1 to 25 of 35 Incident Response Jobs in the Midlands

boards from below onwards The Role As SOC Manager: Establish goals and priorities by working closely with your team to identify the most critical focus areas. These include: Improving incident response times Reducing false positives and other extraneous alerts Enhancing threat detection capabilities Oversee your staff's activities and ensure they focus on the right priorities Oversee SOC … activities by reviewing your team's performance metrics, incident reports and other key indicators Lead incident response efforts when a security incident occurs, the SOC team has to respond as quickly as possible Lead these efforts by establishing clear incident response procedures and protocols and conveying them to the team Analyse incident reports … to understand your organization's security posture by reviewing incident reports, SOC managers identify patterns and trends that may indicate weaknesses or vulnerabilities in their security defences Serve as the point of contact (POC) for security incidents within the company. You are the primary liaison between the SOC team, other internal stakeholders, and external parties such as vendors, clients More ❯

Head of IT Security Incident and Threat Management Package to £117k DOE + 15% Bonus + Benefits Based Birmingham This is an exciting opportunity to take a strategic leadership role at the forefront of cybersecurity. As Head of IT Security Incident and Threat Management, you will shape and lead the organization s global response to cyber threats … ensuring they stay one step ahead of emerging risks. You will have the scope to define and deliver a world-class threat intelligence and incident response strategy, working with innovative cutting-edge tools, partners, and experts. The successful candidate will lead and develop a talented in-house team, while managing the external Security Operations Centre (SOC) to ensure … proactive defence and rapid response to incidents. Key Responsibilities Develop and execute incident response and threat management strategies. Lead investigations, resolution, and post-incident analysis of security incidents. Oversee and mentor a team of three direct reports, ensuring their growth and performance. Conduct security audits and vulnerability assessments to strengthen defences. Collaborate across departments to embed More ❯

Head of IT Security Incident and Threat Management Package to £117k DOE + 15% Bonus + Benefits Based Birmingham This is an exciting opportunity to take a strategic leadership role at the forefront of cybersecurity. As Head of IT Security Incident and Threat Management, you will shape and lead the organization’s global response to cyber threats … ensuring they stay one step ahead of emerging risks. You will have the scope to define and deliver a world-class threat intelligence and incident response strategy, working with innovative cutting-edge tools, partners, and experts. The successful candidate will lead and develop a talented in-house team, while managing the external Security Operations Centre (SOC) to ensure … proactive defence and rapid response to incidents. Key Responsibilities Develop and execute incident response and threat management strategies. Lead investigations, resolution, and post-incident analysis of security incidents. Oversee and mentor a team of three direct reports, ensuring their growth and performance. Conduct security audits and vulnerability assessments to strengthen defences. Collaborate across departments to embed More ❯

Do you enjoy working across teams to improve security awareness and compliance? Want to make a real impact in a growing organisation? If you’re confident in network defence, incident response, and stakeholder collaboration — this could be your next move. About the Role We’re looking for a proactive and skilled Information Security Analyst to strengthen our cybersecurity … ll manage key platforms like CyGlass and KnowBe4, coordinate with external partners including Pentest People, and support internal compliance efforts. This is a hands-on role with variety — from incident response and penetration testing coordination to user training and policy development. Key Responsibilities Security Operations & Monitoring • Manage and monitor the CyGlass network defence platform • Coordinate penetration testing and … Pentest People • Provide regular updates to internal stakeholders on security posture Candidate Requirements Essential Skills & Experience • Experience in information security or infrastructure engineering • Strong understanding of network security and incident response • Familiarity with CyGlass, Pentest People, or similar platforms • Experience with KnowBe4 or other cybersecurity training tools • Knowledge of data protection regulations (e.g., GDPR, ISO27001) • Excellent communication and More ❯

Skills & Experience from the SOC Analyst Strong experience with Microsoft Sentinel (SIEM) and Microsoft Defender suite (Defender for Endpoint, Identity, Cloud, etc.). Proven track record in security monitoring, incident response, and alert troubleshooting . Working knowledge of SOAR platforms (preferably within Sentinel or similar). Understanding of threat detection, log analysis, and automation within Microsoft’s security … alerts and incidents in Microsoft Sentinel and Microsoft Defender . Perform detailed security event analysis and correlation, escalating incidents where necessary. Develop and optimise SOAR (Security Orchestration, Automation and Response) playbooks to enhance incident response and efficiency. Collaborate with wider IT and security teams to improve threat detection, incident handling, and response processes. Beneficial Experience More ❯

Skills & Experience from the Security Engineer Strong experience with Microsoft Sentinel (SIEM) and Microsoft Defender suite (Defender for Endpoint, Identity, Cloud, etc.). Proven track record in security monitoring, incident response, and alert troubleshooting . Working knowledge of SOAR platforms (preferably within Sentinel or similar). Understanding of threat detection, log analysis, and automation within Microsoft’s security … alerts and incidents in Microsoft Sentinel and Microsoft Defender . Perform detailed security event analysis and correlation, escalating incidents where necessary. Develop and optimise SOAR (Security Orchestration, Automation and Response) playbooks to enhance incident response and efficiency. Collaborate with wider IT and security teams to improve threat detection, incident handling, and response processes. Beneficial Experience More ❯

Days: As per business need Special Working Conditions: Occasional client site travel The Role As SOC Manager, you will: Establish goals and priorities with your team, focusing on: Improving incident response times Reducing false positives and extraneous alerts Enhancing threat detection capabilities Oversee staff activities to ensure focus on the right priorities Review team performance metrics, incident reports, and other key indicators Lead incident response efforts with clear procedures and protocols Analyse incident reports to understand the organization's security posture Serve as primary point of contact for security incidents, liaising with internal stakeholders and external parties Conduct information security investigations and manage end-to-end security incident resolution Report to the … identifying new use cases and automations Act as POC for SOC engineering, threat intelligence, and threat exposure management Provide guidance to Level-2 SOC security analysts during investigations and incident resolution Lead coordination of individual information security incidents Mentor security analysts on risk management, security controls, incident analysis, SIEM monitoring, and operational tasks Document incidents from detection to More ❯

cases Triage of security events and third-party SOC management Monitor/Collate data from endpoints across estate OSINT experience for threat hunting, prepare reports Cyber Defence Manager - Experience Incident response, security engineering, intrusion detection Experience of SOC or Incident Response Team Analyse End Point, Network, Application Logs Security frameworks/Standards (NIST, CIS, ISO27001) Scripting More ❯

role in strengthening our clients’ security operations. This is a hands-on, strategic position within the Technical Operations team, where you’ll set the direction for security practices, guide incident response, and support the growth of the wider team. Your responsibilities: Lead on security incidents, managing investigations through to resolution Design, implement, and maintain robust security controls across … infrastructure and applications Drive the creation and execution of incident response plans, ensuring continuous improvements Integrate security practices seamlessly into the DevOps pipeline Manage and optimise monitoring tools to provide real-time threat visibility Carry out regular threat and vulnerability assessments, applying effective remediation strategies Coach and mentor colleagues, keeping the team ahead of evolving risks and technologies More ❯

role in strengthening our clients’ security operations. This is a hands-on, strategic position within the Technical Operations team, where you’ll set the direction for security practices, guide incident response, and support the growth of the wider team. Your responsibilities: Lead on security incidents, managing investigations through to resolution Design, implement, and maintain robust security controls across … infrastructure and applications Drive the creation and execution of incident response plans, ensuring continuous improvements Integrate security practices seamlessly into the DevOps pipeline Manage and optimise monitoring tools to provide real-time threat visibility Carry out regular threat and vulnerability assessments, applying effective remediation strategies Coach and mentor colleagues, keeping the team ahead of evolving risks and technologies More ❯

can lead engagements, provide authoritative advice, and help shape our cyber security services. You will work primarily in Audit & Assurance and Risk & Compliance, with the opportunity to contribute to Incident Response where needed. There will also be opportunities to define and lead other areas of cyber security. What youll be doing Lead and deliver client engagements across governance … quality deliverables, audit reports, risk assessments, control mappings, and remediation roadmaps. Stay ahead of the curve, monitor emerging threats, regulations and standards, and translate these into actionable guidance. Support incident response activities where required, providing expertise during investigations and post-incident reviews. Mentor and develop colleagues, sharing knowledge and contributing to the growth of our cyber practice. … Market Harborough) and client site visits as needed. Professional development, support for CPD, including maintaining Chartered status and relevant certifications. Varied engagements, opportunities to work across multiple domains, including incident response. Package 3% Pension contributions 25 days holiday + Bank holidays Option to purchase an additional 5 days holiday Home based with an expectation of 1 day in the More ❯

IEC62443 standards. Key Responsibilities Lead the implementation of new technical security controls across OT environments. Contribute to the assessment of OT network architecture, protocols, and change management processes. Lead incident response and remediation for cyber events detected by OT SIEM systems. Actively support vulnerability management and ensure threat exposure is minimised. Provide hands-on leadership in data and … and energy-sector-specific technologies. Demonstrable experience implementing security controls within OT environments. Hands-on knowledge of OT technologies and protocols, including experience managing configuration changes. Experience working within incident response frameworks-from coordination to containment and recovery. Familiarity with threat modelling and architectural reviews, particularly in critical national infrastructure. Relevant certifications or credentials in IEC62443 or cyber More ❯

IEC62443 standards. Key Responsibilities Lead the implementation of new technical security controls across OT environments. Contribute to the assessment of OT network architecture, protocols, and change management processes. Lead incident response and remediation for cyber events detected by OT SIEM systems. Actively support vulnerability management and ensure threat exposure is minimised. Provide hands-on leadership in data and … and energy-sector-specific technologies. Demonstrable experience implementing security controls within OT environments. Hands-on knowledge of OT technologies and protocols, including experience managing configuration changes. Experience working within incident response frameworks-from coordination to containment and recovery. Familiarity with threat modelling and architectural reviews, particularly in critical national infrastructure. Relevant certifications or credentials in IEC62443 or cyber More ❯

and mitigating potential risks. You will oversee information security, compliance, and risk management practices based on industry-accepted information security and risk management frameworks, whilst establishing and maintaining an incident response plan, including incident detection, response, investigation, and resolution, to minimise the impact of security incidents. What you'll need to succeed Demonstrable experience of implementing More ❯

integration. Baseline and conduct regular reviews with an incoming 3rd party managed SOC and the security tools in the Cloud environment (Defender and Sentinel) Oversee security architecture, vulnerability management, incident response, and threat intelligence Lead security risk assessments and manage remediation plans for identified gaps Ensure compliance with financial regulations (e.g. GDPR, PCI DSS, SOX, FCA requirements) Establish … and implementing security frameworks (ISO 27001, NIST) Hands-on experience with SIEM, DLP, IAM, and endpoint security technologies, specifically Microsoft Defender XDR, Purview and Sentinel Excellent risk assessment and incident management skills Outstanding communication skills with the ability to influence stakeholders at all levels Strategic mindset with the capability to balance security controls and business agility SM&CR Responsibilities More ❯

SOC Analyst (L3) - Senior Incident Responder Location: Birmingham (Hybrid) Salary: Up to £70,000 (depending on experience) + bonus NOTE: Candidates for this role must be eligible for UK Security Clearance (SC). We’re looking for a hands-on L3 Senior Incident Responder who can lead on complex security investigations, manage high-severity incidents, and bring real … Splunk and wider SIEM technologies. This is a critical role within the SOC, where you’ll be the escalation point for L1 and L2 analysts and take ownership of incident containment, remediation, and post-incident review. What you’ll do: Act as the L3 escalation point , leading investigations into complex incidents escalated by L1/L2 analysts. Use … Splunk and other SIEM tools to detect, investigate, and respond to security events. Perform detailed forensic analysis, root cause analysis, and malware investigation. Lead incident response activities end-to-end, ensuring containment, eradication, and recovery. Develop, refine, and own SOC use cases, runbooks, and playbooks to drive continual service improvement. Liaise directly with clients, providing clear guidance and More ❯

Exposure to virtual networking and automation tools (Terraform, Ansible, Python, etc.). Monitoring & Management Knowledge of network management systems (SolarWinds, Cisco DNA Center, etc.). Performance monitoring, logging, and incident response design. 3. Experience Requirements Typically710+ yearsin network engineering, with35 yearsin architecture or design roles. Proven experience in large-scale or complex enterprise environments. Experience producing architectural artefacts More ❯

aligned with ISO 27001, NIST, and CIS frameworks. Produce detailed documentation for configurations, processes, and troubleshooting. Collaborate with global cloud, security, and infrastructure teams for consistent, secure operations. Support incident response, root cause analysis, and ongoing improvements. Required Skills & Experience: Extensive experience executing network refresh projects. Strong expertise with Cisco, Palo Alto, HAProxy, and Azure networking. Solid understanding More ❯

Produce and maintain technical documentation, including architecture diagrams, procedures, and operational controls. Assist with compliance activities and audits relating to ISO 9001, ISO 27001, and other regulatory frameworks. Support incident response, risk assessments and cybersecurity best practices (Cyber Essentials Plus desirable). Handling Active Directory and Group Policy administration Collaborate with cross-functional teams to ensure smooth delivery More ❯

Azure, or GCP networking services; understanding of hybrid/multi-cloud; automation tools (Terraform, Ansible, Python). Monitoring & Management: Network management systems (SolarWinds, Cisco DNA Center); performance monitoring, logging, incident response. Experience Requirements: 7 10+ years in network engineering, with 3 5 years in architecture/design roles. Proven experience in large-scale or complex enterprise environments. Architectural artefact More ❯

Excellent communication and stakeholder engagement skills. Passion for continuous learning and staying updated on emerging threats. Ability to translate technical risks into business impacts. Familiarity with SIEM tools and incident response processes. Closing date: 24 th October Shortlist date: 25 th October Interview date: TBC More ❯

assessments. Collaborate with internal teams and external partners to enhance security posture. Ideal experience: Background in information security or infrastructure engineering. Strong understanding of network security, threat detection, and incident response. Familiarity with vulnerability testing and security awareness tools. Knowledge of GDPR and ISO27001 frameworks. Relevant certifications (CISSP, CISM, or CompTIA Security+) beneficial. Location: Northampton – full-time, office-based More ❯

proxy, CrowdStrike-equivalent tools Data management : Supporting data labelling & retention projects using Purview or similar Governance support : Involved in data loss prevention, labelling, and stakeholder engagement (including DPO) Practical incident response input : Advising IT on immediate steps during incidents, converting theory into quick, actionable responses Ongoing InfoSec operations : Metrics, monitoring, and security projects across applications and users Tech … tools you’ll use: Microsoft Purview – Data governance and policy enforcement Microsoft Defender – Endpoint & email protection CrowdStrike/equivalents – Endpoint detection & response Web proxy & email security tools Azure (beneficial) – IAM, monitoring, and security logging Why this role? Be central to shaping data governance and security operations in a dynamic SME environment Hands-on exposure to a wide range of More ❯

proxy, CrowdStrike-equivalent tools Data management : Supporting data labelling & retention projects using Purview or similar Governance support : Involved in data loss prevention, labelling, and stakeholder engagement (including DPO) Practical incident response input : Advising IT on immediate steps during incidents, converting theory into quick, actionable responses Ongoing InfoSec operations : Metrics, monitoring, and security projects across applications and users Tech … tools you’ll use: Microsoft Purview – Data governance and policy enforcement Microsoft Defender – Endpoint & email protection CrowdStrike/equivalents – Endpoint detection & response Web proxy & email security tools Azure (beneficial) – IAM, monitoring, and security logging Why this role? Be central to shaping data governance and security operations in a dynamic SME environment Hands-on exposure to a wide range of More ❯

proxy, CrowdStrike-equivalent tools Data management : Supporting data labelling & retention projects using Purview or similar Governance support : Involved in data loss prevention, labelling, and stakeholder engagement (including DPO) Practical incident response input : Advising IT on immediate steps during incidents, converting theory into quick, actionable responses Ongoing InfoSec operations : Metrics, monitoring, and security projects across applications and users Tech … tools you’ll use: Microsoft Purview – Data governance and policy enforcement Microsoft Defender – Endpoint & email protection CrowdStrike/equivalents – Endpoint detection & response Web proxy & email security tools Azure (beneficial) – IAM, monitoring, and security logging Why this role? Be central to shaping data governance and security operations in a dynamic SME environment Hands-on exposure to a wide range of More ❯