1 to 25 of 117 Incident Response Jobs in the South East

Incident Response (CSIRT)/SOC Level 3 Analyst Location: Crawley (Hybrid) Department: Information Systems Type: Contract Full-time Outside IR35 About the Role My client is seeking an experienced Incident Response (CSIRT)/Security Operations Centre (SOC) Level 3 Analyst to join their Information Systems directorate, based in Crawley. In this critical role, you'll respond … s network systems, operational technology, and customer data from emerging and sophisticated cyber risks. Key Responsibilities As a senior member of the Security Operations team, you will: Lead the response to escalated and high-severity cyber incidents, ensuring rapid containment and recovery. Conduct advanced threat hunting across IT and OT environments to identify and eliminate hidden threats. Develop and … enhance SOC policies, playbooks, and incident response processes to align with industry best practices. Collaborate with the Managed Security Service Provider (MSSP) and internal teams to ensure complete log source integration and effective alert correlation across cloud and on-prem environments. Support and develop the organisation's SOAR platform, creating automated workflows and improving response efficiency. Perform More ❯

Incident Response (CSIRT)/SOC Level 3 Analyst Location: Crawley (Hybrid) Department: Information Systems Type: Contract | Full-time Outside IR35 About the Role My client is seeking an experienced Incident Response (CSIRT)/Security Operations Centre (SOC) Level 3 Analyst to join their Information Systems directorate, based in Crawley. In this critical role, you'll respond … s network systems, operational technology, and customer data from emerging and sophisticated cyber risks. Key Responsibilities As a senior member of the Security Operations team, you will: Lead the response to escalated and high-severity cyber incidents, ensuring rapid containment and recovery. Conduct advanced threat hunting across IT and OT environments to identify and eliminate hidden threats. Develop and … enhance SOC policies, playbooks, and incident response processes to align with industry best practices. Collaborate with the Managed Security Service Provider (MSSP) and internal teams to ensure complete log source integration and effective alert correlation across cloud and on-prem environments. Support and develop the organisation's SOAR platform, creating automated workflows and improving response efficiency. Perform More ❯

Senior Cyber Incident Response InvestigatorFully UK RemoteDV Clearance or eligibility essential£80,000 + OT and On-Call earning £100,000+ Excellent opportunity for a candidate with Incident Response experience, DV Clearance or the ability to obtain it, and extensive experience with cyber forensic tools to join a business offering an entirely remote working position, the … key stakeholders within your client. This is a highly autonomous environment and you'll even set your own hours of work.The ideal candidate will have good experience within Cyber Response and have a wide range of experience with different cyber forensic tools. Candidates must be happy to travel to customer sites a few times a year, must be eligible … a wide and varied client base, remote working opportunities, and the chance to make a real difference to businesses across the UK and Europe! The Role: *Senior-Level Cyber Incident Response Investigator*Fully Remote*Helping businesses deal with real-time cyber-attacks remotely*Occasionally travelling to customer sites*£80,000 base + OT and On-all bumping total More ❯

Investigator - Cyber Incident Response Location Flexible (UK) Please Note: Due to the nature of client work you will be undertaking, you will need to be willing to go through a Security Clearance process as part of this role, which requires 5+ years UK address history at the point of application. Accenture is a leading global professional services company … of our global team, you'll be working with cutting-edge technologies and will have the opportunity to develop a wide range of new skills. At Accenture, our global Incident Response team takes on some of the hardest and most meaningful challenges in cyber security. When major organisations are breached, when ransomware hits the headlines, when espionage or … problems under pressure, thrive on collaboration, and want to work with the best in the industry. Who We Are We’re a globally distributed team of nearly 200 dedicated incident responders, forensics specialists, and crisis managers spread across more than 25 countries. Every day, we work across time zones, cultures, and languages to protect clients that range from household More ❯

role, you will: Act as the primary escalation point for complex IT and cybersecurity incidents. Manage and secure core client infrastructure and cloud environments. Ensure centralised security, monitoring, and incident response platforms operate effectively. You will collaborate closely with our Service Desk, Projects and Account Management teams to maintain high standards of service, document solutions and mentor junior … and maintain security hardening across infrastructure, cloud services, endpoints, and networks, in alignment with best practices and frameworks such as ISO27001, NIST, and Cyber Essentials Plus. Lead and coordinate incident response efforts, including root cause analysis, threat containment and post-incident reporting for clients. Collaborate with the Project and Service Desk teams to embed security into deployments … upgrades, and automation workflows, ensuring systems remain secure by design. Maintain and improve Standard Operating Procedures (SOPs) for security operations, ensuring knowledge is shared across the team for rapid incident handling. Provide mentorship and cybersecurity guidance to junior engineers and Service Desk staff, fostering a culture of security awareness and proactive threat management. Perform ongoing threat intelligence monitoring and More ❯

the US, is undergoing a major transformation to build a Group Shared Services model. As part of this evolution, they’re seeking a proactive and technically skilled Security Operations & Incident Response Lead to elevate their security posture across diverse business models, including franchisee and third-party environments. Responsibilities: Lead Incident Response across the organization, coordinating investigations … to drive security improvements. Contribute to the development of security programs and frameworks. Provide technical leadership in Microsoft-centric environments (Defender, Sentinel, Azure 365). Requirements: Proven experience in incident response and vulnerability management. Strong proficiency in Microsoft Defender, Sentinel, Azure 365, Tenable, Nessus. Ability to analyze and remediate security threats across distributed environments. Excellent communication skills for More ❯

Cyber outsourcing and managed services to customers across enterprise, public sector and fast growing scale ups. Its Security Practice protects clients through a powerful mix of Managed Detection and Response (MDR), Threat Hunting, Vulnerability Management, Penetration Testing and Incident Response, supported by a world class Security Advisory function. As a Senior SOC Analyst, you will take a … role in identifying, investigating and responding to cyber threats across varied client environments. You will mentor junior analysts, lead complex incidents and help evolve the SOC’s detection and response capabilities. This is an opportunity to make a genuine impact, with the freedom to innovate and the support to grow into roles such as SOC Lead, Threat Hunter, Security … Engineer or Incident Responder. Why This Role Stands Out Join a $1B global IT and Cyber Defence provider that invests heavily in people and technology Work with cutting edge platforms such as Microsoft Sentinel, Defender, Elastic and Palo Alto Be part of a collaborative culture that values curiosity and continuous learning Clear progression into leadership or specialist technical roles More ❯

escalation role within a dedicated Security Operations Centre, working at the forefront of protecting high-value national assets. The successful candidate will act as a technical authority for advanced incident response, threat hunting, and security engineering, with a strong focus on the Microsoft security stack. Key Responsibilities Serve as the primary escalation point for complex incidents and lead … on incident response. Conduct in-depth threat hunting, forensic investigations, and root cause analysis. Develop, test, and optimise detection use cases, rules, and playbooks within Microsoft Sentinel and Defender. Provide mentorship and guidance to junior SOC analysts, enhancing team capability. Collaborate with IT and OT teams to address unique security requirements across CNI environments. Drive improvements in SOC operations … automation, and incident response processes. Monitor evolving threats and integrate threat intelligence into daily operations. Ensure adherence to industry standards and compliance frameworks (NIS2, CAF, ISO 27001). Skills & Experience Required Extensive background in SOC operations, incident response, and threat hunting. Expertise with the Microsoft security stack, including: Microsoft Sentinel (SIEM/SOAR) Microsoft Defender for More ❯

role, requiring collaboration across IT, legal, procurement, and operational teams. You will act as the primary point of contact for all matters related to information assurance, supplier security assurance, incident response, and regulatory compliance. Scope IT Security Operations Collaborate closely with IT SecOps team members to ensure security controls remain effective. Where gaps are identified, implement appropriate mitigation … measures and lead the response to security incidents in a timely and coordinated manner. Compliance & Security Coordinate ISO 27001 certification audits and maintain ongoing compliance on behalf of the IT & Digital function. Actively support and contribute to health and safety, environmental sustainability, business continuity, and information security initiatives, ensuring we meet our obligations to customers and regulatory standards Delivery … and supports business objectives. Risk Management: Identify, evaluate, and mitigate information security risks across systems, suppliers, and processes. Maintain visibility over key cyber risks and report to senior leadership. Incident Response: Lead the response to security incidents, including forensic analysis, reporting, and remediation. Coordinate with law enforcement and external partners where necessary. Supplier Assurance: Conduct security reviews More ❯

Job summary The Digital Incident and Problem Lead is a critical member of the DDaT service delivery team, primarily responsible for the resilience, continuity, and recovery of all digital services across the Trust and wider health system. A central function of the role is to develop and maintain a robust business continuity framework in line with best practices. This … service resilience , identifying vulnerabilities and developing effective solutions to ensure continuous service availability for patients. In addition to strategic planning, the Lead is responsible for the practical aspects of incident and problem management. This includes developing and maintaining a comprehensive reporting and monitoring regime to oversee all plans, tests, incidents, and problems, categorized by type and severity. A key … Incidents , with an imperative focus on reducing or avoiding risks to clinical (patient) safety, security, and information governance. The role demands strong leadership, communication skills, and specialist knowledge in incident management and business continuity, preferably in a 24/7/365 digital service environment. Main duties of the job We are seeking a proactive and skilled Digital Incident More ❯

hybrid, and on-premises environments, identifying vulnerabilities and improvement areas. Provide guidance on compliance and frameworks such as ISO 27001, Cyber Assessment Framework (CAF), and Cyber Essentials. Contribute to incident readiness and response as part of the Cyber Security Incident Response Team (CSIRT). Actively contribute to the internal growth and knowledge-sharing within the wider … management, and compliance. Excellent communication and stakeholder engagement skills, with the ability to influence at board level. Hands-on experience with cloud and hybrid architectures, audits, and security assessments. Incident response and crisis management experience is a plus. Holding CISSP/CISM ISO27001 Lead implementer If you’re looking for a role where you can combine strategic influence More ❯

date with the latest cybersecurity threats, trends, technologies, and best practices. Provide expert advice and guidance on information security matters to various stakeholders across the organization. 2. Security Operations & Incident Response: Oversee the day-to-day operation of security systems and tools, including firewalls, intrusion detection/prevention systems (IDS/IPS), antivirus, anti-malware, SIEM (Security Information … and Event Management), vulnerability scanners, and data encryption solutions. Manage vulnerability management programs, including regular scanning, penetration testing, and remediation of identified weaknesses. Lead and manage security incident response, including detection, analysis, containment, eradication, recovery, and post-incident review. Develop and maintain robust disaster recovery and business continuity plans related to information security. Monitor security alerts, logs … principles, frameworks (e.g., ISO 27001, NIST, Cyber Essentials), and best practices. Hands-on experience with security technologies such as firewalls, SIEM, IDS/IPS, vulnerability scanners, endpoint detection and response (EDR), and identity management solutions. Experience with cloud security (e.g., Azure Security). Proven experience in managing security incidents and conducting incident response. Familiarity with data privacy regulations More ❯

variety of stakeholders to ensure, the Leidos CSOC, a Defensive Cyber Security capability, can support a customers Cyber Resilience, protecting them with a 24 x 7 Threat Detection and Response service, mitigating their risk of Cyber Attack. The successful candidate will be able to demonstrate experience from a CSOC background or be able to demonstrate sufficient transferable Cyber Security … reactive analysis, articulating emerging trends to leadership and staff. Use data collected from Cyber Defence tools firewalls, IDS, network traffic, UEBA (User Entity Behaviour Analysis), Security Orchestration and Automated Response (SOAR) etc. to analyse events that occur within the environments. Respond to and correlate alerts from various detective and preventative Cyber Security tools such as Security Information Event Monitoring … SIEM), End Point Protection (EPP), End Point Detection and Response (EDR), XDR (Extended DR), Web Application Firewall (WAF), and Firewalls. Proactively detect suspicious activity, vulnerabilities, and security misconfigurations before they can be exploited by adversaries impacting Confidentiality, Integrity and Availability which could lead to a Cyber Security Incident. Inspection and correlation of logs from multiple sources to identify repeating More ❯

secure network architecture and enforce segmentation and least-privilege access controls. Support secure cloud environments across Azure, AWS, or GCP (e.g., IAM, security groups, encryption, KMS). Threat Detection & Incident Response Monitor and analyze security alerts and network traffic for threats or suspicious activity. Lead or support incident response activities: investigation, containment, eradication, recovery, and reporting. More ❯

technical expertise with strategic business engagement, ensuring that security is seamlessly integrated across all commercial activities. This role will oversee the organization’s security strategy, security operations, vulnerability management, incident response, risk identification and mitigation planning/implementation, identity management, network security, privacy, and compliance. The Director will work closely and report to the Group CISO. Responsibilities Strategic … Coordinate penetration testing, red team exercises, and remediation activities. Partner with IT and DevOps teams to embed secure-by-design principles into systems, applications, and IaC. Oversight of the Incident Response plan as well as hosting of regular table top simulations for the executive leadership team. Reporting of key security metrics to both the CISO and executive leadership … hands-on experience with: Hybrid Microsoft stack (Windows, Active Directory, Azure, O365). Linux administration and security. PAM solutions (CyberArk, BeyondTrust, or equivalent). SOC/SIEM operations and incident response. EDR/XDR and endpoint hardening Vulnerability management tooling Track record of engaging directly with senior business leaders to communicate risk and influence decisions. Nice to Haves: Exposure More ❯

you will investigate and respond to cyber security incidents that could impact critical systems and services across the UK. You will play a key part in identifying threats, supporting incident response, and helping to continually improve the organisation’s cyber defence capabilities. The role also involves mentoring apprentice analysts and joining an out-of-hours on-call rota … user reports. Analyse systems, files, network traffic, and cloud environments to determine the extent of incidents. Support technical responses to incidents, including containment, eradication, and recovery. Contribute to post-incident reviews and develop lessons learned. Create and improve incident response playbooks and knowledge base articles. Work closely with wider Cyber Defence functions to strengthen security operations. Act … years’ experience investigating and responding to cyber incidents. Hands-on use of SIEM tools (Splunk preferred, Microsoft Sentinel or equivalent acceptable). Experience with EDR solutions to support incident investigation. Understanding of threat actor tools, techniques, and procedures (TTPs). Strong analytical and problem-solving skills. Excellent written and verbal communication skills. Desirable skills: Advanced Splunk experience or certification. More ❯

Role: As Head of Security, you will own the strategic and operational delivery of all information and cyber security activities. You'll develop and implement robust security policies, oversee incident response, and ensure compliance with GDPR, PCI DSS, ISO 27001, and Cyber Essentials Plus. You will be the single point of accountability for all security matters, reporting directly … compliance with GDPR, PCI DSS, Cyber Essentials Plus, and ISO/IEC 27001:2022 aligned practices. Lead Data Protection Impact Assessments (DPIAs), data mapping, classification, and retention programs. Oversee incident response, vulnerability management, patch compliance, and secure configuration baselines using SCCM, Ivanti, Intune, GPO, and Azure Defender. Drive SOC integration, threat intelligence, and monitoring to continuously improve detection … and response capabilities. Manage hybrid environments, including Azure, AWS, Nutanix, and on-premise infrastructure. Support SD-WAN, cloud firewalls, CASB, Zero Trust, and SASE architectures. Own enterprise security risk assessments, track key risk indicators (KRIs), and report on cyber maturity to executive leadership. Drive security culture through training, phishing simulations, and awareness programs. Partner with IT, Legal, HR, and More ❯

posture. This is a hands-on, operationally focused role that blends technical security responsibilities with governance, risk, and compliance (GRC) elements. As Cyber Security Analyst, you will: Lead cyber incident investigations with SOC and client teams Triage and analyse alerts across email, cloud, and hybrid systems Perform threat hunting and develop detection use cases Manage vulnerability assessments and remediation … efforts Maintain and optimise DLP tools and incident response Support forensic readiness and insider risk initiatives Develop and enforce security policies and awareness programs Lead incident response and produce investigation reports Utilise and enhance Microsoft Security Stack (Sentinel, Defender, Purview) Drive Zero Trust implementation Conduct security audits and generate KPI/compliance reports Mentor junior analysts More ❯

posture. This is a hands-on, operationally focused role that blends technical security responsibilities with governance, risk, and compliance (GRC) elements. As Cyber Security Analyst, you will: Lead cyber incident investigations with SOC and client teams Triage and analyse alerts across email, cloud, and hybrid systems Perform threat hunting and develop detection use cases Manage vulnerability assessments and remediation … efforts Maintain and optimise DLP tools and incident response Support forensic readiness and insider risk initiatives Develop and enforce security policies and awareness programs Lead incident response and produce investigation reports Utilise and enhance Microsoft Security Stack (Sentinel, Defender, Purview) Drive Zero Trust implementation Conduct security audits and generate KPI/compliance reports Mentor junior analysts More ❯

posture. This is a hands-on, operationally focused role that blends technical security responsibilities with governance, risk, and compliance (GRC) elements. As Cyber Security Analyst, you will: Lead cyber incident investigations with SOC and client teams Triage and analyse alerts across email, cloud, and hybrid systems Perform threat hunting and develop detection use cases Manage vulnerability assessments and remediation … efforts Maintain and optimise DLP tools and incident response Support forensic readiness and insider risk initiatives Develop and enforce security policies and awareness programs Lead incident response and produce investigation reports Utilise and enhance Microsoft Security Stack (Sentinel, Defender, Purview) Drive Zero Trust implementation Conduct security audits and generate KPI/compliance reports Mentor junior analysts More ❯

and Web Application) • Mobile phone/Application Penetration Testing (Android/iPhone/iPad) • Computer and Network Forensics (including e-Discovery) • Delivery of Enterprise Wide Security Programs • Operational Security (Incident Response) • Infrastructure Security and Risk assessments • Network Security (border control devices) • Social Engineering • Good client facing skills. • Drive and ambition to provide support the UK business development executives. … Advanced Certified Ethical Hacker • EnCE - EnCase Certified Examiner http://www.encase.com • CWSP - Certified Wireless Security Professional • PWB - Offensive Security : Penetration Testing with Back|Track • SANS GCIH - GIAC Certified Incident Handler • Major involvement in Network & Web Application vulnerability assessment and penetration tests utilising the OWASP and OSSTMM open standards and other standards. • Lead IT Security Assessment, Incident Response More ❯

deployment, configuration management, and consistent infrastructure provisioning. Security Configuration and Optimization Configure and optimize security measures, including IAM policies, security groups, network access controls, and encryption protocols. Monitoring and Incident Response Monitor AWS security alerts and incidents using AWS tools. Respond to and mitigate threats in real-time, conducting post-incident analysis and documentation. Risk and Compliance … CD pipelines and production environments. Partner with clients to understand their requirements and deliver customized cloud security solutions. Reporting and Documentation Create detailed reports on detected threats, incidents, and response activities. Maintain technical documentation, security best practices, and deployment guides. Mentorship and Knowledge Sharing Provide guidance and mentorship to team members on security best practices and implementation processes. Stay … Code (IaC) tools like AWS CloudFormation and Terraform In-depth knowledge of Identity and Access Management (IAM), VPC security, and encryption techniques Experience with network defense, vulnerability management, and incident response Familiarity with DevSecOps and integrating security within CI/CD pipelines Knowledge of threat detection, risk assessment, and security audit processes Excellent analytical, problem-solving, and communication More ❯

for the day-to-day operation, monitoring, and improvement of the organization’s cybersecurity posture. This role ensures that systems and data remain secure and available through proactive management, incident response, and collaboration with SOC and SIEM teams. The successful candidate will have hands-on experience in Microsoft 365 and Azure environments, as well as familiarity with MDR … DLP) policies and technologies to prevent unauthorized data access, transmission, or exfiltration across endpoints, email, and cloud services. Assist in the implementation and upkeep of MDR (Managed Detection and Response) solutions. Administer and optimise email security controls (e.g., Microsoft Defender for Office 365, Proofpoint, Mimecast). Support periodic audits and compliance checks (ISO 27001, Cyber Essentials, or equivalent). … Sentinel, Splunk, or equivalent) MDR and EDR tools Email security solutions (Defender, Proofpoint, Mimecast, etc.) Network security tools such as firewalls, VPNs, and intrusion prevention systems Strong understanding of incident response workflows and escalation procedures. Familiarity with vulnerability management tools and patching practices, including manual remediations Solid grasp of authentication, identity management, and least privilege principles. Strong documentation More ❯

opportunity to grow and learn with the organisation. As part of our Blue Team, you’ll use the latest intelligence and tooling to analyse information systems to ensure effective incident detection and response. Job Description If you are looking to make your mark on a rapidly growing SecOps team with some very exciting clients, look no further. We are … with an inquisitive nature and a keen interest when it comes to technical cybersecurity topics such as threat hunting, attacker tactics and techniques, monitoring and alerting, threat intelligence, and incident readiness and response. Key responsibilities of the role are summarised below: · Security monitoring and incident response · Detection engineering - Develop, maintain, and enhance security detection content primarily for … to identify trends and spot unusual behaviours, indicative of malicious activity · Proactive threat hunting using available client data · Collection and/or interpretation of different sources of threat intelligence · Incident response · Automation of SecOps processes using scripting More ❯

high-level proactive and reactive threat hunting methods, classifying, analysing, prioritising and remediating security alerts/events. The focus is to provide effective, proactive and a highly technical analytical response to cyber security-related incidents to prevent QBE from becoming compromised by modern attack methods and techniques. Main responsibilities: Act as point of escalation and mentor to junior SOC … and resources to correlate suspicious events, providing context around the event, determine root cause and provide regular updates and recommend modifications to existing systems and procedures. Perform deep-dive incident analysis of various data sources by analysing and investigating security related logs against medium-term threats and IOCs Actively manage and apply the phases of Incident Response … of logs, i.e. network, active directory, database, DNS, firewall, proxies, host-based security, cloud and applications logs etc. Working experience in leading security incidents at all levels related to incident response Working experience in managing 2nd/3rd level security events Ability to manage strong relationships with global security operations colleagues and other departments, including network teams and More ❯