1 to 25 of 115 Incident Response Jobs in the South East

Incident Response (CSIRT)/SOC Level 3 Analyst Location: Crawley (Hybrid) Department: Information Systems Type: Contract | Full-time Outside IR35 About the Role My client is seeking an experienced Incident Response (CSIRT)/Security Operations Centre (SOC) Level 3 Analyst to join their Information Systems directorate, based in Crawley. In this critical role, you'll respond … s network systems, operational technology, and customer data from emerging and sophisticated cyber risks. Key Responsibilities As a senior member of the Security Operations team, you will: Lead the response to escalated and high-severity cyber incidents, ensuring rapid containment and recovery. Conduct advanced threat hunting across IT and OT environments to identify and eliminate hidden threats. Develop and … enhance SOC policies, playbooks, and incident response processes to align with industry best practices. Collaborate with the Managed Security Service Provider (MSSP) and internal teams to ensure complete log source integration and effective alert correlation across cloud and on-prem environments. Support and develop the organisation's SOAR platform, creating automated workflows and improving response efficiency. Perform More ❯

Investigator - Cyber Incident Response Location Flexible (UK) Please Note: Due to the nature of client work you will be undertaking, you will need to be willing to go through a Security Clearance process as part of this role, which requires 5+ years UK address history at the point of application. Accenture is a leading global professional services company … of our global team, you'll be working with cutting-edge technologies and will have the opportunity to develop a wide range of new skills. At Accenture, our global Incident Response team takes on some of the hardest and most meaningful challenges in cyber security. When major organisations are breached, when ransomware hits the headlines, when espionage or … problems under pressure, thrive on collaboration, and want to work with the best in the industry. Who We Are We’re a globally distributed team of nearly 200 dedicated incident responders, forensics specialists, and crisis managers spread across more than 25 countries. Every day, we work across time zones, cultures, and languages to protect clients that range from household More ❯

role, you will: Act as the primary escalation point for complex IT and cybersecurity incidents. Manage and secure core client infrastructure and cloud environments. Ensure centralised security, monitoring, and incident response platforms operate effectively. You will collaborate closely with our Service Desk, Projects and Account Management teams to maintain high standards of service, document solutions and mentor junior … and maintain security hardening across infrastructure, cloud services, endpoints, and networks, in alignment with best practices and frameworks such as ISO27001, NIST, and Cyber Essentials Plus. Lead and coordinate incident response efforts, including root cause analysis, threat containment and post-incident reporting for clients. Collaborate with the Project and Service Desk teams to embed security into deployments … upgrades, and automation workflows, ensuring systems remain secure by design. Maintain and improve Standard Operating Procedures (SOPs) for security operations, ensuring knowledge is shared across the team for rapid incident handling. Provide mentorship and cybersecurity guidance to junior engineers and Service Desk staff, fostering a culture of security awareness and proactive threat management. Perform ongoing threat intelligence monitoring and More ❯

the US, is undergoing a major transformation to build a Group Shared Services model. As part of this evolution, they’re seeking a proactive and technically skilled Security Operations & Incident Response Lead to elevate their security posture across diverse business models, including franchisee and third-party environments. Responsibilities: Lead Incident Response across the organization, coordinating investigations … to drive security improvements. Contribute to the development of security programs and frameworks. Provide technical leadership in Microsoft-centric environments (Defender, Sentinel, Azure 365). Requirements: Proven experience in incident response and vulnerability management. Strong proficiency in Microsoft Defender, Sentinel, Azure 365, Tenable, Nessus. Ability to analyze and remediate security threats across distributed environments. Excellent communication skills for More ❯

underwriters and capacity providers. We are seeking a conscientious and hardworking claims professional with experience in cyber and technology claims. This role will work with the CFC Claims and Incident Response team, along with a number of incident response vendors including forensic, legal, and PR ensure that CFC delivers a cost effective, but high quality response … being subject to all relevant legal and statutory (FCA and Lloyd's) requirements and obligations. About the Role: The Cyber Claims Adjuster will work closely with CFC's internal Incident Response Team to guide clients and triage incidents with the appropriate external response partners to deliver high quality response to cyber incidents. Proactively handle cyber and … within the scope of CFC's delegated authorities. Foster good relationships with policyholders, brokers, underwriters and capacity providers, and drive excellent customer service. Actively work with a panel of response vendors during claims incidents. Ensure that there is prompt and accurate reserving, identifying and pursuing relevant third party recoveries and seeking to reduce claims leakage. Working closely with underwriters More ❯

Cyber outsourcing and managed services to customers across enterprise, public sector and fast growing scale ups. Its Security Practice protects clients through a powerful mix of Managed Detection and Response (MDR), Threat Hunting, Vulnerability Management, Penetration Testing and Incident Response, supported by a world class Security Advisory function. As a Senior SOC Analyst, you will take a … role in identifying, investigating and responding to cyber threats across varied client environments. You will mentor junior analysts, lead complex incidents and help evolve the SOC’s detection and response capabilities. This is an opportunity to make a genuine impact, with the freedom to innovate and the support to grow into roles such as SOC Lead, Threat Hunter, Security … Engineer or Incident Responder. Why This Role Stands Out Join a $1B global IT and Cyber Defence provider that invests heavily in people and technology Work with cutting edge platforms such as Microsoft Sentinel, Defender, Elastic and Palo Alto Be part of a collaborative culture that values curiosity and continuous learning Clear progression into leadership or specialist technical roles More ❯

escalation role within a dedicated Security Operations Centre, working at the forefront of protecting high-value national assets. The successful candidate will act as a technical authority for advanced incident response, threat hunting, and security engineering, with a strong focus on the Microsoft security stack. Key Responsibilities Serve as the primary escalation point for complex incidents and lead … on incident response. Conduct in-depth threat hunting, forensic investigations, and root cause analysis. Develop, test, and optimise detection use cases, rules, and playbooks within Microsoft Sentinel and Defender. Provide mentorship and guidance to junior SOC analysts, enhancing team capability. Collaborate with IT and OT teams to address unique security requirements across CNI environments. Drive improvements in SOC operations … automation, and incident response processes. Monitor evolving threats and integrate threat intelligence into daily operations. Ensure adherence to industry standards and compliance frameworks (NIS2, CAF, ISO 27001). Skills & Experience Required Extensive background in SOC operations, incident response, and threat hunting. Expertise with the Microsoft security stack, including: Microsoft Sentinel (SIEM/SOAR) Microsoft Defender for More ❯

will be responsible for safeguarding the organisation's Operational Technology (OT) environments from cyber threats. This role involves implementing OT security measures, monitoring the OT network for threats, leading incident response efforts, validating security controls, and ensuring the resilience of OT systems. What you'll be doing: Implement and manage OT security controls, measures, and technologies to protect … critical assets and systems. Conduct risk assessments, vulnerability management, and security testing. Develop and implement incident response plans and ensure compliance with regulations. Conduct proactive threat hunting and reactive incident response. Provide regular reports on security status, including incidents, vulnerabilities, and overall health of OT systems. Collaborate with cross-functional teams, including network engineers, system administrators, and … external cybersecurity teams. What you'll need: At least 3 years of experience in OT security engineering, incident response, or a related field. Ability to manage multiple assessments and projects simultaneously. Strong understanding of industrial control systems (ICS) and SCADA systems. Strong problem-solving skills and attention to detail. Proven experience with OT and IT security technologies, including More ❯

the US, is undergoing a major transformation to build a Group Shared Services model. As part of this evolution, they’re seeking a proactive and technically skilled Security Operations & Incident Response Lead to elevate their security posture across diverse business models, including franchisee and third-party environments. Responsibilities: Lead Incident Response across the organization, coordinating investigations … to drive security improvements. Contribute to the development of security programs and frameworks. Provide technical leadership in Microsoft-centric environments (Defender, Sentinel, Azure 365). Requirements: Proven experience in incident response and vulnerability management. Strong proficiency in Microsoft Defender, Sentinel, Azure 365, Tenable, Nessus. Ability to analyze and remediate security threats across distributed environments. Excellent communication skills for More ❯

role, requiring collaboration across IT, legal, procurement, and operational teams. You will act as the primary point of contact for all matters related to information assurance, supplier security assurance, incident response, and regulatory compliance. Scope IT Security Operations Collaborate closely with IT SecOps team members to ensure security controls remain effective. Where gaps are identified, implement appropriate mitigation … measures and lead the response to security incidents in a timely and coordinated manner. Compliance & Security Coordinate ISO 27001 certification audits and maintain ongoing compliance on behalf of the IT & Digital function. Actively support and contribute to health and safety, environmental sustainability, business continuity, and information security initiatives, ensuring we meet our obligations to customers and regulatory standards Delivery … and supports business objectives. Risk Management: Identify, evaluate, and mitigate information security risks across systems, suppliers, and processes. Maintain visibility over key cyber risks and report to senior leadership. Incident Response: Lead the response to security incidents, including forensic analysis, reporting, and remediation. Coordinate with law enforcement and external partners where necessary. Supplier Assurance: Conduct security reviews More ❯

hybrid, and on-premises environments, identifying vulnerabilities and improvement areas. Provide guidance on compliance and frameworks such as ISO 27001, Cyber Assessment Framework (CAF), and Cyber Essentials. Contribute to incident readiness and response as part of the Cyber Security Incident Response Team (CSIRT). Actively contribute to the internal growth and knowledge-sharing within the wider … management, and compliance. Excellent communication and stakeholder engagement skills, with the ability to influence at board level. Hands-on experience with cloud and hybrid architectures, audits, and security assessments. Incident response and crisis management experience is a plus. Holding CISSP/CISM ISO27001 Lead implementer If you’re looking for a role where you can combine strategic influence More ❯

date with the latest cybersecurity threats, trends, technologies, and best practices. Provide expert advice and guidance on information security matters to various stakeholders across the organization. 2. Security Operations & Incident Response: Oversee the day-to-day operation of security systems and tools, including firewalls, intrusion detection/prevention systems (IDS/IPS), antivirus, anti-malware, SIEM (Security Information … and Event Management), vulnerability scanners, and data encryption solutions. Manage vulnerability management programs, including regular scanning, penetration testing, and remediation of identified weaknesses. Lead and manage security incident response, including detection, analysis, containment, eradication, recovery, and post-incident review. Develop and maintain robust disaster recovery and business continuity plans related to information security. Monitor security alerts, logs … principles, frameworks (e.g., ISO 27001, NIST, Cyber Essentials), and best practices. Hands-on experience with security technologies such as firewalls, SIEM, IDS/IPS, vulnerability scanners, endpoint detection and response (EDR), and identity management solutions. Experience with cloud security (e.g., Azure Security). Proven experience in managing security incidents and conducting incident response. Familiarity with data privacy regulations More ❯

variety of stakeholders to ensure, the Leidos CSOC, a Defensive Cyber Security capability, can support a customers Cyber Resilience, protecting them with a 24 x 7 Threat Detection and Response service, mitigating their risk of Cyber Attack. The successful candidate will be able to demonstrate experience from a CSOC background or be able to demonstrate sufficient transferable Cyber Security … reactive analysis, articulating emerging trends to leadership and staff. Use data collected from Cyber Defence tools firewalls, IDS, network traffic, UEBA (User Entity Behaviour Analysis), Security Orchestration and Automated Response (SOAR) etc. to analyse events that occur within the environments. Respond to and correlate alerts from various detective and preventative Cyber Security tools such as Security Information Event Monitoring … SIEM), End Point Protection (EPP), End Point Detection and Response (EDR), XDR (Extended DR), Web Application Firewall (WAF), and Firewalls. Proactively detect suspicious activity, vulnerabilities, and security misconfigurations before they can be exploited by adversaries impacting Confidentiality, Integrity and Availability which could lead to a Cyber Security Incident. Inspection and correlation of logs from multiple sources to identify repeating More ❯

secure network architecture and enforce segmentation and least-privilege access controls. Support secure cloud environments across Azure, AWS, or GCP (e.g., IAM, security groups, encryption, KMS). Threat Detection & Incident Response Monitor and analyze security alerts and network traffic for threats or suspicious activity. Lead or support incident response activities: investigation, containment, eradication, recovery, and reporting. More ❯

you will investigate and respond to cyber security incidents that could impact critical systems and services across the UK. You will play a key part in identifying threats, supporting incident response, and helping to continually improve the organisation’s cyber defence capabilities. The role also involves mentoring apprentice analysts and joining an out-of-hours on-call rota … user reports. Analyse systems, files, network traffic, and cloud environments to determine the extent of incidents. Support technical responses to incidents, including containment, eradication, and recovery. Contribute to post-incident reviews and develop lessons learned. Create and improve incident response playbooks and knowledge base articles. Work closely with wider Cyber Defence functions to strengthen security operations. Act … years’ experience investigating and responding to cyber incidents. Hands-on use of SIEM tools (Splunk preferred, Microsoft Sentinel or equivalent acceptable). Experience with EDR solutions to support incident investigation. Understanding of threat actor tools, techniques, and procedures (TTPs). Strong analytical and problem-solving skills. Excellent written and verbal communication skills. Desirable skills: Advanced Splunk experience or certification. More ❯

metadata. Conduct technical risk assessments and support audits across platforms. Ensure compliance with Salesforce security standards (e.g., permission sets, field-level security, data classification). Operations and Reliability Lead incident response and post-incident reviews to improve platform resilience. Define and manage service monitoring, alerting, and error budgets. Champion secure change management practices across all environments, including … system architecture. Document Salesforce deployment processes, Gearset pipelines, and rollback strategies. Metrics and Reporting Establish and report on operational and delivery metrics such as deployment frequency, system reliability, and incident response times. Leadership and Team Management Mentor DevOps Engineers and lead knowledge-sharing sessions. Promote a culture of continuous learning and technical excellence. Testing and Backup Implement automated More ❯

metadata. Conduct technical risk assessments and support audits across platforms. Ensure compliance with Salesforce security standards (e.g., permission sets, field-level security, data classification). Operations and Reliability Lead incident response and post-incident reviews to improve platform resilience. Define and manage service monitoring, alerting, and error budgets. Champion secure change management practices across all environments, including … system architecture. Document Salesforce deployment processes, Gearset pipelines, and rollback strategies. Metrics and Reporting Establish and report on operational and delivery metrics such as deployment frequency, system reliability, and incident response times. Leadership and Team Management Mentor DevOps Engineers and lead knowledge-sharing sessions. Promote a culture of continuous learning and technical excellence. Testing and Backup Implement automated More ❯

posture. This is a hands-on, operationally focused role that blends technical security responsibilities with governance, risk, and compliance (GRC) elements. As Cyber Security Analyst, you will: Lead cyber incident investigations with SOC and client teams Triage and analyse alerts across email, cloud, and hybrid systems Perform threat hunting and develop detection use cases Manage vulnerability assessments and remediation … efforts Maintain and optimise DLP tools and incident response Support forensic readiness and insider risk initiatives Develop and enforce security policies and awareness programs Lead incident response and produce investigation reports Utilise and enhance Microsoft Security Stack (Sentinel, Defender, Purview) Drive Zero Trust implementation Conduct security audits and generate KPI/compliance reports Mentor junior analysts More ❯

posture. This is a hands-on, operationally focused role that blends technical security responsibilities with governance, risk, and compliance (GRC) elements. As Cyber Security Analyst, you will: Lead cyber incident investigations with SOC and client teams Triage and analyse alerts across email, cloud, and hybrid systems Perform threat hunting and develop detection use cases Manage vulnerability assessments and remediation … efforts Maintain and optimise DLP tools and incident response Support forensic readiness and insider risk initiatives Develop and enforce security policies and awareness programs Lead incident response and produce investigation reports Utilise and enhance Microsoft Security Stack (Sentinel, Defender, Purview) Drive Zero Trust implementation Conduct security audits and generate KPI/compliance reports Mentor junior analysts More ❯

posture. This is a hands-on, operationally focused role that blends technical security responsibilities with governance, risk, and compliance (GRC) elements. As Cyber Security Analyst, you will: Lead cyber incident investigations with SOC and client teams Triage and analyse alerts across email, cloud, and hybrid systems Perform threat hunting and develop detection use cases Manage vulnerability assessments and remediation … efforts Maintain and optimise DLP tools and incident response Support forensic readiness and insider risk initiatives Develop and enforce security policies and awareness programs Lead incident response and produce investigation reports Utilise and enhance Microsoft Security Stack (Sentinel, Defender, Purview) Drive Zero Trust implementation Conduct security audits and generate KPI/compliance reports Mentor junior analysts More ❯

and Web Application) • Mobile phone/Application Penetration Testing (Android/iPhone/iPad) • Computer and Network Forensics (including e-Discovery) • Delivery of Enterprise Wide Security Programs • Operational Security (Incident Response) • Infrastructure Security and Risk assessments • Network Security (border control devices) • Social Engineering • Good client facing skills. • Drive and ambition to provide support the UK business development executives. … Advanced Certified Ethical Hacker • EnCE - EnCase Certified Examiner http://www.encase.com • CWSP - Certified Wireless Security Professional • PWB - Offensive Security : Penetration Testing with Back|Track • SANS GCIH - GIAC Certified Incident Handler • Major involvement in Network & Web Application vulnerability assessment and penetration tests utilising the OWASP and OSSTMM open standards and other standards. • Lead IT Security Assessment, Incident Response More ❯

deployment, configuration management, and consistent infrastructure provisioning. Security Configuration and Optimization Configure and optimize security measures, including IAM policies, security groups, network access controls, and encryption protocols. Monitoring and Incident Response Monitor AWS security alerts and incidents using AWS tools. Respond to and mitigate threats in real-time, conducting post-incident analysis and documentation. Risk and Compliance … CD pipelines and production environments. Partner with clients to understand their requirements and deliver customized cloud security solutions. Reporting and Documentation Create detailed reports on detected threats, incidents, and response activities. Maintain technical documentation, security best practices, and deployment guides. Mentorship and Knowledge Sharing Provide guidance and mentorship to team members on security best practices and implementation processes. Stay … Code (IaC) tools like AWS CloudFormation and Terraform In-depth knowledge of Identity and Access Management (IAM), VPC security, and encryption techniques Experience with network defense, vulnerability management, and incident response Familiarity with DevSecOps and integrating security within CI/CD pipelines Knowledge of threat detection, risk assessment, and security audit processes Excellent analytical, problem-solving, and communication More ❯

opportunity to grow and learn with the organisation. As part of our Blue Team, you’ll use the latest intelligence and tooling to analyse information systems to ensure effective incident detection and response. Job Description If you are looking to make your mark on a rapidly growing SecOps team with some very exciting clients, look no further. We are … with an inquisitive nature and a keen interest when it comes to technical cybersecurity topics such as threat hunting, attacker tactics and techniques, monitoring and alerting, threat intelligence, and incident readiness and response. Key responsibilities of the role are summarised below: · Security monitoring and incident response · Detection engineering - Develop, maintain, and enhance security detection content primarily for … to identify trends and spot unusual behaviours, indicative of malicious activity · Proactive threat hunting using available client data · Collection and/or interpretation of different sources of threat intelligence · Incident response · Automation of SecOps processes using scripting More ❯

high-level proactive and reactive threat hunting methods, classifying, analysing, prioritising and remediating security alerts/events. The focus is to provide effective, proactive and a highly technical analytical response to cyber security-related incidents to prevent QBE from becoming compromised by modern attack methods and techniques. Main responsibilities: Act as point of escalation and mentor to junior SOC … and resources to correlate suspicious events, providing context around the event, determine root cause and provide regular updates and recommend modifications to existing systems and procedures. Perform deep-dive incident analysis of various data sources by analysing and investigating security related logs against medium-term threats and IOCs Actively manage and apply the phases of Incident Response … of logs, i.e. network, active directory, database, DNS, firewall, proxies, host-based security, cloud and applications logs etc. Working experience in leading security incidents at all levels related to incident response Working experience in managing 2nd/3rd level security events Ability to manage strong relationships with global security operations colleagues and other departments, including network teams and More ❯

and best practice across all regions. Key Responsibilities Lead the design and implementation of secure authentication, authorisation, and data protection frameworks. Manage and enhance Data Loss Prevention (DLP) systems, incident response, and risk management processes. Oversee cloud security architecture across Azure, O365, and iManage Cloud environments. Collaborate with global IT, compliance, and risk teams to deliver a consistent … You Minimum 5 years’ experience in information security within a global enterprise environment . Strong knowledge of cloud and network security (Azure, O365). Experienced in DLP, SIEM, and incident response processes. Familiar with ISO 27001/27002 and governance frameworks. CISSP or CEH certification preferred. Excellent communication, stakeholder management, and documentation skills. Why Join? You’ll be More ❯