1 to 25 of 68 Incident Response Jobs in the North West

Threat and Incident Response Lead Analyst Permanent or Contract | Hybrid 12 Days in Office (North West) Threat and Incident Response Lead Analyst is needed for a growing Cyber team who are looking to strengthen its cyber defence capabilities with the hire of a Threat and Incident Response Lead Analyst . This is a pivotal … hands-on role in a growing cyber team. Youll lead threat intelligence and incident response efforts, shape defensive strategy and play a critical role in ensuring the organisation stays ahead of evolving threats. What Youll Be Doing: Lead all aspects of Threat Intelligence and Incident Response Perform gap analysis across tooling, processes and detection capabilities Implement … and embed modern IR and threat detection best practices Develop and maintain incident response playbooks and threat hunting strategies Stay informed on emerging threats, TTPs, and adversarial behaviours Tune detection rules and improve response workflows Work with tools such as Microsoft Sentinel, Defender, Splunk, or similar What Were Looking For: Proven experience in hands-on incident More ❯

Join Police Digital Service as NMC Cyber Incident Management Lead £65,000 - £70,000 About Police Digital Service Police Digital Service strives to be the go-to partner for technology developments and programmes across UK policing. The National Management Centre (NMC) is part of Police Digital Service and provides visibility and control of information risks for policing. It supports … the 24x7x365 nature of police operations, providing a threat detection and response capability for digital services before, during and after cyber-attacks, enabling stakeholders to understand and proactively manage risk across the technology estate at both the national and force level. Key Responsibilities Responsible for the co-ordination and effective reporting of cyber security incidents within the NMC, along … with any issues concerning quality and delivery of the service. You will have line management responsibility for the team of Cyber Incident Leads. Accountable for the evolution and development of the Incident Management Service with regards to continuously improving People, Processes and Technology. Responsible for the progression of key service deliverables, Incident Response Planning, Cyber Incident More ❯

such as CrowdStrike Falcon, RoboShadow, Microsoft Defender, ThreatLocker Evaluate and onboard new security technologies; liaise with vendors Lead technical onboarding of cyber tools for both internal and client deployments Incident Response & Threat Management: Develop and own incident response playbooks Act as the lead escalation point for live security incidents Analyse alerts, threat intelligence, and forensic data … of: CrowdStrike Falcon - policy config, triage, alerting RoboShadow or similar - vulnerability workflows Microsoft Defender, Conditional Access, MFA, Secure Score Familiarity with frameworks: Cyber Essentials Plus, ISO 27001, PCI DSS Incident response experience with real-world investigations Understanding of identity security, patch management, and user awareness training Excellent written and verbal communication - able to simplify complex concepts for clients More ❯

such as CrowdStrike Falcon, RoboShadow, Microsoft Defender, ThreatLocker Evaluate and onboard new security technologies; liaise with vendors Lead technical onboarding of cyber tools for both internal and client deployments Incident Response & Threat Management: Develop and own incident response playbooks Act as the lead escalation point for live security incidents Analyse alerts, threat intelligence, and forensic data … of: CrowdStrike Falcon - policy config, triage, alerting RoboShadow or similar - vulnerability workflows Microsoft Defender, Conditional Access, MFA, Secure Score Familiarity with frameworks: Cyber Essentials Plus, ISO 27001, PCI DSS Incident response experience with real-world investigations Understanding of identity security, patch management, and user awareness training Excellent written and verbal communication - able to simplify complex concepts for clients More ❯

to hear from you. This is more than just a security role, it's a chance to: Contribute to the design and implementation of security controls, tools, monitoring, and incident response processes. Work with modern cloud technologies, especially Microsoft Azure, to secure scalable microservices and infrastructure. Help shape and implement security best practices, threat detection, and incident response strategies. What you'll be doing Designing and implementing security controls & tooling across our hybrid-based infrastructure, with a focus on Microsoft Azure. Monitoring and responding to threats using tools like SIEM and XDR, ensuring rapid detection and resolution of security incidents. Collaborating in an Agile environment with multiple teams to embed security best practices throughout the … business. Conducting regular vulnerability assessments, supporting patch management, and improving our overall security posture. Creating and maintaining clear, concise documentation for security processes, configurations, and incident response procedures. Participating in the Information Security on-call rota. What you'll bring: 2+ years of hands-on cybersecurity experience, with a focus on cloud environments such as Microsoft Azure. A More ❯

We are looking for a highly skilled Senior Information Security Engineer with deep expertise in security tooling across both on-premise and cloud environments. You will lead threat detection, incident response, and security architecture efforts within a hybrid environment. This is a highly technical engineering role, where you'll be hands-on developing and maintaining our security operations … maintain advanced security configurations across the Microsoft Defender suite (Cloud, Endpoint and Identity), Microsoft Sentinel, Purview and Azure infrastructure (including RBAC, PIM, NSGs and identity protections). Lead security incident detection, investigation, and response activities alongside the SOC. Lead the implementation and tuning of Microsoft Sentinel: build KQL queries, implement custom rules, conduct threat hunting, workbooks, design and … Management (PIM). Specific knowledge of AWS security stack would be beneficial including GuardDuty, CloudWatch and SecurityHub Familiarity with industry frameworks: MITRE ATT&CK, NIST, CIS, PCI-DSS. Excellent incident response, problem-solving, and communication skills. Preferred Certifications: Microsoft Certified: Cybersecurity Architect Expert (SC-100) Microsoft Certified: Security Operations Analyst Associate (SC-200) Microsoft Certified: Azure Security Engineer More ❯

Encryption : Protect data at rest, in transit, and in use through encryption and tokenization. Network Security : Design secure network architectures, implement IDS/IPS, firewalls, and VPNs. Security Monitoring & Incident Response : Build monitoring solutions, develop incident response strategies. Compliance & Governance : Ensure adherence to regulations, conduct audits, and establish security frameworks. Secure DevOps & Automation : Incorporate security into … Skills : Strong knowledge of cybersecurity technologies and practices Expertise in security frameworks (CIS, ISF, Mitre, NIST, or equivalent) Deep understanding of CIS18 controls and security architecture concepts Experience with incident investigation and remediation Proficiency in cloud security (Azure, AWS, or Google Cloud) Excellent stakeholder management and communication skills Relevant cybersecurity certifications (CISSP, CISM, CEH, etc.) Requirements Bachelor's degree More ❯

DCC is looking for a Lead Cyber Security Operations Analystto play a key leadership role in shaping and advancing our Security Operations Centre (SOC). You'll drive our incident response strategy, lead major investigations, develop cutting-edge detection content, and help grow a highly capable security team through training and exercises. This is a critical role in … capabilities and foster collaboration across the smart metering community. Translate threat trends into actionable insights and drive improvements across the organisation. Evaluate and recommend tools that enhance detection and response capabilities. Conduct forensic investigations and perform root cause analysis of security incidents. What are we looking for? Proven experience in incident response and leading investigations in complex More ❯

strengthening security posture, delivering against the cybersecurity strategy and ensuring alignment with the Cyber Governance Code of Practice. The role will include security audits, issue investigations, cross-functional cyber incident planning and ensuring cybersecurity practices extend across the Supply Chain. This is a fast paced role, where the successful candidate will lead cybersecurity governance, risk management, and compliance initiatives … within an enterprise environment. Managing incident response frameworks, including cross-functional planning and coordination. They will have excellent interpersonal skills and ability to build and maintain relationships with key stakeholders. This role is based at any of our UK site (Hamilton, Manchester, Sheffield, Salisbury or Cardiff) with hybrid working as an option. On occasion you will be required … risk assessments and investigations, identifying vulnerabilities and proposing remediation strategies. They will develop and enforce cybersecurity policies aligned with regulatory frameworks and best practices, and lead cross-functional cyber incident planning sessions, collaborating with key business units to improve response readiness. They will provide expert recommendations on security improvements, infrastructure hardening and threat mitigation strategies. The successful candidate More ❯

businesses maintain secure and competitive operations. Key Responsibilities: Support cybersecurity stack administration for SME and hospitality clients using tools including CrowdStrike Falcon, RoboShadow, Microsoft Defender, and ThreatLocker Assist with incident response playbook development and execution, analysing alerts and threat intelligence for effective remediation Contribute to client compliance guidance across Cyber Essentials/CE+, ISO 27001, and PCI DSS … familiarity with security tools including CrowdStrike Falcon, Microsoft Defender, Conditional Access, and MFA Understanding of compliance frameworks such as Cyber Essentials Plus, ISO 27001, and PCI DSS Interest in incident response and real-world security investigations Foundational knowledge of identity security, patch management, and user awareness training Strong written and verbal communication skills with ability to simplify complex More ❯

seasoned SOC professional looking to make a tangible impact. Apply now to join a team focused on protecting enterprise assets against evolving cyber threats. Key Responsibilities: Lead investigations and response efforts for high-severity security incidents. Conduct proactive threat hunting using Microsoft Sentinel and the Defender suite. Develop and fine-tune analytic rules, workbooks, and automation playbooks in Sentinel. … Perform deep-dive analysis of malware, phishing, and lateral movement techniques. Collaborate with engineering teams to optimise Microsoft security tool integrations. Maintain and enhance incident response procedures and documentation. Skills/Must have: Over 5 years of experience in cybersecurity, including a minimum of 2 years in a Level 3 SOC or equivalent role. Expert-level proficiency with … Identity, and Office 365. Strong knowledge of the MITRE ATT&CK framework, threat intelligence, and adversary TTPs. Solid understanding of Windows, Linux, and core network security principles. Skilled in incident response, digital forensics, and proactive threat hunting. Experience working with SOAR platforms and building automated workflows. Benefits: View to Extension Salary: Up to £575 Per Day More ❯

hierarchy or titles. It's about impact, curiosity and partnering to build something that scales well and feels right. You'll be hands on with architecture, tooling, policy and incident response. You'll enable teams to move quickly and securely, bringing clarity to complex problems and designing systems that work long after you're done with them. What you … ll be doing Collaborating with your teammates to take ownership of security across the business from hardening and monitoring to governance and incident response Designing and evolving secure architectures using defence in depth and threat modelling principles across cloud, networks and endpoints Driving vulnerability management and scaling tooling such as CSPM, SIEM, IAM and endpoint protection to manage … security and data privacy, helping ensure we remain audit ready Building lightweight processes that make it easy for teams to do the secure thing by default Sharing ownership of incident response including triage, coordination and postmortem analysis Partnering with engineers and product teams to embed secure thinking into design and delivery Keeping pace with emerging threats and contributing More ❯

to the setup and ongoing enhancement of the Security Operations Center (SOC). Investigating security incidents and implementing effective countermeasures. Utilizing SOC tools such as SIEM, vulnerability scanners, and incident response solutions. Performing threat hunting by analyzing and assessing security events on central platforms. Documenting incidents thoroughly in ticketing and SIEM systems, and generating detailed reports. Monitoring systems … of offensive security concepts. Experience with programming languages such as Python and SQL. Minimum C1 level in German with good knowledge of English. Desirable skills: Experience working with Sophos. Incident response experience. Experience with malware analysis. Company benefits: Attractive salary. Strong progression plans. Excellent training opportunities and personal development. Opportunity to attain certifications. Work alongside an inclusive team More ❯

STIGs, and UK Functional Standard 007 Vulnerability Assessment & Access Review Support regular access reviews, entitlement audits, and role certification; identify and remediate potential vulnerabilities in provisioning and access enforcement. Incident Management & Response Participate in access-related incident response, including unauthorized access investigations, root-cause analysis, and mitigation measures. Client Engagement & Training Collaborate with stakeholders to understand … SAML/OAuth, and access governance tools. Security Framework Knowledge : Understanding of defence and public-sector security frameworks (JSP 440/604, STIGs, ISO 27001, Government Functional Standard 007) Incident & Risk Handling : Proven ability to conduct security incident investigations relevant to unauthorized access and remediate gaps. Communication Skills : Strong ability to engage with both technical teams and non More ❯

malicious content. Configure and maintain web and email filtering solutions to block phishing attempts, malware, and other threats. EDR and XDR Technologies: Administer and respond to Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) technologies to swiftly mitigate threats. Monitor alerts, investigate incidents, and take appropriate actions to contain and remediate threats. Security Governance and … security layers align against our Internal Security Standards and Statutory and Regulatory obligations. SIEM Management: Manage, monitor, and respond to security incidents and events using the Council's Security Incident and Event Monitoring (SIEM) platform. Ensure timely detection, analysis, and response to security incidents to minimise impact and support recovery efforts. As part of our team, the successful … phishing protection, and ensuring compliance with security policies. EDR and XDR Technologies: Detailed practical knowledge of administering and responding to EDR and XDR technologies. Experience with endpoint security solutions, incident response procedures, and threat detection and remediation. Security and Cloud Architecture: Broad knowledge of Security and Cloud architecture principles. Management Reporting: Recent experience of providing high-quality management More ❯

cyber resilience. As a Senior Cyber Security Analyst, you will play a key role in protecting systems, networks, and data against cyber threats. You will lead threat detection and incident response efforts, support the development of security policies and controls, and work closely with stakeholders to ensure compliance and security best practice across the business. You will also … cyber security best practice is considered throughout the entire SDLC. Creates and maintains documentation around the use of cyber security technology in the organisation. Carries out threat detection and incident response. Carries out vulnerability management and remediation. Collaborates as needed with third-party security vendors for expert advice and issue resolution. Carries out threat intel research and recommends security … Detailed understanding of application security along with experience of working alongside software development teams, supporting and advising on best practice to maintain security. Significant experience of endpoint detection and response (EDR) technologies and network detection and response (NDR) technologies. Detailed knowledge of Information Security standards including Cyber Essentials, Cyber Essentials Plus and ISO27001. Good understanding of Linux and More ❯

Proactively work with business units and global functions in InfoSec to support internal and external audits and ensure their success, Support other InfoSec teams and local IT teams during incident management and incident response activities, Liaise with Data Protection Officers for the implementation of data protection processes and controls, and during any data privacy issue, Contribute to More ❯

such as ISO27001, Cyber Essentials Plus, PCI/DSS Stay ahead of cyber threats, maintaining and improving security monitoring and risk management processes Support vulnerability management, penetration testing, and incident response Requirements for this role: 3+ years' experience in a senior cyber security role Strong knowledge of security frameworks (NIST, NCSC, CIS, MITRE ATT&CK) Hands-on experience More ❯

implement remediation plans, drive remediation efforts and identify improvements in the vulnerability management program. Monitor and track the status of identified vulnerabilities and ensure timely resolution. Security Monitoring and Incident Response Leverage Microsoft Defender EDR/XDR and other security tools to monitor, analyse, and respond to security threats. Investigate suspicious activity and determine if incidents have occurred. … Contain and mitigate security incidents to prevent further impact. Develop, implement, and optimise security automation processes to improve detection, response, and mitigation efforts Security Compliance & Governance Ensure security configurations align with compliance frameworks such as ISO 27001, Cyber Essentials Plus, and regulatory requirements Skills and experience Essential 3yrs+ with current IT Security Analyst experience. Proven experience with M365 security More ❯

understanding of network security components, log management, multitier application architecture, and scripting knowledge. Should have 3-5 years of cybersecurity experience in areas focused on controls like security logging, incident response, forensic analysis, and audit remediation. Strong analytical abilities to interpret security reports and identify vulnerabilities are essential, along with excellent communication, teamwork, multitasking, and attention to detail. More ❯

NCSC) Develop and deliver a Security Assurance Testing program, including internal and external audit, penetration testing and associated activities. Represent the university in regulatory or assurance activities and lead response to security audits and assessments. Own the university's information security policy framework, ensuring policies are effective, enforceable, and reflective of regulatory and operational needs. Provide strategic input into … the security incident response capability, ensuring robust governance, timely escalation, and cross-functional collaboration with CSIRT and key stakeholders. Collaborate on the development and continual improvement of enterprise-wide remediation strategies and readiness planning. Provide strategic insight for information security risk management, ensuring effective collaboration to maintain an accurate, prioritised, and actionable university-wide risk register. Set the More ❯

strategy across the business, aligned to wider Group objectives Lead and manage the internal team, and manage relationships with 3rd party vendors including the SOC providers Build and embed incident response plans, playbooks, and operational standards for the function Drive maturity across SIEM, SOAR and security tooling, ensuring alignment with the latest threat landscape Provide cyber security leadership … across new and existing technology programmes Lead response to major incidents, and provide guidance to executive leadership Define KPIs, SLAs and manage the security operations budget Stay current on global cyber threats, compliance requirements (including PCI-DSS), and evolving tech trends Key Responsibilities of the Senior Security Operations Manager: Extensive experience in cyber security leadership roles (10–15 years More ❯

strategy across the business, aligned to wider Group objectives Lead and manage the internal team, and manage relationships with 3rd party vendors including the SOC providers Build and embed incident response plans, playbooks, and operational standards for the function Drive maturity across SIEM, SOAR and security tooling, ensuring alignment with the latest threat landscape Provide cyber security leadership … across new and existing technology programmes Lead response to major incidents, and provide guidance to executive leadership Define KPIs, SLAs and manage the security operations budget Stay current on global cyber threats, compliance requirements (including PCI-DSS), and evolving tech trends Key Responsibilities of the Senior Security Operations Manager: Extensive experience in cyber security leadership roles (10–15 years More ❯

staff or contractors on-site, including a dedicated Factory Systems Support team (CIM), Operational Technology Engineers, Data Engineers, and Web Developer Monitoring and reporting on system performance, availability, and incident response metrics Providing leadership in incident management and root cause analysis for system-related issues, while also ensuring effective change control procedures for all changes introduced to More ❯

What you'll be doing Drive improvements to cyber security posture across internal and customer-facing platforms Design and secure cloud-based infrastructure and customer applications Perform threat detection, incident response , and vulnerability remediation Maintain security architecture documentation and collaborate with third-party vendors Conduct threat intelligence research and recommend ongoing improvements What you'll need Strong technical More ❯