1 to 25 of 269 Incident Response Jobs in the UK excluding London

security stacks. The ideal candidate will have expertise in monitoring and analyzing security incidents in SOC. Your Responsibilities (Up to 10, Avoid repetition) 1. Incident Detection and Response Lead investigations and remediation of complex security incidents, including malware infections, data breaches, and advanced persistent threats (APTs). Utilize … security technologies to analyze and correlate security alerts. Take ownership of Tier 2-level escalations from Tier 1 analysts and guide them through complex incident response procedures. Quality Assurance for SOC L1, monitoring and triaging. 2. Incident Detection and Response Lead investigations and remediation of complex ...

Principal Cyber Security Incident Response Analyst £60,000 - £70,000 Full Time/Permanent West Midlands/Hybrid (1-2 days a month in the office ideally) The Role I am looking for a driven and experienced Principal Cyber Security Incident Response Analyst to join … large nationally recognised brand head quartered in the West Midlands. As a Principal Cyber Security Incident Response Analyst, you will play a pivotal role in protecting critical systems, assets, and people from cyber security threats. You'll be part of a world-class team, working at the forefront ...

Senior Security Engineer (Incident Response SIEM SOAR AWS) Remote UK to £115k Are you a tech savvy Senior Security Engineer with strong Incident Response experience? You could be progressing your career in a senior, hands-on Senior Security Engineer role as part of a friendly … strengthening EDR/XDR and DLP configurations, defining new automatic detections of security events in the SIEM, improving automatic security alerts triage and Incident Response playbooks, defining the runbooks to be used during Incident Response and leading the execution of Table Top Exercises (TTX) with different ...

Investigator - Cyber Incident Response Location Flexible (UK) Please Note: Due to the nature of client work you will be undertaking, you will need to be willing to go through a Security Clearance process as part of this role, which requires 5+ years UK address history at the point … working with cutting-edge technologies and will have the opportunity to develop a wide range of new skills. At Accenture, our global Incident Response team takes on some of the hardest and most meaningful challenges in cyber security. When major organisations are breached, when ransomware hits the headlines ...

Security Lead - Incident Response & Threat Management 4 Months Contract £400 to £500 a day Inside IR35 Remote working *Active Security Clearance is Needed* A well-established consultancy firm is urgently looking for an experienced Security Lead with a strong background in Incident Response and Threat Management … high-profile client. This role requires a professional with active SC Clearance and a deep understanding of SecOps analyst support. Core Responsibilities Incident Management: Directing the full incident response lifecycle, including the triage, investigation, and total resolution of security events. Threat Intelligence: Utilising Recorded Future, OpenCTI ...

Cyber Fusion Center (CFC). This critical, senior-level individual contributor will integrate IAM principles and controls into our security operations and incident response framework. You will be a technical expert with knowledge of the threat environment from the perspective of identity and access management. You will … threat intelligence and operational insights to inform and mature our IAM policies, standards, and controls. You will partner with CFC analysts, threat hunters, and incident responders to provide subject matter expertise during active investigations and to strengthen our security posture. This is a hybrid, Nottingham-based role reporting ...

enterprise clients.* Full-time, permanent role focused on securing client infrastructures across network, cloud, and endpoint environments.* Hands-on position covering security design, incident response, vulnerability management, and client consultancy.* Hybrid working model with strong benefits, development pathways, and exposure to complex, real-world security challenges.* To apply … Security Engineer, you'll play a key role in securing client IT environments by designing, implementing, and managing robust security solutions. You'll lead incident response activities, conduct vulnerability assessments, and proactively identify risks across network, cloud, and endpoint systems. You'll work directly with clients to understand ...

Operations Centre. This role will have you leading a team of analysts and working alongside security engineers to develop and automate threat detection and response playbooks, as well as security architects and the wider IT function. The ideal candidate will have the technical expertise to work … development of SOC analysts and engineers. Lead the configuration, tuning, and maintenance of core SOC capabilities including log aggregation, alerting, correlation, threat detection, and response tooling. Define, track, and report SOC performance metrics and KPIs, ensuring operational efficiency and alignment with organisation objectives. Manage and mentor SOC team members ...

looking for a SOC Analyst to join an established Security Operations Centre team. This role focuses on incident investigation, triage, and response , along with client engagement and proactive security activities. What You'll Do Investigate and respond to security incidents Perform triage and remediation across client environments Engage … with clients during incident response activities Support proactive security and continuous improvement initiatives Mentor junior team members where appropriate What We're Looking For 2+ years' experience in cyber security, ideally incident response Strong communication skills Experience across Windows, Linux/Unix, and macOS Knowledge ...

join our team. This is a critical leadership role, overseeing the full security lifecycle — from architecture and policy development to operational resilience and incident response — across complex hybrid environments with a strong emphasis on cloud security (AWS and Azure). Your leadership will be central to ensuring that … into operational deployment. Demonstrate a strong understanding of leading operational security functions, including SOC operations, threat intelligence, and vulnerability management. Experience of managing the incident response lifecycle, including triage, containment, investigation, remediation, and conducting post-incident reviews. Ability to establish and improve incident response playbooks ...

servers, and workstations. Carrying out security monitoring and improving the configuration of the security monitoring tools used by Smart Communications. Enhancing security detection and incident response processes ranging from individual playbooks to security incident response and remediation plans. Managing vulnerability detection and remediation by working with … years of hands-on experience in a similar role. Good understanding of security principles, technologies, and best practices, including threat detection and security incident response processes. Experience implementing security in AWS environments including proactive configuration of AWS accounts and assets to meet good security practices Experience conducting security ...

closing date. What you will do Monitor security alerts and threat intelligence feeds to detect and respond to cyber incidents. Lead or support incident response activities, including investigation, containment, eradication, and recovery. Manage and maintain security tools such as Security Information and Event Management (SIEM), endpoint protection, vulnerability … personal development plan (known as Sgwrs). Any other reasonable duties requested commensurate with the grade of this role. Required to take part in incident response activities Your qualifications, experience, knowledge and skills In your application and interview you will be asked to demonstrate the following skills ...

ANALYST ROLE: As a Cyber Resilience Analyst, you'll be responsible for defining, maintaining, and testing the organisation's resilience plans, covering Business Continuity, Incident Response, and Disaster Recovery. You'll work closely with IT teams and stakeholders across the wider business to ensure resilience strategies are practical … robust, and effective. The role plays a key part in analysing the impact of cyber incidents on business systems, supporting incident reviews, and ensuring lessons learned are fed back into improved resilience planning. You'll also work alongside project and change teams to ensure new systems and developments ...

months). In full: Job Purpose The UK CSIRT Tier1 Analyst will deliver the actions and activities as required and detailed in Cyber Incident Response plans. Using technical expertise and co-ordination capabilities, they will work within a team and individually, to respond to incidents and security events. … role requires the individual to have a high level of performance and individual ability. About the Role As part of the Cyber Security Incident Response Team (CSIRT), you will be employed within a global team as a Tier 1 CISRT analyst within its Cyber Security Operations Centre (CSOC ...

risks and implement mitigation strategies. Collaborate with cross-functional teams to ensure data security requirements are integrated into new projects and existing systems. Lead incident response efforts related to email security breaches, ensuring quick containment and remediation. Ensure compliance with industry standards and regulatory requirements related to data … processes. Develop and deliver training programs for employees to increase awareness of security practices, especially regarding email security and phishing prevention. Threat Intelligence and Incident Response: Analyse threat intelligence to anticipate and mitigate potential cyber threats targeting the organisation. Participate in or lead incident response activities ...

present end-to-end security solutions aligned to business objectives Act as a trusted advisor on cyber security strategy and best practice Support incident response and improvement initiatives where required Produce clear technical documentation and recommendations Collaborate with cloud, networking and wider pre-sales teams Maintain relevant vendor … 5+ years’ experience in pre-sales or consulting within an MSP, reseller or systems integrator Strong understanding of SOC operations, security monitoring and incident response Solid knowledge of Microsoft security technologies Experience with SIEM, MDR/EDR, SSE and SASE solutions Knowledge of ISO 27002, CIS, NCSC ...

Analyst: Strong experience with Microsoft Sentinel (SIEM) and Microsoft Defender suite (Defender for Endpoint, Identity, Cloud, etc.). Proven track record in security monitoring, incident response, and alert troubleshooting . Working knowledge of SOAR platforms (preferably within Sentinel or similar). Understanding of threat detection, log analysis … Sentinel and Microsoft Defender . Perform detailed security event analysis and correlation, escalating incidents where necessary. Develop and optimise SOAR (Security Orchestration, Automation and Response) playbooks to enhance incident response and efficiency. Collaborate with wider IT and security teams to improve threat detection, incident handling ...

threats. You will be a part of a 24/7 team responsible for monitoring our systems, detecting potential security incidents, and initiating the incident response process. Key Responsibilities Continuous Monitoring: You will monitor security tools, including Security Information and Event Management (SIEM) systems, to detect suspicious activity. … will be the first to see potential threats and will need to be efficient and professional response against defined processes. Incident Triage: You will analyse alerts and logs to determine if an event is a genuine security incident or a false positive. You will need ...

cloud environment. This is not a traditional SOC role focused on alert handling . The position sits at the senior technical level and combines incident leadership, detection engineering, threat hunting and automation. You’ll have genuine ownership of security operations maturity rather than working in a ticket-driven environment. … senior technical point of escalation within the SOC, leading complex investigations and driving continuous improvement across tooling, detection capability and response processes. Typical responsibilities include: Leading complex security incidents end-to-end including investigation, containment, forensics and root cause analysis. Designing, tuning and improving detection across SIEM ...

interpret logs, alerts, and threat data to identify potential security incidents. Ensure security tooling is correctly configured, operational, and fully utilised. Threat Detection, Incident Response & Vulnerability Management Support or lead security incident investigations, including root cause analysis and remediation. Conduct vulnerability assessments and maturity scans, ensuring risks … Experience working with or managing third party SOC, SIEM, and security vendors. Background in overseeing penetration tests and managing remediation activity. Solid understanding of incident response, vulnerability management, and general cyber defence principles. Experience working with ISO 27001 environments or auditing. Excellent communication, documentation, and stakeholder engagement skills. ...

high-performing Security Operations Centre supporting a large-scale telecoms environment. This is a hands-on Tier 2 CERT role focused on investigation, response, and remediation of security incidents across enterprise-scale infrastructure. If you enjoy solving real incidents rather than just closing tickets, this role will suit you. … Defender Conduct forensic analysis to determine root cause, scope, and impact Support containment, eradication, and recovery activities with IT and engineering teams Produce clear incident reports with technical findings and remediation actions Quality assurance of SOC L1 triage and alert handling Develop and refine detection use cases, playbooks ...

industry standards (e.g., GDPR, PCI DSS, NIST CSF) Influence cyber security improvements by reviewing IT/security architectures and providing expert challenge Oversee incident response readiness and assurance of cyber security testing across the enterprise Promote strong security awareness and assure the quality of provider training Conduct horizon … risk assessment and development of mitigation plans aligned to business objectives Experience producing cyber security performance metrics for senior leadership Hands-on experience in incident response, vulnerability management, system hardening, and post-incident analysis Strong understanding of cloud security (IaaS, PaaS, SaaS, CASB, Zero Trust, micro-segmentation ...

delivering technology change/improvement projects and managing external support agreements. The Cyber Security Analyst is required to focus on the detection, investigation and response to cyber security events and incidents. Other tasks involve BAU security tasks, supporting cyber security projects and assisting with regulatory compliance. Daily tasks will … involve the following: * Endpoint monitoring and analysis. * Incident readiness and handling as part of the Computer Security Incident Response (CSIRT) team. * Monitor and administer Security Information and Event Management (SIEM). * Malware analysis and forensics research. * Understanding/differentiation of intrusion attempts and false positives. * Investigation tracking ...

Incident Manager Location: Central London | Salary: £38,000 to £40,000 | Job Type: Permanent Take the lead when it counts most — keep services running and stakeholders confident. Are you an experienced IT Incident Manager looking for a new challenge in a fast-paced and high-impact environment? This … manage high-priority and major incidents from initiation to resolution Coordinate cross-functional IT teams to restore services quickly Maintain ownership of the incident lifecycle and ensure SLAs are met Act as the central communication point during live incidents Provide clear, real-time updates to stakeholders at all levels ...

image scanning, policy-as-code and least privilege IAM. Drive reliability using SRE practices: define SLIs/SLOs, error budgets, capacity planning, chaos testing, incident response and blameless post-incident reviews. Partner with application squads to remove toil, improve developer experience (DX), and reduce lead time … onboarding guides and demo sessions for consumers of the platform. Participate in an on-call rota for critical platform services and lead/coordinate incident response when required. About you Strong hands-on experience with Microsoft Azure core services (networking, compute, storage) and platform services (AKS, App Services ...