests to identify potential weaknesses and risks. Monitor … Required: Knowledge of Fortigate Security Stack including Firewalls, FortiAnalyzer, FortiManager. Knowledge of vulnerability management platforms (Tenable/Nessus/Qualys). Knowledge of threat intelligence, risk management, and cyber incident response frameworks. In-depth knowledge of NCSC Cyber Assessment Framework (CAF), PSN Compliance, Cyber Essentials, NIST, or ISO 27001. Qualifications: Degree or equivalent level qualification or experience. ITIL More ❯

Elysium Healthcare is seeking a Security Operations Engineer to join their team. The role involves leading the day-to-day operational security response, triaging and investigating security alerts, and maintaining key security solutions. The successful candidate will have experience working with or alongside a managed Security Operations Centre (SOC) and hands-on involvement in technical incident investigation or … act as the central point for operational security, ensuring threats are quickly identified, validated, and addressed in collaboration with IT and infrastructure teams. In addition to alert triage and incident response, you will be responsible for maintaining and tuning key security solutions such as endpoint detection and response (EDR), antivirus, and vulnerability management platforms. You will also … and employs over 86,000 people globally. Job responsibilities Do you have experience working with or alongside a managed Security Operations Centre (SOC) with hands on involvement in technical incident investigation or alert response? If so, join Elysium Healthcare as the Security Operations Engineer. You will be leading the day-to-day operational security response by working More ❯

delivery, with relevant industry or academic experience to meet the requirements of the role. Delivery within a proactive cybersecurity system where monitoring and threat intelligence drive delivery alongside great response to incidents as they emerge, including in partnership with 3rd parties. Familiar with the application of security certifications such as ISO27001, NIST to global organisations with significant outsourced value … data privacy and data handling issues in organisations with significant outsourced value stream activities In the field of Information and Cyber Security experience of; risk management processes, management of incident and resolution, development and reporting of key KPIs, audit and continuous improvement response and delivery through external partnerships Definition and delivery of policy and process documentation to support … incident response, proactive management and audit Essential capabilities: Development agility - Bicycle is a growing and evolving company. You will have the opportunity to be self-starting, entrepreneurial and eager to develop within a supportive environment Partnership - Information and cyber security is critical to our business success. You will need to deliver with business stakeholders not to them - our More ❯

local government. To read more about our business area, please visit Corporate Services and Transformation Key Responsibilities: Lead and develop an active Security Operations team focused on threat detection, incident management, and prevention of data breaches or service disruptions. Build and mature the Security Operations Centre (SOC) with a focus on cyber risks, threat intelligence and proactive incident avoidance. Oversee the councils response to critical cyber incidents, coordinating resolution efforts and informing senior stakeholders. Collaborate with security architects and technical teams to shape and implement cyber security policies, ensuring theyre risk-appropriate and business-friendly. Manage cyber security risks by embedding them into the corporate risk register and advising on appropriate mitigation strategies. Oversee the planning … cyber security trends, threats, tools, and protocols -demonstratable vendor agnostic technical appreciation of both defensive and offensive Cyber Security with focus on Microsoft security competencies. Strong experience in leading incident response, technical investigations, and high-pressure decision-making. Excellent communication skills with the ability to influence and collaborate at all organisational levels. Strategic thinking with a focus on More ❯

local government. To read more about our business area, please visit Corporate Services and Transformation Key Responsibilities: Lead and develop an active Security Operations team focused on threat detection, incident management, and prevention of data breaches or service disruptions. Build and mature the Security Operations Centre (SOC) with a focus on cyber risks, threat intelligence and proactive incident avoidance. Oversee the councils response to critical cyber incidents, coordinating resolution efforts and informing senior stakeholders. Collaborate with security architects and technical teams to shape and implement cyber security policies, ensuring theyre risk-appropriate and business-friendly. Manage cyber security risks by embedding them into the corporate risk register and advising on appropriate mitigation strategies. Oversee the planning … cyber security trends, threats, tools, and protocols -demonstratable vendor agnostic technical appreciation of both defensive and offensive Cyber Security with focus on Microsoft security competencies. Strong experience in leading incident response, technical investigations, and high-pressure decision-making. Excellent communication skills with the ability to influence and collaborate at all organisational levels. Strategic thinking with a focus on More ❯