1 to 25 of 56 Incident Response Jobs in the Thames Valley

to lead and produce deliverables based on reactive services client engagements. The Principal Consultant will work directly with multiple customers and key stakeholders (Admins, C-Suite, etc) to manage incident response engagements and provide guidance on longer term remediation. Your Impact Weekend Work Schedule is Friday-Monday (10 hr work day/40 hr work week) Perform reactive … incident response functions including but not limited to - host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs) Examine firewall, web, database, and other log sources to identify evidence of malicious activity Investigate data breaches leveraging forensics tools including Encase, FTK, X-Ways, SIFT, Splunk, and custom Crypsis investigation … tools to determine source of compromises and malicious activity that occurred in client environments Manage incident response engagements to scope work, guide clients through forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations Ability to perform travel requirements as needed to meet business demands (on average 20%) Mentorship of team members in incident More ❯

engagements. The Principal Consultant will work directly with multiple customers and key stakeholders (security teams, system and network administrators and owners, C-Suite, etc.) to manage and deliver proactive incident preparedness engagements, as well as wider proactive assessments and services. Your Impact Lead proactive incident preparedness projects, including but not limited to TableTop Exercises (TTX), Incident Response Plans and Response Maturity Assessments Review Crisis Management, Incident Response, Business Continuity and Disaster Recovery Plans, and other relevant documents that support holistic business resilience Plan and deliver a range of TTXs, including writing post exercise reports that provide detailed analysis and recommendations on areas for improvement Manage and contribute incident preparedness and other cyber … security engagements from initial scoping through to delivery Ability to perform travel requirements as needed to meet business demands (on average 20%) Qualifications Your Experience 8+ years of incident preparedness and/or incident response related consulting experience with a passion for cyber security Experience with leading and delivering complicated engagements including scoping, interfacing with the client More ❯

Senior Consultant Digital Forensics & Incident Response Certain Advantage is hiring for a Senior Consultant, Digital Forensics & Incident Response based in Reading. This role is on an initial 12-month contract basis and is hybrid. The Company Were working with a global technology leader delivering advanced network, security, and digital solutions that help businesses stay connected, resilient … and secure. The Role This role is for a hands-on Senior Digital Forensic & Incident Response Consultantsomeone ambitious, client-facing, and ready to make an impact. Youll be results-oriented and driven to succeed, responsible for: Leading complex forensic investigations into advanced cyber incidents. Acting as the technical SME across at least two forensic domains (e.g. host, network … cloud, memory, or mobile). Delivering incident response assessments and developing IR plans for clients. Designing and facilitating breach simulation and tabletop exercises for senior leadership. Serving as an incident commander during major cyber crises. Producing forensic reports and actionable recommendations to strengthen client security posture. The Individual Were looking for people who can show: Strong experience More ❯

We are representing a consultancy that are a leader in the Cyber Security and Incident response space. If you have experience leading the legal aspects of Data Breach case this could be the role for you. This role is open to any of the multiple offices my client has across the UK. The client is looking for a … Principal Associate to support and shape the delivery of expert incident response, digital risk, and cyber advisory services for a broad portfolio of global clients, from tech innovators and major insurers to public sector bodies and emergency services. This award-winning cyber group is uniquely positioned at the intersection of law, digital forensics, and strategic response. With capabilities … that span incident response, regulatory strategy, privacy law, threat intelligence, security controls, and tech litigation, they’re rewriting how legal support is delivered in high-pressure digital environments. What You’ll Be Doing You’ll play a critical role across matters ranging from real-time cyber incidents to regulatory investigations, and ongoing advisory support. Key responsibilities include: Leading More ❯

they work to address the challenges associated with today’s cyber threat landscape. Your Impact SOC Advisory 4+ years of consulting experience in SOC, security engineering, SIEM administration, and incident management and demonstrated success with serving large, multinational organisations in designing and implementing an organisation’s security operations program, organisational structures, and capabilities Possess a deep technical knowledge in … Security Incident and Event Management (SIEM) platforms, Security Orchestration and Response (SOAR) technologies, Endpoint Protection and Response/Next Gen Protection and Response (EDR/XDR) tools, Next GenFirewalls, Threat Intelligence and Hunting platforms Defensive Security Skills (desired) Experience in security operations design, engineering and/or analysis and investigations, ideally in complex environments, with security … Information The Team Unit 42 Consulting is Palo Alto Network's security advisory team. Our vision is to create a more secure digital world by providing the highest quality incident response, cyber risk management, and digital forensic services to clients of all sizes. Our team is composed of recognized experts and incident responders with deep technical expertise More ❯

NIST. Risk Management: Lead risk assessments, threat modelling, and vendor security reviews; maintain the company risk register. Monitoring & Detection: Implement and oversee vulnerability management, SIEM, logging, and alerting capabilities. Incident Response: Build and test incident response processes, including forensic readiness and regular tabletop exercises. Compliance: Drive readiness for external certifications (ISO 27001, SOC2) and ensure ongoing … regulatory compliance (GDPR, export control, etc.). Collaboration: Partner with IT Ops Lead to embed controls into infra, IAM, and developer platforms; work with ITSM Lead to ensure security incident handling and knowledge base integration. Awareness & Culture: Develop training, awareness, and a culture of security-first thinking across Humanoid. We’re Looking For Proven experience in cyber security leadership … frameworks (ISO 27001, SOC2, NIST) and ability to apply them pragmatically in a start-up/scale-up. Hands-on experience with vulnerability management, SIEM/logging tools, and incident response. Demonstrated ability to lead risk assessments and implement effective mitigations. Excellent stakeholder communication skills, including board-level reporting. Comfortable operating in a dynamic, high-growth environment with a More ❯

Information The Team Unit 42 Consulting is Palo Alto Network's security advisory team. Our vision is to create a more secure digital world by providing the highest quality incident response, risk management, and digital forensic services to clients of all sizes. Our team is composed of recognized experts and incident responders with deep technical expertise and … experience in investigations, data breach response, digital forensics, and information security. With a highly successful track record of delivering mission-critical cybersecurity solutions, we are experienced in working quickly to provide an effective incident response, attack readiness, and remediation plans with a focus on providing long-term support to improve our clients’ security posture. Our Commitment We More ❯

in security coverage. Apply GitOps and CI/CD principles to automate detection engineering workflows, boosting operational efficiency. Build and optimize security playbooks to streamline detection, threat hunting, and incident response activities. Develop, automate, and enhance our threat detection and response capabilities. Work closely with security analysts and other stakeholders to identify and address gaps in incident response capabilities. Keep up with current threat intelligence, emerging trends, TTPs, and vulnerabilities to adapt our detection strategies and effectively respond to evolving threats. About You Strong understanding of AWS cloud platforms with proficiency in a wide range of AWS services (e.g., EC2, S3, RDS, Lambda, IAM, VPC, CloudFormation). Experience in developing and maintaining detection rules to More ❯

posture. This is a hands-on, operationally focused role that blends technical security responsibilities with governance, risk, and compliance (GRC) elements. As Cyber Security Analyst, you will: Lead cyber incident investigations with SOC and client teams Triage and analyse alerts across email, cloud, and hybrid systems Perform threat hunting and develop detection use cases Manage vulnerability assessments and remediation … efforts Maintain and optimise DLP tools and incident response Support forensic readiness and insider risk initiatives Develop and enforce security policies and awareness programs Lead incident response and produce investigation reports Utilise and enhance Microsoft Security Stack (Sentinel, Defender, Purview) Drive Zero Trust implementation Conduct security audits and generate KPI/compliance reports Mentor junior analysts More ❯

posture. This is a hands-on, operationally focused role that blends technical security responsibilities with governance, risk, and compliance (GRC) elements. As Cyber Security Analyst, you will: Lead cyber incident investigations with SOC and client teams Triage and analyse alerts across email, cloud, and hybrid systems Perform threat hunting and develop detection use cases Manage vulnerability assessments and remediation … efforts Maintain and optimise DLP tools and incident response Support forensic readiness and insider risk initiatives Develop and enforce security policies and awareness programs Lead incident response and produce investigation reports Utilise and enhance Microsoft Security Stack (Sentinel, Defender, Purview) Drive Zero Trust implementation Conduct security audits and generate KPI/compliance reports Mentor junior analysts More ❯

is a hands-on role where youll play a key part in strengthening the organisations cyber defence posture by collecting, analysing, and disseminating actionable intelligence. Youll work closely with incident response, security operations, vulnerability management, and leadership teams to anticipate threats, mitigate risks, and improve resilience. Key Responsibilities: Collect and analyse intelligence to address high-priority security requirements. … Produce and share actionable threat intelligence with stakeholders across security operations, incident response, and fraud prevention. Conduct dark web investigations and OSINT gathering to support requests for intelligence. Proactively identify internal and external threats, including insider threats, and escalate as appropriate. Support the running of a threat intelligence platform to structure and standardise cyber threat data. Write and … edge global security team. Your Profile: Strong background in technical investigations, OSINT, and dark web intelligence. At least 2 years of security experience, ideally with exposure to threat intelligence, incident detection, or response. Solid understanding of the threat intelligence lifecycle and common cyber threat groups. Strong analytical skills with the ability to turn complex data into actionable insights. Self More ❯

and protecting critical systems for leading retailers worldwide. Responsibilities: Design, implement, and fine-tune advanced detection and monitoring strategies across GCP and containerised workloads. Lead proactive threat hunting and incident response activities, providing deep technical analysis and reporting. Build and optimise detection engineering processes using Detection-as-Code practices. Develop and integrate security automation and SOAR solutions to … streamline operations and reduce response times. Collaborate with cross-functional engineering teams to harden Kubernetes clusters and container technologies such as Docker. Leverage the MITRE ATT&CK framework to map, detect, and mitigate advanced threats. Qualifications & Experience: Security Monitoring & Detection (e.g., XDR tools like Carbon Black, Microsoft Defender XDR, CrowdStrike). Strong KQL capabilities for log analysis and detection … tuning. Cloud Security expertise across Microsoft Azure and Google Cloud Platform (GCP). Hands-on experience with Kubernetes and container technologies (e.g., Docker). Threat Hunting, Detection Engineering, and Incident Response experience. Knowledge of Security Automation (SOAR) and Hyper Automation practices. Familiarity with the MITRE ATT&CK framework. Experience with SIEM platforms (Microsoft Sentinel, Splunk, Google Chronicle, etc. More ❯

management, patch governance, endpoint security (EDR/XDR), and cloud (M365/Azure security). Analytical Skills - capable of interpreting scan results, posture metrics (e.g., Microsoft Secure Score), and incident trends into actionable insights. Delegation & Leadership - experienced in mentoring Analysts and delegating effectively while retaining accountability for outcomes. Collaboration - able to work cross-functionally with Service Delivery, Projects, Account … equivalent certifications. Experience delivering or auditing compliance frameworks. Familiarity with RMM/XDR/EDR, SIEM, and vulnerability scanning platforms. Experience leading small teams (mentoring, guiding). Exposure to incident response and tabletop exercises. What Success Looks Like: Success means the Security Lead is recognised by clients as a trusted advisor who simplifies security into business language. All More ❯

compliance, and security policies across cloud estates. Execute backup, disaster recovery, and business continuity procedures. Systems Management & Optimisation: Maintain and troubleshoot Azure and hybrid cloud environments. Perform proactive monitoring, incident response, and root cause analysis of mission-critical systems. Configure, optimise, and secure servers, virtual machines, networking, and storage solutions. Create and maintain scripts (e.g., PowerShell) to automate More ❯

compliance, and security policies across cloud estates. Execute backup, disaster recovery, and business continuity procedures. Systems Management & Optimisation: Maintain and troubleshoot Azure and hybrid cloud environments. Perform proactive monitoring, incident response, and root cause analysis of mission-critical systems. Configure, optimise, and secure servers, virtual machines, networking, and storage solutions. Create and maintain scripts (e.g., PowerShell) to automate More ❯

regulatory obligations. Leadership of a Multi-discipline Team – Manage and mentor a team of technical security engineers and operational-resilience specialists, fostering collaboration across technology, risk, and business functions. Incident & Crisis Management – Oversee incident response, run crisis simulations, and strengthen supplier-risk management so critical services remain available even during severe disruptions. Regulatory & Stakeholder Engagement – Engage directly More ❯

to-end support across Service Desk tiers (13). That means you will not only resolve high-level, complex technical issues but also contribute to front-line customer service, incident triage, and service request fulfilment when required. The hours of work for this role are Monday - Sunday - 4 on 4 off - 7pm - 7am. Key Responsibilities as a Cloud Operations … Engineer: Maintain and troubleshoot Azure and hybrid cloud environments. Perform proactive monitoring, incident response, and root cause analysis of mission-critical systems. Configure, optimise, and secure servers, virtual machines, networking, and storage solutions. Create and maintain scripts (e.g., PowerShell) to automate operational tasks. Contribute to design and implementation of new cloud and hybrid solutions. Service Desk Element: Tier … experience in a 3rd line technical infrastructure support role Outstanding problem-solving skills with a structured and analytical mindset Experience with ITIL-aligned Service Desk processes. Ability to perform incident triage and service request fulfilment. Strong knowledge of end-user support: Windows OS, O365, Teams, Exchange Online, SharePoint. What We Offer: 33 days holiday (inclusive of bank holidays), with More ❯

to-end support across Service Desk tiers (13). That means you will not only resolve high-level, complex technical issues but also contribute to front-line customer service, incident triage, and service request fulfilment when required. The hours of work for this role are Monday - Sunday - 4 on 4 off - 7pm - 7am. Key Responsibilities as a Cloud Operations … Engineer: Maintain and troubleshoot Azure and hybrid cloud environments. Perform proactive monitoring, incident response, and root cause analysis of mission-critical systems. Configure, optimise, and secure servers, virtual machines, networking, and storage solutions. Create and maintain scripts (e.g., PowerShell) to automate operational tasks. Contribute to design and implementation of new cloud and hybrid solutions. Service Desk Element: Tier … experience in a 3rd line technical infrastructure support role Outstanding problem-solving skills with a structured and analytical mindset Experience with ITIL-aligned Service Desk processes. Ability to perform incident triage and service request fulfilment. Strong knowledge of end-user support: Windows OS, O365, Teams, Exchange Online, SharePoint. What We Offer: 33 days holiday (inclusive of bank holidays), with More ❯

and resilience. Collaborating with security analysts, engineers, and stakeholders to ensure seamless integration of tools and workflows. Leading technical discussions and providing guidance on best practices for threat detection, incident response, and log management. Supporting pre-sales engagements with technical expertise and solution design input. Staying ahead of emerging threats and technologies to continuously improve SOC capabilities . … What You’ll Bring: Strong experience in designing and implementing SOC platforms (e.g., SIEM, SOAR, EDR). Deep understanding of security operations workflows, threat intelligence, and incident response. Hands-on experience with tools like Splunk, Sentinel, QRadar, or similar. Ability to engage with both technical and non-technical stakeholders. Familiarity with cloud environments (Azure, AWS, GCP) and hybrid architectures. More ❯

cyber security strategy across IT Security, Cyber Security, and Information Security. Oversee security controls, risk management, and compliance across cloud and on-prem environments. Manage threat detection, monitoring, and incident response using Microsoft Defender, Sentinel, and Entra ID. Lead identity & access management (IAM) and ensure secure authentication processes. Support M&A security assessments and integrations, ensuring due diligence. More ❯

Records of Processing Activities (ROPA) using the One Trust privacy tool Support the handling of Data Subject Access Requests (DSARs) and ensure timely responses Help track data breach and incident reports, supporting incident response processes as needed Coordinate with internal teams to collect privacy-related documentation and evidence (e.g. Standard Operating Procedures) Assist with annual policy and More ❯

Records of Processing Activities (ROPA) using the One Trust privacy tool Support the handling of Data Subject Access Requests (DSARs) and ensure timely responses Help track data breach and incident reports, supporting incident response processes as needed Coordinate with internal teams to collect privacy-related documentation and evidence (e.g. Standard Operating Procedures) Assist with annual policy and More ❯

strong focus on application security, web application firewalls, and secure DevOps pipelines. Provide security leadership and mentoring , supporting colleagues and enhancing security awareness across the business. Actively contribute to incident response, security training, supplier reviews, and client security assurance Stay ahead of evolving threats, and help shape our strategy using frameworks such as OWASP, SASE, and Zero Trust. More ❯

security posture and external security rating. Identify vulnerabilities in hardware and software to be remediated by Engineering\Operations teams. Understand current and emerging security threats. Assist and lead in Incident Response investigations and mitigation. Evaluate, test and recommend security enhancements. Support CE+ accreditation Identify security risks and exposures, determine the cause of security violations and suggest procedures to More ❯

for managing and supporting our enterprise messaging infrastructure built on Solace PubSub+, ensuring high availability, optimal performance, and reliability across production and non-production environments. This includes working on incident response, capacity planning, WAN optimization, and system observability using tools like Prometheus and Grafana . Key Responsibilities: Administer and maintain Solace PubSub+ appliances and software brokers across environments More ❯