1 to 25 of 40 Incident Response Jobs in the Thames Valley

We are seeking an experienced and highly capable SOC Tier 3 Analyst to serve as a senior member of our Security Operations Center (SOC). You will lead advanced incident response efforts, conduct proactive threat hunting, perform digital forensics, and collaborate cross-functionally to safeguard our digital assets and infrastructure. This is a pivotal role for those passionate … about cybersecurity, threat detection, and investigative analysis. Key Responsibilities 🔍 Advanced Incident Detection & Response Lead the investigation and resolution of complex cyber incidents, including APTs, malware outbreaks, and data breaches. Take charge of escalated alerts from Tier 1 and 2 analysts and guide them through advanced response protocols. Utilize SIEM, EDR, and threat intelligence platforms to perform deep … to uncover hidden anomalies or malicious behavior. Partner with security engineering teams to build detection capabilities based on evolving threats. 🔬 Digital Forensics & Investigation Conduct detailed forensic investigations to determine incident scope, root cause, and impact. Collect and preserve digital evidence in accordance with legal and regulatory standards. Deliver comprehensive findings, timelines, and impact reports. 🛠 Remediation & Recovery Advise on containment More ❯

and endpoint protection. Perform regular vulnerability assessments, penetration testing, and risk analysis. Collaborate with IT and development teams to ensure secure system architecture and application development. Maintain and enhance incident response procedures and disaster recovery plans. Investigate and document security breaches, providing root cause analysis and remediation plans. Conduct security awareness training for staff and ensure compliance with More ❯

security stacks. You will handle complex incidents like APTs, malware, and data breaches, ensuring swift, effective responses to minimize risk to the organization and its clients. Key Responsibilities: 1. Incident Detection and Response: o Utilize advanced SIEM (Security Information and Event Management) tools, threat intelligence platforms, and other security technologies to analyze and correlate security alerts. 2. Threat … the environment using behavioural analysis and threat intelligence data. o Analyse data from logs, network traffic, endpoint activities, and threat intelligence feeds to detect unusual or malicious activity. 3. Incident Forensics: o Perform in-depth forensic analysis to determine the scope, impact, and root cause of security incidents. o Collect, preserve, and analyze evidence related to breaches, intrusions, or … Collaborate with threat intelligence teams to identify indicators of compromise (IOCs) and ensure proper actions are taken to block further attacks. 5. Compliance and Risk Management: o Ensure all incident response activities align with industry standards, regulations, and best practices (e.g., NIST, ISO 27001, GDPR, HIPAA). o Work with legal and compliance teams to manage incidents within More ❯

security stacks. You will handle complex incidents like APTs, malware, and data breaches, ensuring swift, effective responses to minimize risk to the organization and its clients. Key Responsibilities: 1. Incident Detection and Response: o Utilize advanced SIEM (Security Information and Event Management) tools, threat intelligence platforms, and other security technologies to analyze and correlate security alerts. 2. Threat … the environment using behavioural analysis and threat intelligence data. o Analyse data from logs, network traffic, endpoint activities, and threat intelligence feeds to detect unusual or malicious activity. 3. Incident Forensics: o Perform in-depth forensic analysis to determine the scope, impact, and root cause of security incidents. o Collect, preserve, and analyze evidence related to breaches, intrusions, or … Collaborate with threat intelligence teams to identify indicators of compromise (IOCs) and ensure proper actions are taken to block further attacks. 5. Compliance and Risk Management: o Ensure all incident response activities align with industry standards, regulations, and best practices (e.g., NIST, ISO 27001, GDPR, HIPAA). o Work with legal and compliance teams to manage incidents within More ❯

The SecOps Manager is a key figure in the organisation's cyber defence efforts, tasked with identifying, detecting, and responding to information security threats, as well as managing the response to cybersecurity incidents. Working closely with colleagues across IT and the wider organisation, this role ensures the protection of digital and information assets against a range of internal and … that impact identity management across the organisation. The post holder also serves as a technical authority within the team and department. What you'll need to succeed Security Operations & Incident Response Lead security operations services, including monitoring, incident response, threat management, and intrusion detection, using both internal and external resources. Manage the outsourced 24/… security operations service. Lead the organisation's response to security incidents, coordinating recovery efforts with internal teams and vendors. Establish and manage threat intelligence processes to ensure timely remediation of vulnerabilities. Monitor and analyse performance metrics to support security troubleshooting and continuous improvement. Identity & Access Management Provide expert technical leadership for identity and access management, ensuring secure, high-performing More ❯

day-to-day security operations and services, both in-house and outsourced Lead a small team covering Microsoft 365, identity management, and security Oversee security tools, monitoring systems, and incident response Guide improvements to identity and access processes with a focus on automation Work with IT teams to ensure security is built into systems and projects Maintain a … high-quality technical services Other Commitment to ongoing training and development Willing to travel between sites if needed Desirable Criteria Experience managing Microsoft 365 services ITIL certification or similar Incident response training (e.g., CREST, GIAC) Knowledge of public cloud (Azure, Oracle Cloud) Experience in 24/7 operations Familiarity with AHV Hypervisor Experience working with teams beyond core More ❯

collaborative and innovative environment. Stakeholder Communication: Act as a key point of contact for security-related matters, effectively communicating complex technical concepts to both technical and non-technical stakeholders. Incident Response: Lead the response to security incidents, coordinating with relevant teams to contain and remediate issues quickly and effectively. Continuous Improvement: Drive continuous improvement initiatives to enhance More ❯

collaborative and innovative environment. Stakeholder Communication: Act as a key point of contact for security-related matters, effectively communicating complex technical concepts to both technical and non-technical stakeholders. Incident Response: Lead the response to security incidents, coordinating with relevant teams to contain and remediate issues quickly and effectively. Continuous Improvement: Drive continuous improvement initiatives to enhance More ❯

Designing and architecting secure IT environments: This may involve network security design, cloud security architecture (AWS, Azure, GCP), and implementing security technologies. Developing and assisting in the implementation of incident response plans: Creating documented procedures for handling security breaches and other incidents. Conducting tabletop exercises and simulations: Helping organizations practice their incident response procedures. Delivering technical More ❯

tickets in Primarks service desk system for the Primark environment Contribute to the execution of Security Operations Centre (SOC) capabilities, ensuring efficient and effective operation of detection, threat and incident response Participant in the triaging events from a wide range of sources, including reports from employees, security systems and threat intelligence data Perform analysis and response to … for this role in particular: 3+ years enterprise cybersecurity IT experience, ideally with Cloud technologies and On premise experience Experience in Cyber Security Operations with a track record in Incident Response and Investigations Solid foundation in modern operating systems and networking protocols Experience of working in multi-skilled teams Strong appreciation & adherence to processes, defined roles & responsibilities and More ❯

You’ll Be Doing: Lead the technical implementation of ISO27001 and Cyber Essentials+ (CE+) Manage and enhance the Security Operations Center (SOC), with one analyst reporting to you Oversee incident response, manage security incidents from detection to resolution Work closely with the compliance manager on vulnerability management Architect secure solutions, validate baseline configurations, and recommend improvements to stay More ❯

You’ll Be Doing: Lead the technical implementation of ISO27001 and Cyber Essentials+ (CE+) Manage and enhance the Security Operations Center (SOC) , with one analyst reporting to you Oversee incident response , manage security incidents from detection to resolution Work closely with the compliance manager on vulnerability management Architect secure solutions, validate baseline configurations, and recommend improvements to stay More ❯

threats. Lead, mentor and grow a high-performing team of security engineers. Provide leadership in the creation of security awareness programs. Be a key player in the organisation's incident response efforts. Personal Attributes & Experience Deep experience with endpoint monitoring, CSPM, network security, intrusion detection and management. Proven track record in managing continuous threat exposure management programs and More ❯

data extraction. Excellent written and verbal communication skills Strong customer advocacy skills and experience, ability to work in difficult customer situations Knowledge of Cloud infrastructure a plus Experience in incident response a plus Experience with scripting a plus Experience with MS Server solutions (SCCM, GPO, AD, MSSQL, IIS, Exchange) is a plus. Additional Information The Team Our technical More ❯

compile evidence, liaise with auditors, and address any gaps or risks. Collaborate with engineering teams to embed secure coding practices and tackle vulnerabilities. Manage security assessments, audit responses, and incident investigations. Run regular penetration testing, disaster recovery simulations, and security awareness training. Streamline access controls, onboarding/offboarding processes, and device compliance using SSO/SCIM and MDM platforms. … experience in enterprise IT or information security — ideally within SaaS, B2B, or fast-paced environments. Deep knowledge of compliance frameworks and IT governance. Understanding of third-party risk management, incident response, and security operations. Strong experience with MacOS administration tools (JAMF preferred). Familiarity with modern cloud environments, particularly Azure. Proficient in scripting languages such as Python or More ❯

complex network security incidents Enhancing risk and vulnerability management processes Collaborating with architecture and operations teams to embed security best practices Supporting forensic investigations and Tier 3/4 incident response What you'll bring to the role You'll be a seasoned network security professional with deep technical expertise and a proactive, solutions-driven mindset. You'll More ❯

remote Berkshire SC-200 Senior SOC Analyst Level 2/3 to join a specialist Managed Security Services business. You will be responsible for advanced threat hunting/triage, incident response etc with a strong focus on the Microsoft Security Stack. Key Responsibilities: Lead and resolve complex security incidents/escalations Conduct advanced threat hunting using the Microsoft … Security Stack. Build, optimise and maintain workbooks, rules, analytics etc. Correlate data across Microsoft 365 Defender, Azure Defender and Sentinel. Perform root cause analysis and post-incident reporting. Aid in mentoring and upskilling Level 1 and 2 SOC analysts. Required Skills & Experience: The ability to achieve UK Security Clearance (SC) - existing clearance ideal. (Sorry no visa applications) Must have More ❯

and procedures in alignment with industry best practices. Reviewed penetration test reports to ensure they are up to standard and meet test objectives. Mentor junior penetration testers. Assist in incident response activities, including investigation, containment, and remediation of security incidents. Conduct cloud security assessments. Essential Requirements Must be currently residing in mainland UK . Minimum 5 years of More ❯

SOC Analyst A Global Organisation requires a Contract L2 SOC Analyst to join their Incident Response team - Splunk, Defender Day Rate: £400 - £420pd IR35 Status: Inside Duration: 6 months initially Travel: 2 days a week in Berkshire This L2 SOC Analyst will have the previous following experience: Monitor and investigate security alerts using tools such as Splunk, Microsoft … Defender, and CrowdStrike, escalating incidents as needed and ensuring timely resolution. Leverage Microsoft Co-pilot and automation workflows to streamline threat detection, incident triage, and response processes. Conduct in-depth log analysis and correlation across multiple data sources to identify potential security threats and reduce false positives. Support threat hunting and root cause analysis efforts, providing detailed documentation More ❯

L3 SOC Analyst A Global Organisation requires a Contract L3 SOC Analyst to join their Incident Response team acting as an escalation point - Splunk & Defender Day Rate: £475 - £500pd IR35 Status: Inside Duration: 6 months initially Travel: 2 days a week in Berkshire This L3 SOC Analyst will have the previous following experience: Act as a lead investigator … for high-severity security incidents, coordinating response activities and containment strategies. Perform deep forensic analysis across endpoints, logs, and network traffic to uncover advanced threats. Develop and fine-tune detection rules and correlation logic in SIEM platforms (e.g., Splunk). Collaborate with engineering and threat intelligence teams to improve detection coverage and SOC workflows. Mentor and guide L1/… threat hunting campaigns using tools such as Defender, CrowdStrike, and custom scripts. Contribute to playbook development, automation improvements (including Microsoft Co-pilot integration), and process optimization. Produce executive-level incident reports, root cause analyses, and recommendations for remediation and hardening. More ❯

robust CI/CD infrastructure. This is a hands-on leadership role that balances strategic vision with technical execution. Key Responsibilities Oversee day-to-day cloud operations, including monitoring, incident response, troubleshooting and optimisation Lead & manage both short & long term project planning (Agile, Sprints, Iteration Planning) Develop and implement cloud governance, security and compliance policies & procedures Drive automation More ❯

adversarial testing, model bias assessments, and trustworthiness evaluations. Contribute to training and awareness initiatives on AI/ML security best practices. Act as a key stakeholder in AI-related incident response and mitigation. Your Profile Essential Experience & Skills Proven experience as a Security Architect with direct focus on AI/ML security. Strong knowledge of AI/ML More ❯

infrastructure-as-code projects using Terraform • Supporting Windows desktop and server environments in a highly available setting • Liaising with external vendors and service providers • Playing a key role in incident response, resolution, and documentation Desired Experience • 5+ years’ experience in IT support or infrastructure, preferably in finance or professional services • Expert-level knowledge of Microsoft 365 and related More ❯

all IT assets. Security & Compliance Implement and enforce IT security best practices in alignment with ISO 27001, ISO 22301, Cyber Essentials Plus, and internal policies. Assist in risk assessments, incident response, and vulnerability management. Maintain documentation to support audit readiness and operational transparency. Enforce access controls and data protection policies across systems. Project Delivery & Change Management Support the More ❯

all IT assets. Security & Compliance Implement and enforce IT security best practices in alignment with ISO 27001, ISO 22301, Cyber Essentials Plus, and internal policies. Assist in risk assessments, incident response, and vulnerability management. Maintain documentation to support audit readiness and operational transparency. Enforce access controls and data protection policies across systems. Project Delivery & Change Management Support the More ❯