1 to 25 of 30 Incident Response Jobs in the South West

high-security operational environment supporting mission-critical systems. This is an exciting opportunity for a skilled Tier 2/3 SOC professional with strong incident response and SIEM expertise to work within a fast-paced enterprise Security Operations Centre. The successful candidate will be responsible for monitoring … analysing security events in real time, investigating incidents, and supporting the continuous improvement of detection and response capabilities. Key Responsibilities Monitor and analyse security events within an enterprise SOC environment Perform real-time alert triage and incident investigation Determine incident scope, priority, impact, and remediation actions Manage ...

incidents and mangment of the SOC Analysts. This is a critical leadership role, responsible for protecting the organisation against real-time cyber threats, driving incident response, and ensuring resilience across a complex technology estate. Our client is offering a 6 month rolling contract, paying … high-impact opportunity to shape cyber strategy at an enterprise level, working closely with senior stakeholders and external agencies to strengthen security posture and response capability. You will play a key role in building and evolving the CSOC capability, operating within a highly visible and business-critical function, with ...

Cyber Security Operations Centre (CSOC). This is a critical leadership role, responsible for protecting the organisation against real-time cyber threats, driving incident response, and ensuring resilience across a complex technology estate. Our client is offering a 6 month rolling contract, paying up to £850 PD Inside … high-impact opportunity to shape cyber strategy at an enterprise level, working closely with senior stakeholders and external agencies to strengthen security posture and response capability. You will play a key role in building and evolving the CSOC capability, operating within a highly visible and business-critical function, with ...

strengthening and evolving their cyber defence capability. This is a high-impact leadership role where you'll own security operations end-to-end , lead incident response, and work closely with the CISO to drive continuous improvement across a mature but evolving cyber function. What you'll be doing … Leading and developing a Cyber Security Operations team Acting as incident commander during cyber events and investigations Maturing SOC, CSIRT and incident response capabilities Driving threat hunting, detection and monitoring improvements Owning vulnerability management and pen test governance Ensuring alignment with ISO27001, NIST, GDPR and regulatory expectations ...

detected by automated controls Translate threat intelligence into actionable hunt hypotheses Continuously refine detection logic based on hunt outcomes and emerging threats Investigations & Incident Response Lead complex and high-severity security investigations from triage through containment and remediation Act as the technical escalation point for advanced SOC investigations … Conduct root cause analysis and attacker kill-chain reconstruction Produce clear, defensible investigation documentation suitable for executive, legal, and regulatory audiences Coordinate incident response activities with IR, IT, Legal, Risk, and external partners as required SOC Technical Leadership Define investigation standards, workflows, and quality benchmarks Mentor and upskill ...

system environments. This role sits within a Security Operations function but is heavily engineering focused, combining hands on OT security tooling, detection engineering and incident response to strengthen resilience across critical infrastructure. Key Responsibilities: Act as the OT security engineering SME, supporting both operational and project based activities … equivalent) Develop and refine detection rules, alerting logic and monitoring coverage across OT and IT/OT convergence points Lead technical investigations and incident response for OT-related cyber events Analyse industrial network traffic to identify anomalies, threats and protocol misuse Integrate OT telemetry into SIEM ...

Defender for Identity, Defender for Cloud Apps, etc.) and other monitoring tools to identify and respond to potential data loss or unauthorised data sharing Incident Triage & Response: Perform timely triage of security alerts to determine impact and urgency, investigating incidents using available tools and data Lead initial incident response actions (containment, remediation, communication) for confirmed security incidents, following established escalation procedures Ensuring that all incidents are promptly escalated to senior leadership or external partners, as appropriate Threat Analysis & Intelligence Integration: Analyse malicious activities to determine root cause and attack vectors by mapping observed attacker actions ...

alerts within a live SOC environment. Analyse security incidents to determine scope, impact, and priority, ensuring appropriate escalation and response. Manage end-to-end incident response activities from detection through to resolution. Support the development and enhancement of SIEM use cases, detection rules, analytics, and playbooks. Conduct real … cloud environments, and enterprise IT infrastructure. Experience creating and tuning detection use cases, analytics, and playbooks. Knowledge of Information Security principles, threat detection, and incident response practices. Familiarity with Microsoft technologies, Linux systems, and security tooling. Understanding of security frameworks and data protection principles including GDPR ...

technical engine behind the organisation's global digital integrity. Your responsibilities will include: Managing the Global SOC to ensure proactive threat hunting and rapid incident response across all global time zones. Implementing a cutting-edge DevSecOps approach to ensure security is automated and embedded within the CI/… have personally achieved certification from scratch) 2.DevSecOps (Embedding security into CI/CD pipelines and automated workflows) 3.SOC Management (Overseeing global threat detection and incident response) 4.NIST Framework (Applying security standards for the Americas region) 5.Essential 8 (Understanding and implementing Australian security protocols) 6.Vulnerability Management (Coordinating risk-based ...

team that bridges the gap between cyber operations and business continuity — ensuring our clients can respond confidently when disruption strikes. You’ll work across incident response readiness, cyber recovery planning, crisis management exercises, and resilience assessments that protect real-world business outcomes. It’s meaningful, high-impact work … Build cyber resilience strategies: Design and deliver tailored cyber resilience and recovery frameworks that integrate business continuity, IT disaster recovery, and incident response. Assess and improve readiness: Conduct cyber resilience maturity assessments and tabletop exercises; identify and prioritise gaps in recovery capabilities. Design recovery playbooks: Create actionable recovery ...

with junior engineers and IT colleagues, promoting a culture of security across the organization. The ideal candidate will have strong experience in security design, incident response, and delivery of cyber security roadmaps. Located primarily at Park Campus, the role requires flexibility across all University locations in Cheltenham & Gloucester. ...

role is within the Cyber Security Threat Intelligence team within NHS England National CSOC, part of CSOU. The CSOU function provides centralised monitoring and response across NHSE, and the system, which consists of Threat Operations, Protective Monitoring, Incident Management & response and DevOps. The Threat Intelligence function … raising issues to senior leadership. Act as a quality and audit layer for written Threat Intelligence products. Making Cyber Threat Intelligence (CTI) decisions within Incident Response scenarios and leading in-depth CTI investigations. Act as the escalation tier for cyber threat intelligence tasks within Cyber Security tooling including ...

principles Risk assessment, threat modelling, and vulnerability management Security frameworks: ISO 27001, NIST 800-30/53, OWASP Cloud security architecture (AWS, Azure, GCP) Incident response, penetration testing, and remediation concepts Persuasive communication skills across technical and non-technical stakeholders Excellent analytical, documentation, and problem-solving capability Knowledge ...

third-party suppliers, and product vendors to ensure effective support and performance of applications and systems Proactively monitor security systems and tools, leading the response to security incidents and issues; support investigations and incident response, including participation in an on-call security rota when required Provide trusted ...

compliance and engagement with Qualified Security Assessors (QSAs).* Drive cyber awareness programs and phishing simulations to embed a security-aware culture.* Manage security incident response planning and coordinate with Security Operations Centre (SOC).* Report regularly to PayTech Executive Leadership and Edenred Group CISO on security program … Azure, GCP).* Excellent communication skills, able to convey complex security topics to non-technical stakeholders.* Pragmatic, calm, and resilient under pressure during incident management.**Why Join Us?** Be part of a dynamic and strategic security leadership team within a pioneering FinTech environment. Influence the protection of critical technologies ...

supporting secure cloud and on-prem environments. You'll work closely with engineering and infrastructure teams to drive best practice across deployment, monitoring, and incident response. Key Requirements: Active DV Clearance (essential) Experience in Site Reliability Engineering, DevOps, Platform, or Infrastructure Engineering Strong experience with AWS, Azure ...

backgrounds, including Computer Science graduates, Linux-focused infrastructure engineers, Kubernetes/platform engineers, and individuals from live service or service desk environments with strong incident management experience. This is a hands-on operational engineering role focused on maintaining stability, availability, and performance of a complex, secure cloud platform operating … Responsibilities Provide frontline operational support for secure cloud infrastructure and platform users Troubleshoot and resolve critical incidents across live production systems Lead or support incident response, escalation, and coordination during shifts Operate within a 24/7 rota supporting high-priority workloads and services Follow, maintain, and improve ...

principles, and outcomes Review policies, governance, and technical/operational controls against CAF requirements Assess cyber capabilities across: Risk management Protective security Monitoring & logging Incident management Supply chain security Operational resilience Produce high-quality outputs including: Assessment reports Risk findings Observations Improvement recommendations Contribute to assurance documentation, reporting … communication skills Experience working within public sector, regulated, or enterprise environments Solid understanding of cyber security domains, including: Identity & Access Management Vulnerability Management Incident Response SIEM/Monitoring & Logging Resilience and business continuity Supply chain security Ability to manage multiple priorities and deliver under tight deadlines Experience working ...

extension possible) 🔒 Clearance Required: Active DV Clearance Key Responsibilities: • Perform triage of security events and incidents • Determine scope, impact and remediation priorities • Real-time incident management from detection to resolution • Support SIEM engineering and tool configuration within an enterprise SOC • Develop use cases, analytics and playbooks • Work within … Tier 2/3 SOC Analyst experience (2+ years) ✔ Hands-on SIEM experience (ArcSight preferred) ✔ SOC certifications such as SANS, ISC2 or equivalent ✔ Strong incident response and threat analysis capability ✔ Understanding of cloud technologies. Desirable: ➕ Defence/MOD experience ➕ Team lead exposure ➕ Degree in Computing, Engineering or related ...

assessment findings and security recommendations Ensuring compliance with industry standards and regulatory requirements Providing expertise and guidance on cyber security best practices Participating in incident response activities when necessary Job Requirements: Experience in cyber security roles, particularly in risk assessment and assurance Strong analytical skills with the ability ...

Manage and develop the IT team Oversee Microsoft 365, networks, telephony and key legal systems Deliver projects and drive digital transformation Own cybersecurity, risk, incident response and continuity planning What you’ll need Senior IT leadership experience (professional services ideal) Strong Microsoft 365, Windows Server, AD, Intune ...

Agile delivery model (Discovery – Alpha – Beta – Live) aligned to GDS/DDAT standards Driving platform reliability and performance, including monitoring, alerting, and incident response Getting hands-on when it counts - complex pipeline development, optimisation, troubleshooting, and secure integration design Coaching and mentoring data engineering practitioners and building communities ...

excellence across the platform. Shape the technology roadmap, contributing to architectural decisions and cloud migration strategies. Manage operational risk, security posture, monitoring, alerting and incident response for Home Finance systems. Use data and insights to guide prioritisation, engineering improvements and product decisions. Support talent development, succession planning ...

maintain Prometheus-based monitoring solutions Develop and manage metric exporters for application and system-level data Optimise Prometheus scraping configurations and retention policies Alerting & Incident Response Define and maintain alert rules based on SLIs/SLOs and performance baselines Ensure alerts are actionable, with minimal false positives Participate … necessarily lead) in on-call rotations and incident postmortems Observability Dashboards Design and maintain Grafana dashboards for real-time operational insights Collaborate with engineering and product teams to create tailored visualisations Provide self-service dashboard capabilities for end users System Performance & Reliability Monitor infrastructure (servers, containers, databases, services ...

Directors and Board on digital risk, cyber security, information governance, data protection and service resilience. Leading cyber security arrangements, including relevant accreditations, incident preparedness and proactive cyber risk management. Ensuring data is collected, stored, processed, shared and reported lawfully, securely and effectively. Overseeing the maintenance and development of applications … suppliers and contracts as an intelligent client, holding providers to account and advising on internal versus third-party delivery. Supporting Emergency Preparedness, Resilience and Response (EPRR), making sure data, digital and technology arrangements enable safe and responsive services. Building strong working relationships across clinical, operational, corporate and leadership teams. ...