26 to 50 of 337 Incident Response Jobs in the UK excluding London

improvement Lead security engagement within client Design Authority and Enterprise Architecture forums Manage integration with the client SOC, including security reporting, SIEM alignment, and incident response coordination Oversee security incident management in line with the client Cyber Security Incident Response Plan Own joiner/mover … Strong understanding of NCSC HMG IAS5, Cyber Assessment Framework (CAF), ISO 27001, and GDPR Hands-on experience integrating with a UK Government SOC, including incident response and security reporting Strong working knowledge of Oracle Cloud security (OCI IAM, Vault, network security, audit, PAM) Experience securing Oracle SaaS applications ...

fully remote and allows you to work from anywhere within Northern Ireland. How you’ll make an impact Lead improvements in detection and response capabilities, continuously optimizing monitoring, alerting, and incident response processes. Mentor junior and mid‐level engineers, setting a high standard in security practices … decisions. Lead automation and process optimization efforts by developing scripts and tools to automate repetitive security tasks as well as to enhance detection and response capabilities through the use of automation and integration of security tools. What will set you up for success Bachelor's degree in Computer Science ...

intelligence products with internal and external stakeholders and use this intelligence to support vulnerability management and threat hunting activities. Additionally, you will contribute to incident response processes and provide support to colleagues responsible for the IPOs protection, detection, and response capabilities. If you have strong relevant expertise … best practice guidance. Metrics & Reporting Develop and maintain actionable metrics that demonstrate the effectiveness of the organisations vulnerability management and threat intelligence capabilities. Incident Response Support Contribute to and enhance our incident response processes, representing Cyber Security in operational incident calls, keeping stakeholders informed ...

incidents and mangment of the SOC Analysts. This is a critical leadership role, responsible for protecting the organisation against real-time cyber threats, driving incident response, and ensuring resilience across a complex technology estate. Our client is offering a 6 month rolling contract, paying … high-impact opportunity to shape cyber strategy at an enterprise level, working closely with senior stakeholders and external agencies to strengthen security posture and response capability. You will play a key role in building and evolving the CSOC capability, operating within a highly visible and business-critical function, with ...

threat landscape. This is a high-impact position where you'll lead the security operations function end-to-end, driving improvements across threat detection, incident response, and overall security posture within a complex, evolving environment. The Role You'll take ownership of security operations, ensuring the business … capability. Key responsibilities include: Leading the day-to-day operations of the Security Operations function, including oversight of any outsourced SOC Managing the full incident response lifecycle (detection through to recovery and post-incident review) Overseeing threat detection, vulnerability management, and cyber defence capabilities Driving improvements across ...

strengthening and evolving their cyber defence capability. This is a high-impact leadership role where you'll own security operations end-to-end , lead incident response, and work closely with the CISO to drive continuous improvement across a mature but evolving cyber function. What you'll be doing … Leading and developing a Cyber Security Operations team Acting as incident commander during cyber events and investigations Maturing SOC, CSIRT and incident response capabilities Driving threat hunting, detection and monitoring improvements Owning vulnerability management and pen test governance Ensuring alignment with ISO27001, NIST, GDPR and regulatory expectations ...

detected by automated controls Translate threat intelligence into actionable hunt hypotheses Continuously refine detection logic based on hunt outcomes and emerging threats Investigations & Incident Response Lead complex and high-severity security investigations from triage through containment and remediation Act as the technical escalation point for advanced SOC investigations … Conduct root cause analysis and attacker kill-chain reconstruction Produce clear, defensible investigation documentation suitable for executive, legal, and regulatory audiences Coordinate incident response activities with IR, IT, Legal, Risk, and external partners as required SOC Technical Leadership Define investigation standards, workflows, and quality benchmarks Mentor and upskill ...

security operations tooling (SIEM, DLP, IAM, endpoint protection) to safeguard systems and data Develop, implement, and monitor KPIs and dashboards to measure detection effectiveness, incident response performance, data protection posture, and compliance Own and support Microsoft Purview capabilities including Information Protection, Data Loss Prevention, Data Lifecycle Management … risk, compliance, data governance, and IT teams to maintain robust security controls, support audit readiness, and strengthen operational resilience Support and participate in security incident response and investigations, ensuring rapid containment, remediation, and recovery. What we are looking for in our ideal Security Operations Engineer : Proven experience ...

experience. This is a senior, hands-on role working across firewalling, on-premise and cloud security, secure infrastructure, network security, workload segmentation, hardening, monitoring, incident response and security architecture. The environment is highly secure and regulated, with a strong focus on enterprise firewalling, Elastic/Elasticsearch, VMware-based … Server environments, Active Directory, Group Policy and endpoint configurations Implementing, auditing and remediating against CIS Benchmarks, STIGs and security hardening standards Supporting vulnerability management, incident response, root cause analysis and remediation planning Embedding security into DevSecOps/CI/CD practices, including automated security testing and policy ...

UBDS Group is looking for a highly skilled Senior Digital Forensics and Incident Response (DFIR) Consultant located in Manchester. This role focuses on delivering DFIR services to clients while supporting internal cybersecurity operations. You will lead incident response activities, conduct forensic investigations, and work closely with ...

security alerts, intrusions, and unauthorised activity Responding to incidents in line with defined SOC playbooks Escalating complex or high-risk incidents to Tier 2 Incident Response teams Reviewing vulnerability scan results and feeding findings back to technical teams Supporting secure configuration reviews and remediation activities Producing regular service … Junior SOC Analyst essential skills A qualification in Cyber Security, Computer Science, Networking, or a related technical discipline Strong interest in cyber security and incident response Understanding of core security concepts and common cyber threats Ability to follow processes, investigate alerts, and document findings clearly Willingness to work ...

Group plc is seeking a DFIR Managing Consultant to lead incident response engagements and manage a team of DFIR consultants. The role requires extensive experience in incident response and digital forensics, providing critical guidance during complex situations. Key responsibilities include coordinating teams, delivering thorough investigations ...

matched up to 9%, Hybrid working opportunity, Private Healthcare. Responsibilities Managing checklists and problem management through to handover or resolution. Threat identification and classification. Incident response lead. Report writing. Stakeholder management. Continuous improvement. Junior SOC staff mentoring. Tasks Maintain and monitor effectiveness of security measures and controls. … SIEM and EDR tools. Monitor and configure IDS/IPS. Analyse and create reports for security incidents, root cause, lessons learnt. Create and rehearse Incident Response plans; support audits and red team engagements. Work closely with Cyber Security/IT teams and external support groups. Communicate with individuals ...

security alerts, intrusions, and unauthorised activity Responding to incidents in line with defined SOC playbooks Escalating complex or high-risk incidents to Tier 2 Incident Response teams Reviewing vulnerability scan results and feeding findings back to technical teams Supporting secure configuration reviews and remediation activities Producing regular service … Junior SOC Analyst essential skills A qualification in Cyber Security, Computer Science, Networking, or a related technical discipline Strong interest in cyber security and incident response Understanding of core security concepts and common cyber threats Ability to follow processes, investigate alerts, and document findings clearly Willingness to work ...

This is an initial 6 month contract paying up to £600 per day Outside IR35. The role focuses on supporting security operations monitoring and incident response activities within a large enterprise environment. This role allows remote working with occasional travel to London when required. The successful SOC Analyst … cyber security incidents and responding appropriately • Working with SIEM platforms such as Splunk, Sentinel or QRadar • Conducting threat analysis and triaging security alerts • Supporting incident response and remediation activities • Working with security engineering teams to improve detection capabilities Experience within financial services, fintech or other regulated environments would ...

Group is seeking a DFIR Managing Consultant in Manchester to lead incident response engagements. The role involves managing a team of skilled consultants, providing hands-on support during cyber incidents, and ensuring effective communication. Candidates should have extensive experience in incident response and digital forensics, strong ...

critical infrastructure. This is a hands-on role , focused on alert triage, initial investigations, and working closely with an outsourced SOC to ensure effective incident response and escalation.What you’ll be doing: Monitoring and triaging security alerts in a live SOC environment Conducting initial investigations and validating potential … threats Escalating incidents in line with defined processes and playbooks Working closely with internal teams and external SOC providers Supporting incident response and contributing to continuous improvement of security operations What they’re looking for: Experience in a SOC or Security Operations environment Hands-on exposure to SIEM ...

across the business. The Role Youll lead day-to-day cyber security operations, working closely with IT and business stakeholders to ensure robust monitoring, incident response, and risk management processes are in place. This is a hands-on role with both operational and strategic elements. Key Responsibilities Overseeing … cyber operations, including threat monitoring and incident response Managing vulnerabilities and supporting remediation activities Supporting the development and delivery of cyber security strategy Collaborating with internal teams and third-party providers Driving awareness, training, and continuous improvement initiatives About You Experience in cyber security operations, SOC, or incident ...

system environments. This role sits within a Security Operations function but is heavily engineering focused, combining hands on OT security tooling, detection engineering and incident response to strengthen resilience across critical infrastructure. Key Responsibilities: Act as the OT security engineering SME, supporting both operational and project based activities … equivalent) Develop and refine detection rules, alerting logic and monitoring coverage across OT and IT/OT convergence points Lead technical investigations and incident response for OT-related cyber events Analyse industrial network traffic to identify anomalies, threats and protocol misuse Integrate OT telemetry into SIEM ...

Cyber Security Manager/Senior Engineer is responsible for security operations, risk management, incident response, policy development and user awareness. The role will manage external 3rd party and internal virtual resources. Client Details The client is a well-established, multi-site professional services organisation operating at national scale. … matters, providing clear guidance to leadership and technical teams Lead engagement with a third-party Security Operations Centre (SOC), ensuring effective monitoring, detection and response Oversee incident management, including coordination, post-incident reviews and continuous improvement actions Own and manage key security platforms, including security awareness ...

network estate (including Cisco Meraki). The role is hands-on and operational, partnering with IT teams to implement security controls, support monitoring and incident response through Sophos MDR, and improve cyber resilience by supporting Disaster Recovery (DR) testing and Business Continuity (BC) readiness. Key Responsibilities Cloud Security … ensure changes follow change control. Enable and review network security logging/alerting (e.g., syslog/SIEM integrations where applicable). Monitoring, Detection & Incident Response (Sophos MDR) Act as the internal technical point of contact for Sophos MDR and ensure smooth collaboration with MDR analysts. Maintain coverage ...

Defender for Identity, Defender for Cloud Apps, etc.) and other monitoring tools to identify and respond to potential data loss or unauthorised data sharing Incident Triage & Response: Perform timely triage of security alerts to determine impact and urgency, investigating incidents using available tools and data Lead initial incident response actions (containment, remediation, communication) for confirmed security incidents, following established escalation procedures Ensuring that all incidents are promptly escalated to senior leadership or external partners, as appropriate Threat Analysis & Intelligence Integration: Analyse malicious activities to determine root cause and attack vectors by mapping observed attacker actions ...

clients—from fast-growing organizations to large enterprise and public sector environments. Our security function supports clients through capabilities such as Managed Detection and Response (MDR), threat hunting, vulnerability management, penetration testing, and incident response, alongside advisory-led consulting engagements. The organization is experiencing strong growth … cyber threats across varied environments. You will support and mentor junior analysts, lead complex investigations, and contribute to the ongoing development of detection and response capabilities. This role is suited to a security professional with a solid technical background, a collaborative approach, and an interest in progressing into leadership ...

organisation based in the Midlands. Practitioner CERT capabilities and several team management experience is required – meaning you will be technically capable and experienced within Incident Response & Detection, Threat Intelligence & Hunting, Vulnerability Management, Attack Surface Reduction, Cyber Analysis, etc. You will also have large team leadership and motivation experience … procedures, and playbooks to respond to cyber threats. Develop and maintain cyber strategy, capabilities to stay ahead of emerging threats. Lead the Cyber Defence response for the organisation when under cyber-attack. Lead and manage multiple cyber security teams. Engage with stakeholders, report to snr management and collaborate with ...

role in aligning security strategy with business objectives, driving digital transformation, and fostering a culture of security awareness and resilience. The Director will oversee incident response, policy/standards development, and the implementation of security controls to support business growth and regulatory compliance. This role will work collaboratively … security training & awareness Develop and lead the UK ICS team to ensure they can deliver business strategy in alignment with agreed security strategy Facilitate incident-response planning and security incident support, with Global SoC Provide the UK Exec Team with appropriate management information and cyber security intelligence ...