1 to 25 of 782 Incident Response Jobs in the UK

a global basis, the resilience of operations has become a board level issue. You will provide our clients with a full spectrum of services, covering proactive and reactive Cyber Incident Response (CIR) Services. The proactive arm of our business covers a breadth of propositions, including playbook development, wargaming, readiness assessments, post-breach assessments, managed threat hunting as well … as implementing response automation technologies. Our specialists work with clients to uplift their maturity and fundamentally enhance their preparedness to respond, via targeted capability uplift, C-Suite awareness campaigns and training. Our technical response team support our clients in live incident responses by working to identify root causes and evict threats. Our professionals apply their experience and … award-winning vendor relationships, we can do whatever it takes - from improving the security of a single component to delivering a holistic security and privacy program. As a Cyber Incident Response Advisory and Incident Management Senior Manager or Associate Director, you will focus on developing our business across both proactive and reactive services, whilst leading our advisory More ❯

a global basis, the resilience of operations has become a board level issue. You will provide our clients with a full spectrum of services, covering proactive and reactive Cyber Incident Response (CIR) Services. The proactive arm of our business covers a breadth of propositions, including playbook development, wargaming, readiness assessments, post-breach assessments, managed threat hunting as well … as implementing response automation technologies. Our specialists work with clients to uplift their maturity and fundamentally enhance their preparedness to respond, via targeted capability uplift, C-Suite awareness campaigns and training. Our technical response team support our clients in live incident responses by working to identify root causes and evict threats. Our professionals apply their experience and … award-winning vendor relationships, we can do whatever it takes - from improving the security of a single component to delivering a holistic security and privacy program. As a Cyber Incident Response Advisory and Incident Management Senior Manager or Associate Director, you will focus on developing our business across both proactive and reactive services, whilst leading our advisory More ❯

a global basis, the resilience of operations has become a board level issue. You will provide our clients with a full spectrum of services, covering proactive and reactive Cyber Incident Response (CIR) Services. The proactive arm of our business covers a breadth of propositions, including playbook development, wargaming, readiness assessments, post-breach assessments, managed threat hunting as well … as implementing response automation technologies. Our specialists work with clients to uplift their maturity and fundamentally enhance their preparedness to respond, via targeted capability uplift, C-Suite awareness campaigns and training. Our technical response team support our clients in live incident responses by working to identify root causes and evict threats. Our professionals apply their experience and … award-winning vendor relationships, we can do whatever it takes - from improving the security of a single component to delivering a holistic security and privacy program. As a Cyber Incident Response Advisory and Incident Management Senior Manager or Associate Director, you will focus on developing our business across both proactive and reactive services, whilst leading our advisory More ❯

Principal Incident Response Consultant – MOD DV Location: UK wide – Remote Salary - £85,000 - £110,000 + excellent benefits Clearance - DV clearance required We're seeking a Principal Incident Response Consultant to join our client's elite cybersecurity and digital forensics team. This is a client-facing role where you'll lead DFIR (Digital Forensics & Incident Response) investigations, guide executives through cyber incidents, and help organisations strengthen their threat detection, response, and resilience. If you're an expert in incident response, threat hunting, and forensic analysis and thrive under pressure, this is your opportunity to work on some of the UK's most significant cyber cases. Key Responsibilities Incident Response … intelligence and MITRE ATT&CK to attribute attacks and inform proactive defences. Crisis Management: Lead coordination between internal stakeholders, third parties, and law enforcement. Cybersecurity Advisory: Help clients improve incident readiness, detection engineering, and response capabilities. Innovation: Contribute to new playbooks, tools, and methodologies to evolve our DFIR practice. Mentorship: Train and coach junior consultants in incident More ❯

Job Title: SOC Incident Response & Threat Hunting Manager Location: Remote Salary: £75k - £85k plus 10% bonus and £6k car allowance Mon - Fri as well as an on-call rota - 1 week in 4. Candidates must be willing and eligible to go through SC security clearance for this role Job Description: We are seeking a highly skilled and experienced … SOC Incident Response & Threat Hunting Manager to join our growing Security Operations Centre. This pivotal role will be responsible for leading our Tier 3 Security and Incident Response Analysts, overseeing advanced incident response activities, driving proactive threat hunting initiatives, and providing strategic direction for the Cyber Threat Intelligence (CTI) capability. This is a hands … a strong technical background, exceptional management skills, and a strategic vision for cybersecurity. You will play a key role in mentoring and developing a high-performing team, leading complex incident response engagements from initial detection through to post-incident review, and significantly enhancing the security posture of our diverse customer base. The role demands a unique blend More ❯

We are seeking a highly skilled and experienced SOC Incident Response & Threat Hunting Manager to join our growing Security Operations Centre. This pivotal role will be responsible for leading our Tier 3 Security and Incident Response Analysts, overseeing advanced incident response activities, driving proactive threat hunting initiatives, and providing strategic direction for the Cyber … a strong technical background, exceptional management skills, and a strategic vision for cybersecurity. You will play a key role in mentoring and developing a high-performing team, leading complex incident response engagements from initial detection through to post-incident review, and significantly enhancing the security posture of our diverse customer base. The role demands a unique blend … of strategic leadership, deep technical expertise in digital forensics and incident response (DFIR), and a proactive mindset to anticipate and neutralise sophisticated and evolving cyber threats. Key Responsibilities: Provide expert guidance and technical oversight on complex security incidents and threat hunting operations. Lead and coordinate high-severity incident response engagements, acting as the primary incident More ❯

to lead and produce deliverables based on reactive services client engagements. The Principal Consultant will work directly with multiple customers and key stakeholders (Admins, C-Suite, etc) to manage incident response engagements and provide guidance on longer term remediation. Your Impact Weekend Work Schedule is Friday-Monday (10 hr work day/40 hr work week) Perform reactive … incident response functions including but not limited to - host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs) Examine firewall, web, database, and other log sources to identify evidence of malicious activity Investigate data breaches leveraging forensics tools including Encase, FTK, X-Ways, SIFT, Splunk, and custom Crypsis investigation … tools to determine source of compromises and malicious activity that occurred in client environments Manage incident response engagements to scope work, guide clients through forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations Ability to perform travel requirements as needed to meet business demands (on average 20%) Mentorship of team members in incident More ❯

to lead and produce deliverables based on reactive services client engagements. The Principal Consultant will work directly with multiple customers and key stakeholders (Admins, C-Suite, etc) to manage incident response engagements and provide guidance on longer term remediation. Your Impact Weekend Work Schedule is Friday-Monday (10 hr work day/40 hr work week) Perform reactive … incident response functions including but not limited to - host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs) Examine firewall, web, database, and other log sources to identify evidence of malicious activity Investigate data breaches leveraging forensics tools including Encase, FTK, X-Ways, SIFT, Splunk, and custom Crypsis investigation … tools to determine source of compromises and malicious activity that occurred in client environments Manage incident response engagements to scope work, guide clients through forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations Ability to perform travel requirements as needed to meet business demands (on average 20%) Mentorship of team members in incident More ❯

to lead and produce deliverables based on reactive services client engagements. The Principal Consultant will work directly with multiple customers and key stakeholders (Admins, C-Suite, etc) to manage incident response engagements and provide guidance on longer term remediation. Your Impact Weekend Work Schedule is Friday-Monday (10 hr work day/40 hr work week) Perform reactive … incident response functions including but not limited to - host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs) Examine firewall, web, database, and other log sources to identify evidence of malicious activity Investigate data breaches leveraging forensics tools including Encase, FTK, X-Ways, SIFT, Splunk, and custom Crypsis investigation … tools to determine source of compromises and malicious activity that occurred in client environments Manage incident response engagements to scope work, guide clients through forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations Ability to perform travel requirements as needed to meet business demands (on average 20%) Mentorship of team members in incident More ❯

An exciting opportunity has arisen for an accomplished SOC Incident Response & Threat Hunting Manager to lead a high-performing team within a dynamic and evolving Security Operations Centre (SOC) environment. This critical role is ideal for a technically proficient cybersecurity professional with a passion for proactive defence, threat intelligence, and strategic leadership. The successful candidate will oversee a … team of Tier 3 Security and Incident Response Analysts, driving advanced incident response, digital forensics, and threat hunting operations across a diverse customer base. Acting as a technical authority, the role will play a pivotal part in enhancing cyber resilience, refining detection capabilities, and leading complex investigations from detection through to remediation and review. Key Responsibilities … Lead, mentor and develop a team of senior SOC analysts, ensuring the delivery of effective and efficient incident response and threat hunting operations. Oversee and coordinate high-severity incident response engagements, acting as incident lead when required, and guiding cross-functional teams through time-critical decision-making. Provide expert oversight on complex security incidents, ensuring More ❯

Overview We now have an exciting opportunity for an Associate Director to join our Digital Forensics and Incident Response (DFIR) team in London. As the senior member of the EMEA DFIR team with deep digital forensic experience, you will be integral to the wider EMEA practice, and in turn part of a global practice offering and influencing the … direction of our forensic technology and digital forensics incident response capability. The Discovery and Data Insights department is the hub of all technical consulting and you will provide digital forensics and incident response solutions for matters which involve cyber response investigations, digital forensic investigations, eDiscovery and data analytics. Our clients include law firms and Fortune … need to deploy the team and support crises. As the technical lead for engagements, you will provide direction to empower the team and provide quality assured, highly responsive forensic incident management. A significant portion of the role will require you to engage across the business to leverage technology consulting into all business development and go-to-market strategy. You More ❯

Incident Response (CSIRT)/Security Operations Centre (SOC) Level 3 Analyst 2-3 Days onsite - Crawley 6-9 Month duration Reporting line: The Analyst will report to the Cyber Security Response Manager and work within the Information Systems directorate, based in the Crawley office. Job purpose: The role of an Incident Response (CSIRT)/SOC … owners to ensure log sources are onboarded into the SIEM solution. Create use cases to correlate suspicious activities across endpoints, networks, applications, and both on-premises and cloud environments. Incident Response: Improve playbooks and processes, lead escalated security incidents, oversee remediation and recovery actions, track incidents, liaise with partners, report findings, and apply root cause analysis with lessons … types and enhance operational playbooks. Digital Forensics: Use forensic tools and techniques to analyse data sources such as logs, SIEM data, applications, and network traffic patterns, and recommend appropriate response actions to ensure threats are contained and eradicated. Cyber Crisis Testing: Participate in cyber-attack simulations and scenario exercises to test resilience and improve preparedness. Reporting: Develop and improve More ❯

DFIR Consultant | Digital Forensics & Incident Response Salary - £50,000 – £65,000 Location: Remote UK About the Role We're looking for a DFIR Consultant (Digital Forensics and Incident Response) to join our expert cybersecurity team. In this role, you'll apply your technical skills, investigative mindset, and forensic expertise to help clients respond to and recover … from complex cyber incidents. You'll lead and support forensic investigations across endpoint, network, and cloud environments, guiding clients through incident triage and digital evidence collection. This position is ideal for someone who thrives in fast-paced environments and enjoys solving technical challenges under pressure. What You'll Do Lead digital forensic investigations across endpoint, network, and cloud environments … AWS, Azure). Perform incident response for on-premises and cloud infrastructures, identifying root causes and containment strategies. Use tools like CrowdStrike, Magnet Axiom, X-Ways, SIFT Workstations, and EZTools to collect, preserve, and analyse evidence. Develop custom scripts and forensic tooling to automate investigation workflows. Document findings clearly in reports and client presentations, tailoring communication for both More ❯

Incident Response (CSIRT)/SOC Level 3 Analyst Location: Crawley (Hybrid) Department: Information Systems Type: Contract Full-time Outside IR35 About the Role My client is seeking an experienced Incident Response (CSIRT)/Security Operations Centre (SOC) Level 3 Analyst to join their Information Systems directorate, based in Crawley. In this critical role, you'll respond … s network systems, operational technology, and customer data from emerging and sophisticated cyber risks. Key Responsibilities As a senior member of the Security Operations team, you will: Lead the response to escalated and high-severity cyber incidents, ensuring rapid containment and recovery. Conduct advanced threat hunting across IT and OT environments to identify and eliminate hidden threats. Develop and … enhance SOC policies, playbooks, and incident response processes to align with industry best practices. Collaborate with the Managed Security Service Provider (MSSP) and internal teams to ensure complete log source integration and effective alert correlation across cloud and on-prem environments. Support and develop the organisation's SOAR platform, creating automated workflows and improving response efficiency. Perform More ❯

Incident Response (CSIRT)/SOC Level 3 Analyst Location: Crawley (Hybrid) Department: Information Systems Type: Contract | Full-time Outside IR35 About the Role My client is seeking an experienced Incident Response (CSIRT)/Security Operations Centre (SOC) Level 3 Analyst to join their Information Systems directorate, based in Crawley. In this critical role, you'll respond … s network systems, operational technology, and customer data from emerging and sophisticated cyber risks. Key Responsibilities As a senior member of the Security Operations team, you will: Lead the response to escalated and high-severity cyber incidents, ensuring rapid containment and recovery. Conduct advanced threat hunting across IT and OT environments to identify and eliminate hidden threats. Develop and … enhance SOC policies, playbooks, and incident response processes to align with industry best practices. Collaborate with the Managed Security Service Provider (MSSP) and internal teams to ensure complete log source integration and effective alert correlation across cloud and on-prem environments. Support and develop the organisation's SOAR platform, creating automated workflows and improving response efficiency. Perform More ❯

SOC Analyst role where you’re pigeonholed into one narrow specialism. At CyPro, you’ll have the opportunity to get involved in a wide range of areas including monitoring, incident response, threat intelligence, detection engineering, automation and internal security operations. You’ll play a key role in our Security Operations Centre, delivering 365-day monitoring, detection and response … As the team grows further, you’ll have the flexibility to focus more deeply on the areas that interest you most – whether that’s advanced detection engineering, threat intelligence, incident response leadership or platform automation. If you’re ambitious and want to help shape something rather than simply follow a process, this is the right environment for you. … Core Responsibilities: Security Monitoring & Incident Response Monitor security alerts generated by Microsoft Sentinel, Microsoft Defender, Datadog and Elastic. Assess severity and impact of alerts, triage and investigate incidents independently. Execute containment and remediation actions using defined runbooks and playbooks. Correlate data across platforms to identify anomalies, malicious patterns and attacker behaviour. Produce detailed incident reports, RCA and More ❯

SOC Analyst role where you’re pigeonholed into one narrow specialism. At CyPro, you’ll have the opportunity to get involved in a wide range of areas including monitoring, incident response, threat intelligence, detection engineering, automation and internal security operations. You’ll play a key role in our Security Operations Centre, delivering 365-day monitoring, detection and response … As the team grows further, you’ll have the flexibility to focus more deeply on the areas that interest you most – whether that’s advanced detection engineering, threat intelligence, incident response leadership or platform automation. If you’re ambitious and want to help shape something rather than simply follow a process, this is the right environment for you. … Core Responsibilities: Security Monitoring & Incident Response Monitor security alerts generated by Microsoft Sentinel, Microsoft Defender, Datadog and Elastic. Assess severity and impact of alerts, triage and investigate incidents independently. Execute containment and remediation actions using defined runbooks and playbooks. Correlate data across platforms to identify anomalies, malicious patterns and attacker behaviour. Produce detailed incident reports, RCA and More ❯

SOC Analyst role where you’re pigeonholed into one narrow specialism. At CyPro, you’ll have the opportunity to get involved in a wide range of areas including monitoring, incident response, threat intelligence, detection engineering, automation and internal security operations. You’ll play a key role in our Security Operations Centre, delivering 365-day monitoring, detection and response … As the team grows further, you’ll have the flexibility to focus more deeply on the areas that interest you most – whether that’s advanced detection engineering, threat intelligence, incident response leadership or platform automation. If you’re ambitious and want to help shape something rather than simply follow a process, this is the right environment for you. … Core Responsibilities: Security Monitoring & Incident Response Monitor security alerts generated by Microsoft Sentinel, Microsoft Defender, Datadog and Elastic. Assess severity and impact of alerts, triage and investigate incidents independently. Execute containment and remediation actions using defined runbooks and playbooks. Correlate data across platforms to identify anomalies, malicious patterns and attacker behaviour. Produce detailed incident reports, RCA and More ❯

SOC Analyst role where you’re pigeonholed into one narrow specialism. At CyPro, you’ll have the opportunity to get involved in a wide range of areas including monitoring, incident response, threat intelligence, detection engineering, automation and internal security operations. You’ll play a key role in our Security Operations Centre, delivering 365-day monitoring, detection and response … As the team grows further, you’ll have the flexibility to focus more deeply on the areas that interest you most – whether that’s advanced detection engineering, threat intelligence, incident response leadership or platform automation. If you’re ambitious and want to help shape something rather than simply follow a process, this is the right environment for you. … Core Responsibilities: Security Monitoring & Incident Response Monitor security alerts generated by Microsoft Sentinel, Microsoft Defender, Datadog and Elastic. Assess severity and impact of alerts, triage and investigate incidents independently. Execute containment and remediation actions using defined runbooks and playbooks. Correlate data across platforms to identify anomalies, malicious patterns and attacker behaviour. Produce detailed incident reports, RCA and More ❯

SOC Analyst role where you’re pigeonholed into one narrow specialism. At CyPro, you’ll have the opportunity to get involved in a wide range of areas including monitoring, incident response, threat intelligence, detection engineering, automation and internal security operations. You’ll play a key role in our Security Operations Centre, delivering 365-day monitoring, detection and response … As the team grows further, you’ll have the flexibility to focus more deeply on the areas that interest you most – whether that’s advanced detection engineering, threat intelligence, incident response leadership or platform automation. If you’re ambitious and want to help shape something rather than simply follow a process, this is the right environment for you. … Core Responsibilities: Security Monitoring & Incident Response Monitor security alerts generated by Microsoft Sentinel, Microsoft Defender, Datadog and Elastic. Assess severity and impact of alerts, triage and investigate incidents independently. Execute containment and remediation actions using defined runbooks and playbooks. Correlate data across platforms to identify anomalies, malicious patterns and attacker behaviour. Produce detailed incident reports, RCA and More ❯

Senior Cyber Incident Response InvestigatorFully UK RemoteDV Clearance or eligibility essential£80,000 + OT and On-Call earning £100,000+ Excellent opportunity for a candidate with Incident Response experience, DV Clearance or the ability to obtain it, and extensive experience with cyber forensic tools to join a business offering an entirely remote working position, the … key stakeholders within your client. This is a highly autonomous environment and you'll even set your own hours of work.The ideal candidate will have good experience within Cyber Response and have a wide range of experience with different cyber forensic tools. Candidates must be happy to travel to customer sites a few times a year, must be eligible … a wide and varied client base, remote working opportunities, and the chance to make a real difference to businesses across the UK and Europe! The Role: *Senior-Level Cyber Incident Response Investigator*Fully Remote*Helping businesses deal with real-time cyber-attacks remotely*Occasionally travelling to customer sites*£80,000 base + OT and On-all bumping total More ❯

Senior Cyber Incident Response Investigator Fully UK Remote DV Clearance or eligibility essential £80,000 + OT and On-Call earning £100,000+ Excellent opportunity for a candidate with Incident Response experience, DV Clearance or the ability to obtain it, and extensive experience with cyber forensic tools to join a business offering an entirely remote working … stakeholders within your client. This is a highly autonomous environment and you'll even set your own hours of work. The ideal candidate will have good experience within Cyber Response and have a wide range of experience with different cyber forensic tools. Candidates must be happy to travel to customer sites a few times a year, must be eligible … a wide and varied client base, remote working opportunities, and the chance to make a real difference to businesses across the UK and Europe! The Role: *Senior-Level Cyber Incident Response Investigator *Fully Remote *Helping businesses deal with real-time cyber-attacks remotely *Occasionally travelling to customer sites *£80,000 base + OT and On-all bumping total More ❯

strategic and hands-on Security Operations Manager to fortify our defences, drive compliance, and lead proactive risk mitigation across the organisation. You’ll oversee Security Operations and Engineering, manage incident response, and collaborate with IT, legal, and compliance teams to embed a culture of security awareness. If you're passionate about protecting assets and reputation while leading with … and implementation of strategic security plans to enhance MIB’s security posture and resilience Operational Resilience Identify within Security Operations and support the business on our Operational Resilience efforts Incident Response Management : Lead and coordinate from a Security perspective incident response efforts, ensuring timely and effective resolution of security incidents Budget Management The Security Operations Manager … Engineering teams. This includes the ability to mentor and guide team members, fostering a collaborative and high-performance environment Experience in budget management and control Extensive experience in security incident response leadership. This includes coordinating and managing incident response efforts, ensuring timely and effective resolution of security incidents. Relevant advanced security qualifications such as CISSP, GIAC. More ❯

A global IT MSP is looking for an experienced SOC Incident Response & Threat Hunting Manager to join its expanding Security Operations Centre. This is a pivotal leadership role, overseeing Tier 3 Security and Incident Response Analysts while driving proactive threat hunting and cyber threat intelligence initiatives. This hands-on position combines technical depth, strategic leadership, and … a forward-thinking approach to cybersecurity. The successful candidate will lead advanced incident response activities, mentor a high-performing team, and shape the strategic direction of cyber defence capabilities across a diverse customer base. On offer Salary - Competitive depending upon experience Company Bonus Scheme Comprehensive Benefits Pack 10% Company Pension £6k Vehicle allowance Excellent skill up and career … progression Flexible working from Day 1 Plus more Skills & Experience Proven experience leading incident response and threat hunting teams within a SOC or similar environment. Deep technical expertise in Digital Forensics and Incident Response (DFIR), with strong analytical and problem-solving skills. Skilled at translating complex technical findings into clear, actionable insights for technical and non More ❯

A global IT MSP is looking for an experienced SOC Incident Response & Threat Hunting Manager to join its expanding Security Operations Centre. This is a pivotal leadership role, overseeing Tier 3 Security and Incident Response Analysts while driving proactive threat hunting and cyber threat intelligence initiatives. This hands-on position combines technical depth, strategic leadership, and … a forward-thinking approach to cybersecurity. The successful candidate will lead advanced incident response activities, mentor a high-performing team, and shape the strategic direction of cyber defence capabilities across a diverse customer base. On offer Salary - Competitive depending upon experience Company Bonus Scheme Comprehensive Benefits Pack 10% Company Pension £6k Vehicle allowance Excellent skill up and career … progression Flexible working from Day 1 Plus more Skills & Experience Proven experience leading incident response and threat hunting teams within a SOC or similar environment. Deep technical expertise in Digital Forensics and Incident Response (DFIR), with strong analytical and problem-solving skills. Skilled at translating complex technical findings into clear, actionable insights for technical and non More ❯