1 to 25 of 286 Incident Response Jobs in the North of England

assessment of Clarks’ security posture Support business continuity and disaster recovery processes and assist in the development and implementation of activities to improve Clarks’ cyber resilience Support of security incident response activities, including providing expertise in triaging and resolving key issues, engaging with outsourced security operations and internal SecOps teams to ensure standards and policies are appropriately applied … and assisting in the creation and updating of relevant run books to help ensure effective incident management planning and execution Support for compliance and audit activities, working with internal and external stakeholders to understand requirements, identify remedial activity, and monitor progress Analysing emerging and developing threats and working with stakeholders to validate the potential impact on Clarks - and recommend … security controls and best practices across a number of the following areas/domains: Network and infrastructure (networking protocol knowledge is an advantage Endpoint (e.g. DLP, Endpoint Detection and Response, File Integrity, SIEM) Database technologies (SQL, Oracle) General cryptography practices (e.g. PKI) Cloud environments (Azure, AWS) Fundamental understanding of privacy and data protection laws and regulations and how they More ❯

is an expert cybersecurity agency based in York, UK. We help organisations navigate an increasingly complex digital landscape by providing expert services in penetration testing, vulnerability assessment, managed security, incident response, and compliance. Our mission is to protect businesses from cyber threats by delivering tailored security solutions that keep them resilient and secure. The Role We are seeking … a Security Analyst to join our team and play a key role in threat detection, incident response, and security monitoring. The ideal candidate will have a strong analytical mindset, an understanding of cyber threats and attack techniques, and the ability to implement effective security controls to mitigate risks. This role involves proactively monitoring security events, investigating potential breaches … to identify suspicious activity. Analyze and correlate security alerts to detect potential cyber threats and data breaches. Perform log analysis and anomaly detection to identify patterns indicative of compromise. Incident Response & Threat Investigation Investigate security incidents, phishing attempts, malware infections, and unauthorized access events. Develop and implement remediation strategies to mitigate security risks. Conduct digital forensics and root More ❯

for Office 365, Defender for Endpoint, Defender for Cloud Apps) for advanced threat protection. Strengthen cloud security posture by managing security configurations across Microsoft Azure environments. 3. Security Automation & Incident Response Automate security workflows with Power Automate, Power Apps, and Microsoft Defender XDR. Deploy Microsoft Sentinel (SIEM) for threat detection, log analysis, and incident response. Establish incident response playbooks and conduct forensic investigations when needed. 4. Compliance & Risk Management Ensure adherence to ISO 27001, NIST, GDPR, and CIS Benchmarks. Conduct risk assessments, vulnerability scans, and security audits. Define data protection, backup, and retention policies aligned with Microsoft 365 compliance tools. 5. Network Security & Infrastructure Protection (Plus Skills) Experience with Layer 7 firewalls (Cisco, Fortinet, Palo More ❯

on the effectiveness of existing cybersecurity tools and KPIs to both technical and non-technical audiences. Collaborate with infrastructure teams to ensure timely patching and mitigation of critical vulnerabilities. Incident Response Manage cybersecurity incidents from detection through to recovery, providing clear instructions to relevant teams and developing/enhancing incident response playbooks. Participate in resolving critical … technical issues to drive swift incident resolution. Training & Policy Development Provide training on cybersecurity standards and best practices to various business functions. Develop and update policies, standards, processes, procedures, and technical controls to enhance cybersecurity resilience. Develop and implement security awareness programmes, including regular phishing simulations, to promote best practices and reduce human-related security risks. Threat Intelligence Conduct More ❯

for review and authorisation. Implementation & Execution within mandate Monitor and analyse Cybersecurity operational services, including intrusion detection and prevention, situational awareness of: network intrusions. security events. data spillage; and. Incident response actions. Identify and resolve vulnerabilities in networks, servers, systems, and applications by performing vulnerability scans Investigate improper access to ensure proper access; revoking access; reporting violations; monitoring … the organisation, imparting knowledge to enable employees to become Technology Security champions Create a collaborative program to coordinate and drive operational activities related to Cyber Security, including event and incident investigation, process development and optimization, playbooks, and exercise development. Assists with managing vendor resource deliverables to ensure quality and consistency against SLA as per mandate To be the point … needs. Work across the organization to present contextual risk information to business colleagues, influencing strategic and operational decisions. Lead and collaborate on lessons learned and root cause activities, including incident response processes until closure with all relevant stakeholders. Drive compliance with Cyber security Training, in conjunction with Organisational Development, and awareness including alerting and escalations of non-compliant More ❯

and containerization security. Data Security: Skilled in implementing information protection tools, key and secrets management, data loss prevention, and protective marking and classification capabilities. Cyber Security Operations: Proficient in incident response, vulnerability management, SIEM, SOAR, threat modeling, threat hunting, intelligence, data analytics, and anti-phishing methodologies. Infrastructure and Endpoint Security: Experience with endpoint security control technologies (EDR, EPP More ❯

Architecture & Implementation Design and implement cloud security architectures across AWS, Azure, or Google Cloud. Develop and enforce cloud security controls , including IAM policies, encryption, and network security. Threat Monitoring & Incident Response Monitor cloud environments for security threats, vulnerabilities, and misconfigurations . Lead incident response efforts related to cloud security breaches and misconfigurations. Implement SIEM and security More ❯

cyber resilience. As a Senior Cyber Security Analyst, you will play a key role in protecting systems, networks, and data against cyber threats. You will lead threat detection and incident response efforts, support the development of security policies and controls, and work closely with stakeholders to ensure compliance and security best practice across the business. You will also … cyber security best practice is considered throughout the entire SDLC. Creates and maintains documentation around the use of cyber security technology in the organisation. Carries out threat detection and incident response. Carries out vulnerability management and remediation. Collaborates as needed with third-party security vendors for expert advice and issue resolution. Carries out threat intel research and recommends security … Detailed understanding of application security along with experience of working alongside software development teams, supporting and advising on best practice to maintain security. Significant experience of endpoint detection and response (EDR) technologies and network detection and response (NDR) technologies. Detailed knowledge of Information Security standards including Cyber Essentials, Cyber Essentials Plus and ISO27001. Good understanding of Linux and More ❯

Be aware of the latest threats in cybersecurity to guide and advise the organization regarding the protection of systems Monitor and translate threat intelligence feeds into actionable detection and response actions Monitor and analyze security logs for attacker tactics, techniques and procedures (TTPs), filtering through suspicious activities to determine their root cause and perform remediation activities as appropriate Creating … testing and validating Maples security capabilities to identify vulnerabilities/gaps and build appropriate detection and response countermeasures Serve as a technical resource for the security operations team during active response efforts Track, record, and monitor identified security issues through to completion Support IAM technology stack by performing various identity, access and data protection activities including monitoring and … field Security certifications: GCIA, GCFA, GCFE, CISSP (Associate), CEH, or comps. Experience in one or more areas: identity and access management, security operations, cyber threat hunting, Endpoint Detection and Response (EDR), detection signatures and analytics Experience with open standards such as SAML, OAuth or Open ID Experience with encryption, logging, log aggregation and analytics domains Practical experience with securing More ❯

of Advanced Persistent Threat groups and the ability to conduct in-depth research Able to independently verify the results of Threat Hunts, refining the queries where necessary Experienced in Incident Response and Management Responsible for the quality of all Threat Hunt Reports, ensuring that output is delivered it is at the highest possible standard Responsible for ensuring that … the maturity of the function within the client and identifying areas for improvement, productising those improvements and delivering them Be a point of contact for intrusion analysis, forensics and Incident Response queries. Able to provide root cause analysis of non-standard analytic findings and anomaly detections for which a playbook does not yet exist. Responsible for ensuring that … of new detection rules/analytics Requirements Technical 3+ years’ experience in Cyber Threat Intelligence, and conducting research and investigating cyber threats in a technical capacity Experience in technical incident response and management An expert understanding of current and emerging threats related to government and CNI Demonstrate a high-level knowledge of Windows operating systems and the Azure More ❯

our vulnerability management program, working closely with our operational support, infrastructure, and development teams. Plus, you'll be right in the thick of security event monitoring, threat intelligence, and incident management - keeping us one step ahead! What you'll be doing: Delivering SOC Capabilities: You'll be a key team member in delivering ongoing Security Operations Centre (SOC) capabilities … policy, standards, and guidelines. Threat Intelligence: You'll monitor and apply current and emerging threat intelligence, using tools like Google Threat Intelligence to proactively spot and tackle digital threats. Incident Response: You'll actively monitor for security incidents and jump into action with our incident response teams to contain, investigate, and prevent future security hiccups. Defining More ❯

our vulnerability management program, working closely with our operational support, infrastructure, and development teams. Plus, you'll be right in the thick of security event monitoring, threat intelligence, and incident management - keeping us one step ahead! What you'll be doing: Delivering SOC Capabilities: You'll be a key team member in delivering ongoing Security Operations Centre (SOC) capabilities … policy, standards, and guidelines. Threat Intelligence: You'll monitor and apply current and emerging threat intelligence, using tools like Google Threat Intelligence to proactively spot and tackle digital threats. Incident Response: You'll actively monitor for security incidents and jump into action with our incident response teams to contain, investigate, and prevent future security hiccups. Defining More ❯

systems in hybrid environments (on-premises and cloud). Staying updated on cybersecurity threats to advise on system protections. Monitoring threat intelligence feeds and translating them into detection and response actions. Analyzing security logs to identify attacker tactics, techniques, and procedures (TTPs), investigating suspicious activities, and performing remediation. Developing and validating security capabilities to identify vulnerabilities and improve detection … and response measures. Supporting active response efforts as a technical resource for the security team. Tracking and resolving security issues from identification to resolution. Supporting IAM technologies by monitoring and enhancing identity, access, and data protection activities. Managing user roles, permissions, and authentication mechanisms (e.g., PAM, SSO, MFA, OAuth). Designing and enforcing policies on least privilege access … lifecycle management, including provisioning, de-provisioning, and access modifications. Monitoring cloud security events, logs, and alerts to detect and respond to threats. Creating and maintaining automated security playbooks for incident response. Identifying and remediating vulnerabilities in cloud environments. Collaborating with cross-functional teams to ensure secure cloud architecture and practices. Implementing data security policies such as DLP, privileged access More ❯

of Advanced Persistent Threat groups and the ability to conduct in-depth research Able to independently verify the results of Threat Hunts, refining the queries where necessary Experienced in Incident Response and Management Responsible for the quality of all Threat Hunt Reports, ensuring that output is delivered it is at the highest possible standard Responsible for ensuring that … the maturity of the function within the client and identifying areas for improvement, productising those improvements and delivering them Be a point of contact for intrusion analysis, forensics and Incident Response queries. Able to provide root cause analysis of non-standard analytic findings and anomaly detections for which a playbook does not yet exist. Responsible for ensuring that … of new detection rules/analytics Requirements Technical 3+ years' experience in Cyber Threat Intelligence, and conducting research and investigating cyber threats in a technical capacity Experience in technical incident response and management An expert understanding of current and emerging threats related to government and CNI Excellent Open-Source research skills Demonstrate a high-level knowledge of Windows More ❯

Remediating confirmed incidents. Key Skills & Experience Required would be: Minimum 2 years experience within SOC Analyst/Cyber Security Analyst role. Threat hunting methods & vulnerability management experience. Cyber security incident management experience. Proven subject matter ability in relevant areas such as incident response, intrusion analysis, malware analysis, etc. Analytical approach to problem-solving. Excellent communication skills. Working More ❯

security toolset, including managing the relationship with the third-party provided SOC Provide security reviews of new technologies to support business strategy such as AI Provide a standard assurance response to customers regarding our security posture Support bid and tender responses by providing relevant information. Preferred skills, qualifications and experience Industry certifications such as CISSP, CCSP, CISM, or equivalent … Expert in information security Strong understanding of cloud security principles and best practices, particularly in AWS Experience in managing security incidents and leading incident response Excellent knowledge of security frameworks, standards, and regulations, including ISO 27001, SOC 2, HIPAA, GDPR, etc. Good communication and interpersonal skills, with the ability to effectively communicate security-related questions to technical and More ❯

security toolset, including managing the relationship with the third-party provided SOC Provide security reviews of new technologies to support business strategy such as AI Provide a standard assurance response to customers regarding our security posture Support bid and tender responses by providing relevant information. Preferred skills, qualifications and experience Industry certifications such as CISSP, CCSP, CISM, or equivalent … Expert in information security Strong understanding of cloud security principles and best practices, particularly in AWS Experience in managing security incidents and leading incident response Excellent knowledge of security frameworks, standards, and regulations, including ISO 27001, SOC 2, HIPAA, GDPR, etc. Good communication and interpersonal skills, with the ability to effectively communicate security-related questions to technical and More ❯

our award-winning Hakim Group culture. About the Role You will be responsible for configuring and managing our security systems, monitoring security events, analysing potential security incidents, and coordinating incident response activities to protect our organisation's assets. KEY RESPONSIBILITIES Act as a primary point of contact for security incidents and alerts detected by our security monitoring systems. … threats. Investigate security incidents, conduct forensic investigations, and implement remediation actions to contain and mitigate risks. Maintain and optimise security monitoring tools and technologies to ensure effective detection and response capabilities. Collaborate with IT and engineering teams to implement security best practices and ensure compliance with security policies and standards. Review existing systems to ensure configuration conforms to security … best practices. SKILLS, KNOWLEDGE & EXPERIENCE Proven experience in a SOC or security operations role, with hands-on experience in security monitoring, incident response, and threat detection. Strong understanding of network security principles, protocols, and technologies (firewalls, IDS/IPS, SIEM, etc.). Experience with security tools such as SIEM/SOAR platforms, endpoint detection and response (EDR More ❯

This role offers a chance to make a real impact by ensuring the integrity and resilience of the company’s IT environment against evolving cyber threats. Key Responsibilities: Support incident management and security response efforts, providing expertise to address and resolve security incidents quickly and effectively. Perform regular security checks, including daily, weekly, and monthly monitoring of systems … Act. Experience with Microsoft O365 Security solutions and network security operations. Understanding of security testing principles, including vulnerability scanning, risk identification, and mitigation. Knowledge of security auditing and security incident response processes. Experience with event and log analysis to monitor and assess security risks. Solid understanding of Disaster Recovery (DR) and Business Continuity principles. Excellent communication skills, with … impact in a global organisation, apply now. Keywords: Information Security Consultant, IT Security Consultant, Cybersecurity Specialist, Microsoft O365 Security, Enterprise Security Jobs, Information Security Leeds, IT Risk Management, Security Incident Response, Vulnerability Management, ISO 27001, GDPR Compliance, Security Awareness, Disaster Recovery and Business Continuity. More ❯

L3 Analyst with strong engineering knowledge and deep expertise in Microsoft Sentinel and the Microsoft Defender suite. The ideal candidate will take a lead role in advanced threat detection, incident response, detection engineering, and security monitoring, while also optimising license consumption and SIEM integration efforts. Key Responsibilities: Advanced Threat Detection & Incident Response - Investigate and analyze complex … security incidents escalated from L1/L2 SOC analysts. - Leverage Microsoft Sentinel (SIEM) and Microsoft Defender XDR to conduct in-depth incident response. - Correlate multi-source telemetry (network, endpoint, identity, cloud) to identify and contain threats. Threat Hunting & Detection Engineering - Perform proactive threat hunting using KQL within Microsoft Sentinel. - Develop and fine-tune custom analytics rules, workbooks, and hunting … an ongoing basis. - Analyse and average daily ingestion volumes, ensuring alignment with the procured license limits. - Recommend optimisation strategies to control costs without compromising visibility or detection capabilities. Automation & Response - Design and implement automated response workflows using Sentinel playbooks (Logic Apps). - Enhance response efficiency by developing SOAR integrations across security tooling. Documentation & Reporting - Produce comprehensive incident More ❯

into KQL queries and triaging results Knowledgeable about attacker TTPs and APT groups, with in-depth research skills Able to verify and refine Threat Hunt queries independently Experienced in Incident Response and Management Ensuring high-quality Threat Hunt Reports and effective documentation Providing analysis, context, and predictions in deliverables Assessing and improving the threat intelligence function within the … client Point of contact for intrusion analysis, forensics, and incident response queries Developing new analytics and playbooks for detection rules Requirements Technical 3+ years in Cyber Threat Intelligence, research, and investigation Experience in incident response and management Understanding of threats related to government and CNI Strong open-source research skills Knowledge of Windows OS, Azure, networking More ❯

and technologies (e.g., SIEM, IDS/IPS, EDR/XDR, Email protection, DLP, SOAR, Cloud Security etc.) Knowledge of Cyber Security domains (e.g., Identity and access Management, Network Security, Incident Response etc) Desirable skills Ideally you will come from an Infrastructure engineering background. Relevant industry qualifications and certifications (CompTIA Security+, CEH, GCIH, GCIA CISSP etc) Experience with Microsoft … frameworks (e.g., NIST, ISO27001, PCI-DSS etc) Knowledge of the following security products are ideal: ? SEIM (Rapid7 IDR, MS Sentinel, SPLUNK) ? SOAR (Rapid7 ICON, MS Sentinel) ? Endpoint Detection and Response (Microsoft Defender) ? Email Security (Proofpoint, Mimecast) ? Vulnerability Management (Rapid7 IVM, Nessus, Tenable) Proficiency with scripting and automation (e.g., Powershell, Python) Understanding of Zero-Trust Architecture within a hybrid cloud … environment. Working knowledge of cyber threat actors, TTPs (Tactics, Techniques, and Procedures), and IOCs (Indicators of Compromise). Knowledge of security auditing and security incident response processes. More ❯

KQL queries, executing them, and triaging results independently. Having knowledge of attacker TTPs and APT groups, conducting in-depth research. Verifying and refining Threat Hunt queries based on results. Incident Response and Management experience. Ensuring high-quality Threat Hunt Reports and effective documentation. Providing analysis, context, and predictions in deliverables. Assessing and improving the client's threat maturity … developing and delivering improvements. Serving as a point of contact for intrusion analysis, forensics, and incident response queries. Managing ADHOC and regular products during capacity constraints. Knowledge of Cyber Kill Chain, MITRE ATT&CK, and developing new analytics and playbooks. Requirements Technical: 3+ years in Cyber Threat Intelligence, research, and investigation. Experience in incident response and More ❯

security solutions that safeguard the organisational assets against cyber threats. In this role you will proactively identify vulnerabilities, mitigating risks, and enhancing the overall security posture through continuous monitoring, incident response, and adherence to industry best practices and regulatory requirements. Close collaboration with cross-functional teams is needed as well as staying abreast of emerging technologies, building a … s digital infrastructure. A Little About You... 3+ years experience in cyber security roles, with an understanding of networking protocols, security technologies, and risk management principles. Experience with security incident response, including handling and mitigating security incidents. Excellent analytical skills with the ability to assess complex security issues and develop practical solutions. Strong communication and interpersonal skills, with … to a robust security architecture, including firewalls, intrusion detection systems, and encryption mechanisms, to safeguard network infrastructure and data. Monitor security infrastructure for suspicious activities, investigate incidents, and implement incident response procedures to minimize impact and ensure timely resolution. Collaborate with cross-functional teams to integrate security controls into the development lifecycle of applications, systems, and networks. Stay More ❯

Encryption : Protect data at rest, in transit, and in use through encryption and tokenization. Network Security : Design secure network architectures, implement IDS/IPS, firewalls, and VPNs. Security Monitoring & Incident Response : Build monitoring solutions, develop incident response strategies. Compliance & Governance : Ensure adherence to regulations, conduct audits, and establish security frameworks. Secure DevOps & Automation : Incorporate security into … Skills : Strong knowledge of cybersecurity technologies and practices Expertise in security frameworks (CIS, ISF, Mitre, NIST, or equivalent) Deep understanding of CIS18 controls and security architecture concepts Experience with incident investigation and remediation Proficiency in cloud security (Azure, AWS, or Google Cloud) Excellent stakeholder management and communication skills Relevant cybersecurity certifications (CISSP, CISM, CEH, etc.) Requirements Bachelor's degree More ❯