1 to 25 of 38 Incident Response Jobs in Scotland

high a level of security operations delivery function Oversee and enhance security monitoring systems to detect and analyse potential security incidents. Conduct real-time analysis of security events and incident and escalate as necessary Support other teams on investigations into incidents, determining the root cause and impact. Document findings and lessons learned to improve incident response procedures. … Ensure runbooks are followed and are fit for purpose Incident Response: Lead and coordinate incident response activities to effectively contain, eradicate, and recover from security incidents. Develop and maintain incident response plans, ensuring they align with industry best practices. Escalation management in the event of a security incident Follow major incident process … to other analysts. Working with the Technical Teams to ensure all new and changed services are monitored accordingly Documentation: Maintain accurate and up-to-date documentation of security procedures, incident response plans, and analysis reports. Create post-incident reports for management and stakeholders. Support the creation of monthly reporting packs as per contractual requirements. Create and document More ❯

that underpin secure business operations. They will play a key role in shaping and executing the IT security strategy, acting as a subject matter expert while supporting compliance, training, incident management, and continuous improvement efforts across the organisation. Key Responsibilities: Oversees the daily operations of the IT Security team, ensuring service levels and internal objectives are consistently met. Leads … security projects, aligning them with broader strategic objectives and deadlines. Contributes expert guidance into IT strategy and supports its implementation from a security standpoint. Owns the organisation's security incident response process, including investigation, reporting, and post-incident analysis. Assesses existing system security and proposes improvements to strengthen infrastructure resilience. Ensures the secure handling, processing, and transfer … AWS). Experience with security frameworks and regulatory compliance, including ISO 27001 and GDPR. Demonstrated ability to lead, coach, and develop high-performing technical teams. Track record of managing incident response and conducting technical investigations. Confident multitasker with strong project delivery and organisational skills. Experience in performing or participating in IT security audits. Excellent communication skills, both verbal More ❯

Defender for Cloud, Purview DLP, Azure Firewall, and related services. Integrate security into DevOps pipelines, CI/CD, infrastructure-as-code, and container work flows. Automate threat detection and response using Microsoft Sentinel SOAR, custom playbooks, and telemetry pipelines. Platform Security Oversight Own and optimise endpoint security through Intune, ensuring device compliance and integration with Zero Trust. Harden AKS … hybrid network models. Oversee DNS, web access, and remote gateway protection at the edge. Security Operations & Threat Defence Act as the technical escalation point for complex threat investigations and incident response. Lead red-teaming simulations, vulnerability assessments, and threat hunting activities. Support proactive telemetry monitoring and improvement of detection logic and alert fidelity. Leadership & Mentoring Provide engineering mentorship to More ❯

Resilience BCP/DR Advisor in developing and maintaining IT resilience and business continuity plans to ensure the organisation's ability to respond to and recover from IT disruptions. Incident Response and Management: Support DR-related incident response activities, including investigating IT security incidents, breaches, and disruptions. Issue Identification: Identify and document control deficiencies, compliance gaps More ❯

our purpose . So what's your next change? Airbus Defense and Space is looking for a passionate and talented Cyber Security Detection & Automation Engineer to join our international Incident Response Team (CSIRT), in Newport, Portsmouth or Stevenage. A mission critical part for us in order to secure our world-class business. This is a technical, hands-on … practices, TTPs (tactics, techniques, procedures), and threat actor profiles . Ensure timely and accurate dissemination of threat data to internal stakeholders across the organization, including CISO-level reports. * **Rapid Response Enablement - ** Design and maintain workflows for the rapid delivery of intelligence to incident response and risk teams, enabling faster decision-making and containment. Support post-incident More ❯

our purpose . So what's your next change? Airbus Defense and Space is looking for a passionate and talented Cyber Security Detection & Automation Engineer to join our international Incident Response Team (CSIRT), in Newport, Portsmouth or Stevenage. A mission critical part for us in order to secure our world-class business. This is a technical, hands-on … practices, TTPs (tactics, techniques, procedures), and threat actor profiles . Ensure timely and accurate dissemination of threat data to internal stakeholders across the organization, including CISO-level reports. * **Rapid Response Enablement - ** Design and maintain workflows for the rapid delivery of intelligence to incident response and risk teams, enabling faster decision-making and containment. Support post-incident More ❯

audits Develop and maintain security compliance documentation Coordinate and respond to penetration testing activities Implement security recommendations and remediation plans Ensure infrastructure meets corporate security standards Participate in security incident response planning Business Continuity: Lead disaster recovery planning for scientific computing infrastructure Coordinate and execute DR testing Maintain DR documentation and procedures Develop and maintain business continuity plans … Technical: Infrastructure architecture and design Performance optimization Problem-solving and troubleshooting Security best practices Technical documentation Business & Management: Contract negotiation and management Budget planning and control Risk management Audit response and compliance Strategic planning Vendor management Cost-benefit analysis Interpersonal: Strong communication skills Stakeholder management Team collaboration Conflict resolution Customer service orientation Ability to bridge technical and scientific domains More ❯

platforms that form part of UK national infrastructure. Role Overview This position will focus on monitoring, assessing, and strengthening OT cybersecurity posture. The successful candidate will contribute to detection, response, and prevention strategies across a diverse technology stack within a regulated environment. Key Responsibilities Monitor and manage OT security monitoring tools and technologies. Analyse threats, assess vulnerabilities, and prioritise … remediation efforts. Develop and execute incident response plans specific to OT systems. Identify and track vulnerabilities, working with internal teams for resolution. Support security assessments and coordinate OT-specific penetration testing. Assist in the development of OT-specific security policies and procedures. Ensure compliance with industry standards and regulatory frameworks, including IEC62443, NIS, CAF, OG86, and HSE. Apply … frameworks such as NIST, IEC62443, NIS Regulations, CAF, or SoGP. Understanding of threat intelligence, attack surfaces, and cyber kill chains relevant to OT. Proven experience in vulnerability management and incident response in OT contexts. Ability to manage stakeholder relationships and communicate technical risks effectively. A proactive approach to problem-solving and strong attention to detail. More ❯

you will: Act as a bridge between the Customer and the Operational Delivery Teams Act as a primary escalation point of contact to the customer Coordinate the Security Operations, Incident Response Teams and other technical resources needed to troubleshoot major incidents to determine the affected/vulnerable systems, affected/vulnerable users Identify any business areas impacted and … coordinate communications with all relevant stakeholders as per Major Incident Management process. Coordinate the remediation and containment activities as advised by either the NTT DATA SOC or Incident Response Team. Oversee, support, and manage through to completion the investigative and remediation activities in conjunction with relevant support teams. Coordinate post incident investigation with relevant teams or … of the following fields of expertise: At least 10 years of experience in providing technical support and advice for a Security Operations Centre Demonstrate in-depth knowledge of Security incident Management and Security Operations. Excellent communication and client relationship skills to interface with clients, stakeholders, and senior leadership. At least 5 years' experience in providing Vulnerability Management Services Demonstrable More ❯

initial work conducted by Tier 1 Analysts and providing more in-depth analysis of potential threats to the organization. This role is crucial in the escalated investigation, triage, and response to cyber incidents while supporting the development and training of Tier 1 Analysts. As a Tier 2 Analyst you will works closely with senior and Junior Analysts to ensure … a seamless SOC operation and act as a bridge between foundational and advanced threat detection and response functions. Responsibilities: * Conducting escalated triage and analysis on security events identified by Tier 1 Analysts, determining threat severity and advising on initial response actions. * Applying expertise in SIEM solutions utilizing Kusto Query Language (KQL), to perform log analysis, event correlation, and … thorough documentation of security incidents. * Identifying and escalating critical threats to Tier 3 Analysts with detailed analysis for further action, ensuring rapid response and adherence to service Tier objectives (SLOs). * Investigating potential security incidents by conducting deeper analysis on correlated events and identifying patterns or anomalies that may indicate suspicious or malicious activity. * Using OSINT (Open-Source Intelligence More ❯

initial work conducted by Tier 1 Analysts and providing more in-depth analysis of potential threats to the organization. This role is crucial in the escalated investigation, triage, and response to cyber incidents while supporting the development and training of Tier 1 Analysts. As a Tier 2 Analyst you will works closely with senior and junior analysts to ensure … a seamless SOC operation and act as a bridge between foundational and advanced threat detection and response functions. Responsibilities: * Conducting escalated triage and analysis on security events identified by Tier 1 Analysts, determining threat severity and advising on initial response actions. * Applying expertise in SIEM solutions utilizing Kusto Query Language (KQL), to perform log analysis, event correlation, and … thorough documentation of security incidents. * Identifying and escalating critical threats to Tier 3 Analysts with detailed analysis for further action, ensuring rapid response and adherence to service Tier objectives (SLOs). * Investigating potential security incidents by conducting deeper analysis on correlated events and identifying patterns or anomalies that may indicate suspicious or malicious activity. * Using OSINT (Open-Source Intelligence More ❯

ensuring compliance with industry standards. You will lead a team of security professionals, providing guidance and mentorship to drive operational excellence. Your role will involve overseeing security infrastructure, managing incident response, and working closely with vendors and internal teams to enhance the organisation's security posture. Additionally, you will champion security awareness initiatives, support audit and compliance efforts More ❯

with troubleshooting efforts. Prepare and maintain standard operating procedures and protocols. Collaborate closely with the Cyber Defence team to uphold enterprise defence practices, guidelines, and procedures. Provide support for incident response efforts as needed. Assist with operational and management reporting produced by the team. Skills/Qualifications A highly self-motivated individual with positive mindset & can-do attitude More ❯

incidents. Key responsibilities include: SIEM Solution Management: Oversee the full lifecycle from deployment to continuous improvement. Use Case Development: Design and implement use cases to support security monitoring and incident response. Threat Intelligence Integration: Integrate external CTI into the SIEM platform to enhance proactive threat detection. To be considered for this role, you should have a background as a More ❯

seeking individuals eager to drive SRE maturity through the research and development of internal tooling, operational enhancements, and deployment pipelines. Ivanti SRE takes a holistic view of operational procedures, incident response procedures, application and infrastructure monitoring, and process automation. Ivanti SRE is a blend of infrastructure, networking, automation, development, and application administration. This is a hands-on technical … position. The ideal candidate will have a software engineering background and strong experience with continuous deployment, SaaS delivery, and production incident response. This role requires that applicants reside in Scotland and be authorized to work in the United Kingdom. About The Team Ivanti Engineering is a driving force behind transforming market challenges into innovative ideas and successful solutions that … environments in AWS and Azure Working with geographically dispersed, cross-departmental teams to solve difficult problems Participate in on-call rotations for 24x7 coverage (follow-the-sun model) for incident response, issue triage, and problem resolution To Be Successful in The Role, You Will Have A BSc in Computer Science, a related field, or equivalent practical experience 3+ More ❯

SANS CSC, etc. • Understanding of Infrastructure, Networking and Cloud environments Knowledge in Identity & Access Management Knowledge in Backup & Recovery technologies and installation Previous experience working with or within an Incident Response team is advantageous You will be required to pass the Non-Police Personnel Vetting (NPPV) Security Clearance as set by Warwickshire Police At Sword we are growing More ❯

in a large, complex research organisation, including provisioning and managing compute and research storage services. E2 Experience of maintaining IT security and resilience, including risk assessment, vulnerability management, major incident response, and backup/recovery strategies and disaster recovery. E3 Experience of working collaboratively with senior technical and non-technical colleagues with the ability to influence and negotiate More ❯

SANS CSC, etc Understanding of Infrastructure, Networking and Cloud environments Knowledge in Identity & Access Management Knowledge in Backup & Recovery technologies and installation Previous experience working with or within an Incident Response team is advantageous Benefits These ongoing contract engagements will attract a day rate commensurate with the depth of skills and experience required. You'll join a team More ❯

explain technical issues and proposed solutions You're comfortable operating across teams - from compliance and operations to product and engineering You're happy balancing day-to-day delivery with incident response and longer-term remediation You take ownership and follow through - delivering solutions that work for customers and for the business This role isn't for you if More ❯

Senior Research Scientist, AWS Incident Tooling & Response Job ID: Amazon Development Centre Ireland Limited AWS Resilience owns service to prevent and response to availability and security issues for all AWS Services. In other words, we're the people who keep the cloud running. We work on the most challenging problems, with constant new services and possible failure … deliver the highest standards for safety and security and availability. You'll experience an inclusive culture that welcomes bold ideas and empowers you to own them to completion. AWS Incident Response is at the heart of the high availability of Amazon Web Services. We make customer impacting events shorter and less frequent by driving large scale event and … incident response. Our automated tooling quickly identifies the cause of an issue and helps mitigate its impact, and much of our engineer time is spent on projects to improve the tooling and automation. We also provide manual incident management for AWS and other Amazon groups, directing the resolution of an issue with service teams, and diving deep into More ❯

days in the office, 2 days from home The Role: Support the delivery of robust information security and privacy practices across global operations. Conduct security risk assessments, support incident response, and contribute to audits and compliance initiatives. Maintain and enhance the firm's ISMS and Business Continuity frameworks. Complete client cyber due diligence and collaborate closely with internal More ❯

do: Define and lead the implementation of enterprise-wide data privacy strategy • Build and maintain privacy governance frameworks that meet UK and global regulatory standards • Oversee privacy risk assessments, incident response plans, and breach investigations • Partner with leadership across business units to drive cultural and operational change • Deliver privacy training and awareness programmes across functions • Strengthen the privacy More ❯

data engineering activities, collaborating with other engineering squads to ensure data is accessible, well-governed, and usable across the organisation. Oversee the team's contribution to production readiness, monitoring, incident response, and resolution for data services. Track and report on delivery metrics, using data to drive continuous improvement in team performance and technical execution. This role's for More ❯

in all engineering activities, collaborating across squads to ensure tax wrapper services work seamlessly within the broader platform ecosystem. Oversee the team's contribution to production readiness , including monitoring, incident response, and resolution for our services. Track and report on delivery metrics , using data to drive continuous improvement in team performance, operational reliability, and time-to-market. This More ❯

and driving adoption of SRE methodologies within various GTIS teams. This is a hands-on engineering role where you will design, build, and optimise automation frameworks, observability tools, and incident response mechanisms. This role also involves collaborating across GTIS and CTO, engaging with storage, data, and other product teams. You will act as a trusted advisor, providing strategic … you should have: Proficiency in Programming and Scripting - This includes expertise in languages such as Python, Powershell, or Go, which are essential for automating routine tasks and system deployments. Incident Management and Troubleshooting - The ability to manage incidents effectively, troubleshoot issues swiftly, and perform root cause analysis to prevent future incidents. Systems Engineering and Automation - A deep understanding of … The successful candidate can either be based in Knutsford (Radbroke Hall) or Glasgow Campus . Purpose of the role To apply software engineering techniques, automation, and best practices in incident response, to ensure the reliability, availability, and scalability of the systems, platforms, and technology through them. Accountabilities Availability, performance, and scalability of systems and services through proactive monitoring More ❯