1 to 25 of 818 Incident Response Jobs in the UK

firm's cybersecurity lawyers. The global team have experience advising clients on hundreds of incidents. Leveraging this experience, they feedback practical lessons learned into clients' cyber risk management and incident response programmes. What you will do Reporting to the global Head of Cyber Defence, the Cyber Defence and Security Operations Manager is a key role within the firm … a team of senior analysts and analysts, providing guidance and direction to protect the organisation's information assets and infrastructure from cyber threats. This will include: Security Monitoring and Incident Response Establish a positive and collaborative working relationship with your Managed Security Service Provider (MSSP) who performs Level 1 monitoring of our global security alerts and events. Orchestrate … data from multiple sources, to quickly assess potential incidents, their scope, and impact. Achieve deep understanding of the available toolsets and how to operate them to best effect in incident prevention, detection and response, providing feedback to the security architecture and engineering team about how they can be optimised. Make decisions on the implementation of containment measures at More ❯

will focus on creating a business strategy, gap analysis and implementation, for securing their Azure-based infrastructure, integrating security automation, ensuring PCI DSS compliance, vulnerability and penetration testing and incident response. This role will focus on developing and maintaining secure, scalable Azure DevOps pipelines and Infrastructure as Code (IaC) using Terraform. Their ideal candidate will have a strong background … every stage. Cloud Security Implementation: Leverage Azure Security Centre, Microsoft Defender for Cloud, and Microsoft Sentinel for advanced security monitoring. Threat Detection & SOAR Automation: Oversee Security Orchestration, Automation, and Response (SOAR) solutions including SOC Prime. Network & Application Security: Manage Web Application Firewalls (WAF) and Intrusion Prevention Systems (IPS). Vulnerability & Penetration Testing: Review Penetration Testing, vulnerability assessments, and security … proactively identify and remediate risks. PCI DSS Compliance: Conduct security audits, risk assessments, and ensure regulatory compliance. DNS Security: Implement and monitor DNS security solutions to prevent cyber threats. Incident Response: Formulating and documenting a solid process utilising a 3rd party support partner Security Monitoring & Logging: Develop SIEM solutions, logging strategies, and real-time threat intelligence. Monitor, audit More ❯

to continuously improve the college's overall security posture and stay ahead of evolving threats. •Work closely with the Help Desk and IT Security Team to provide customer support, incident response, and corrective actions. Includes training Help Desk staff in the Defender Security portal and basic triage procedures. •Create technical documentation for systems, policies, and procedures, including internal … security processes, phishing response procedures, and vendor security evaluation protocols. •Consult with the IT Security Team on policy development and maintenance, particularly in alignment with NIST 800-171 and Microsoft best practices. Drive effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation. Monitor compliance with and contribute … Familiarity with common enterprise systems, security tools, and best practices in risk mitigation. •Knowledge in areas including firewalls, IDS/IPS, VPN, remote access, security logging, vulnerability management, security incident response, and penetration testing. •Preferred qualifications include relevant Information Security Certifications, and experience with NIST 800-171, and HECVAT. •A demonstrated ability to analyze and respond to security More ❯

and Disaster Recovery : Contribute to the development and testing of business continuity and disaster recovery plans from an information security perspective, including considerations for application security. Security Monitoring and Incident Response : Establish and maintain processes for continuous security monitoring and detection of security events, including application-specific security events. Lead the investigation and resolution of security incidents, including More ❯

and Disaster Recovery: Contribute to the development and testing of business continuity and disaster recovery plans from an information security perspective, including considerations for application security. Security Monitoring and Incident Response: Establish and maintain processes for continuous security monitoring and detection of security events, including application-specific security events. Lead the investigation and resolution of security incidents, including More ❯

and Disaster Recovery: Contribute to the development and testing of business continuity and disaster recovery plans from an information security perspective, including considerations for application security. Security Monitoring and Incident Response: Establish and maintain processes for continuous security monitoring and detection of security events, including application-specific security events. Lead the investigation and resolution of security incidents, including More ❯

and Disaster Recovery : Contribute to the development and testing of business continuity and disaster recovery plans from an information security perspective, including considerations for application security. Security Monitoring and Incident Response : Establish and maintain processes for continuous security monitoring and detection of security events, including application-specific security events. Lead the investigation and resolution of security incidents, including More ❯

and Disaster Recovery : Contribute to the development and testing of business continuity and disaster recovery plans from an information security perspective, including considerations for application security. Security Monitoring and Incident Response : Establish and maintain processes for continuous security monitoring and detection of security events, including application-specific security events. Lead the investigation and resolution of security incidents, including More ❯

security solutions (firewalls, SIEM, IDS/IPS, endpoint protection, cloud security). Shape strategic security recommendations and collaborate on technical win plans. Maintain and update security policies, procedures, and incident response plans. Deliver security awareness training and advise clients on best practices. Support audits and compliance initiatives (ISO 27001, NIST, GDPR, etc.). Work cross-functionally with internal … with SIEM, EDR, VPNs, firewalls, and cloud platforms (AWS, Azure, GCP). Expertise in Microsoft Sentinel, Cisco Splunk or Palo Alto QRadar, and KQL. Proven skills in threat detection, incident response, and forensic analysis. Knowledge of SOAR tools (especially Palo Alto XSOAR or similar). Familiarity with compliance standards: ISO 27001, NIST, CIS, GDPR, HIPAA. Bonus: scripting/ More ❯

a cybersecurity team, overseeing the implementation of security strategies. Develop and enforce cybersecurity policies, standards, and best practices. Conduct vulnerability assessments and manage compliance with security frameworks. Oversee security incident response, forensic investigations, and risk mitigation strategies. Monitor networks and systems, ensuring proactive threat detection and response. Collaborate with internal stakeholders and external agencies to maintain a strong More ❯

high a level of security operations delivery function Oversee and enhance security monitoring systems to detect and analyse potential security incidents. Conduct real-time analysis of security events and incident and escalate as necessary Support other teams on investigations into incidents, determining the root cause and impact. Document findings and lessons learned to improve incident response procedures. … Ensure runbooks are followed and are fit for purpose Incident Response: Lead and coordinate incident response activities to effectively contain, eradicate, and recover from security incidents. Develop and maintain incident response plans, ensuring they align with industry best practices. Escalation management in the event of a security incident Follow major incident process … to other analysts. Working with the Technical Teams to ensure all new and changed services are monitored accordingly Documentation: Maintain accurate and up-to-date documentation of security procedures, incident response plans, and analysis reports. Create post-incident reports for management and stakeholders. Support the creation of monthly reporting packs as per contractual requirements. Create and document More ❯

high a level of security operations delivery function Oversee and enhance security monitoring systems to detect and analyse potential security incidents. Conduct real-time analysis of security events and incident and escalate as necessary Support other teams on investigations into incidents, determining the root cause and impact. Document findings and lessons learned to improve incident response procedures. … Ensure runbooks are followed and are fit for purpose Incident Response: Lead and coordinate incident response activities to effectively contain, eradicate, and recover from security incidents. Develop and maintain incident response plans, ensuring they align with industry best practices. Escalation management in the event of a security incident Follow major incident process … to other analysts. Working with the Technical Teams to ensure all new and changed services are monitored accordingly Documentation: Maintain accurate and up-to-date documentation of security procedures, incident response plans, and analysis reports. Create post-incident reports for management and stakeholders. Support the creation of monthly reporting packs as per contractual requirements. Create and document More ❯

ISO 42001, GDPR, and DORA. This role focuses on internal audits, regulatory compliance, and readiness for external audits while also contributing to Cybersecurity Operations Center (CSOC) activities, including incident monitoring and response. How will you make an impact? Internal Audit Execution: Conduct internal audits to evaluate and enhance IT controls, compliance with standards, and risk management processes. Audit Preparation … audit teams to streamline processes and provide requested documentation and evidence. Security Monitoring: Use tools such as Rapid7 InsightIDR or other SIEM solutions to assist with security monitoring and incident detection. Incident Response Support: Participate in incident response efforts, documenting security incidents and assisting in containment and recovery actions. Threat Identification: Contribute to analyzing cybersecurity … Plus. Familiarity with CSOC tools such as Rapid7 InsightIDR or other SIEM solutions. Hands-on experience in internal and external audits, compliance assessments, and process improvement. Basic understanding of incident response frameworks and cybersecurity best practices. Exceptional analytical, organizational, and communication skills. Commitment to continuous learning and professional development in audit, compliance, and security. You will have an More ❯

engaged in risk management, including evaluating vendor risk, examining vendor contracts, understanding third-party risk, and data privacy issues. This individual serves as an expert on cybersecurity protection, detection, response, and recovery, coordinating penetration testing and managing cybersecurity analysts to detect, mitigate, and analyze threats. Works closely with other teams to develop controls such as firewalls, data leakage prevention … activities to meet regulatory requirements. Evaluate and implement cybersecurity solutions to maintain confidentiality, integrity, and availability. Participate in proofs-of-concept for new security technologies. Develop and test security incident response plans, acting as incident response leader. Develop security, risk, and compliance reports and alerts. Review policies and procedures annually for security compliance. Develop, test, and More ❯

Endpoint monitoring and analysis. * Malware analysis and forensics research. * Understanding/differentiation of intrusion attempts and false positives. * Lead investigations into security breaches, incidents, or suspicious activities and provide incident reports to stakeholders. * Enforce security policies, procedures, and guidelines for all IT systems and operations. * Provide recommendations for improving security practices to meet evolving regulatory and organisational needs. * Vulnerability … identification & mitigation/remediation. * Advise incident responders & other teams on cybersecurity threats. * Triage security events and incidents and apply containment and mitigation/remediation strategies. * Collaborate with other IT teams to ensure seamless security integration with infrastructure, applications, and services. * Maintain comprehensive documentation related to security configurations, incident reports, audits, and compliance activities. * Proactively monitor the performance of … avoidance actions to prevent wider problems. * Function as the point of escalation for the Service Desk for security-related tickets. * Analysis of weekly vulnerability scans and update relevant records. * Incident readiness and handling as part of the Computer Security Incident Response team (CSIRT). * Monitor and analyse security logs from various systems (including SIEM) and network devices More ❯

assessment of Clarks' security posture Support business continuity and disaster recovery processes and assist in the development and implementation of activities to improve Clarks' cyber resilience Support of security incident response activities, including providing expertise in triaging and resolving key issues, engaging with outsourced security operations and internal SecOps teams to ensure standards and policies are appropriately applied … and assisting in the creation and updating of relevant run books to help ensure effective incident management planning and execution Support for compliance and audit activities, working with internal and external stakeholders to understand requirements, identify remedial activity, and monitor progress Analysing emerging and developing threats and working with stakeholders to validate the potential impact on Clarks - and recommend … security controls and best practices across a number of the following areas/domains: Network and infrastructure (networking protocol knowledge is an advantage Endpoint (e.g. DLP, Endpoint Detection and Response, File Integrity, SIEM) Database technologies (SQL, Oracle) General cryptography practices (e.g. PKI) Cloud environments (Azure, AWS) Fundamental understanding of privacy and data protection laws and regulations and how they More ❯

for completing the implementation of a number of strategic based security solutions for new security tooling or existing. The engineer will also participate in security related service management processes (incident, change and problem management) and will participate in the planning, design, enforcement and review of security controls which protect the integrity of the firm. Essential Duties and Responsibilities for … DLP. Standard, third party and privilege Identity Access Management Operate, manage and improve HSM key management infrastructure. Remediation of external, internal vulnerabilities, web application scanning and patch compliance. Cyber Incident Management and or Security Forensic experience. Documenting High Low and Detailed Level designs for review and presentation. Representing IT security at the Change Authority Board, Architecture Review Board Attend … years Cyber Security Engineer experience. Hands-on technical support experience in IT and Network Security Engineering and/or Systems Engineering roles. Substantial experience in Security Technology Management and Incident Response, including proficiency in SOC, Malware, Ransomware, Threat Analytics, Server and Endpoint security. Must be proficient in writing up documentation. Clear and concise presenting skills. Strong communication and More ❯

Manage identity and access management (IAM) in a cloud-first environment, including Azure AD, MFA, Conditional Access, SSO, and Privileged Access Management (PAM). • Lead threat monitoring, detection, and response using cloud-native security solutions such as Microsoft Defender, Sentinel, and SIEM platforms. • Ensure compliance with cloud security frameworks and regulatory requirements (ISO 27001, NIST, GDPR, SOC2, FCA). … SOC2), and risk management best practices. • Identity & Access Management (IAM): Expertise in Azure AD, MFA, Conditional Access, Single Sign-On (SSO), and Privileged Access Management (PAM). • Threat Management & Incident Response: Ability to detect, respond to, and mitigate cyber threats using SIEM, endpoint security, and vulnerability management tools. • Networking & Infrastructure Security: Understanding of firewalls, VPNs, SD-WAN, DNS More ❯

will focus on creating a business strategy, gap analysis and implementation, for securing their Azure-based infrastructure, integrating security automation, ensuring PCI DSS compliance, vulnerability and penetration testing and incident response. This role will focus on developing and maintaining secure, scalable Azure DevOps pipelines and Infrastructure as Code (IaC) using Terraform. Their ideal candidate will have a strong background … every stage. Cloud Security Implementation: Leverage Azure Security Centre, Microsoft Defender for Cloud, and Microsoft Sentinel for advanced security monitoring. Threat Detection & SOAR Automation: Oversee Security Orchestration, Automation, and Response (SOAR) solutions including SOC Prime. Network & Application Security: Manage Web Application Firewalls (WAF) and Intrusion Prevention Systems (IPS). Vulnerability & Penetration Testing: Review Penetration Testing, vulnerability assessments, and security … proactively identify and remediate risks. PCI DSS Compliance: Conduct security audits, risk assessments, and ensure regulatory compliance. DNS Security: Implement and monitor DNS security solutions to prevent cyber threats. Incident Response: Formulating and documenting a solid process utilising a 3rd party support partner Security Monitoring & Logging: Develop SIEM solutions, logging strategies, and real-time threat intelligence. Monitor, audit More ❯

ensure compliance with industry best practices. Provide expert recommendations and solutions to mitigate identified vulnerabilities, enhancing client systems’ security postures. Investigate alerts and suspicious activity to determine if an incident has occurred. Contain affected systems and networks to prevent the incident from spreading. Implement temporary measures to mitigate the impact of the incident. Work with other teams, such … as IT and security operations, to develop and implement a containment strategy. Analyse incident data to determine the root cause of the incident and identify recommendations for improvement. Document and report incidents to the incident response team and other relevant stakeholders. Develop and implement security plans, policies, and training to prepare the organization to respond efficiently … and accurate reports on penetration testing findings, including risk levels, remediation steps, and strategic recommendations. EXPERIENCE: Minimum of 4+ years of experience in cybersecurity, specifically in penetration testing and Incident Response, vulnerability management, and risk assessment. Public Sector experience, ideally MOD, MOJ, Must be SC clearable. Proven hands-on experience with tools such as Metasploit, Burp Suite, Nessus More ❯

tests, identifying risks and driving remediation efforts. Monitor infrastructure for security incidents or unauthorised activity, responding swiftly to mitigate potential threats. Investigate security breaches and incidents, and develop robust incident response plans to ensure timely and effective resolution. Collaborate with cross-functional teams to design, implement, and manage security controls and configurations across a range of platforms and … . Relevant security certifications, such as Security+, IAT II/III level, or equivalent. Strong capability in risk assessment, vulnerability management, and data informed decision-making. Solid understanding of incident response procedures, including containment, eradication, and recovery from cybersecurity events. Advanced proficiency in AWS, with experience in multi-region and hybrid cloud architectures Strong grasp of networking protocols More ❯

providing detailed analysis and actionable recommendations. Advises clients on risk mitigation strategies and security best practices, and support the implementation of those strategies, contributing to measurable improvements. Support security incident response and investigations, contributing to thorough post-incident reviews and identifying areas for improvement. Stakeholder Engagement and Technical Leadership: Provide expert guidance to clients on secure architecture More ❯

Manage identity and access management (IAM) in a cloud-first environment, including Azure AD, MFA, Conditional Access, SSO, and Privileged Access Management (PAM). Lead threat monitoring, detection, and response using cloud-native security solutions such as Microsoft Defender, Sentinel, and SIEM platforms. Ensure compliance with cloud security frameworks and regulatory requirements (ISO 27001, NIST, GDPR, SOC2, FCA). … SOC2), and risk management best practices. Identity & Access Management (IAM): Expertise in Azure AD, MFA, Conditional Access, Single Sign-On (SSO), and Privileged Access Management (PAM). Threat Management & Incident Response: Ability to detect, respond to, and mitigate cyber threats using SIEM, endpoint security, and vulnerability management tools. Networking & Infrastructure Security: Understanding of firewalls, VPNs, SD-WAN, DNS More ❯

threat modelling exercises for internal systems and third-party services. Manage the deployment and maintenance of security solutions (SIEM, firewalls, endpoint protection, DLP, etc.). Oversee the organization's incident response and business continuity plans, including simulations and real-time responses. Conduct regular security audits and work with internal/external auditors to support compliance. Collaborate with IT More ❯

threat modelling exercises for internal systems and third-party services. Manage the deployment and maintenance of security solutions (SIEM, firewalls, endpoint protection, DLP, etc.). Oversee the organization's incident response and business continuity plans, including simulations and real-time responses. Conduct regular security audits and work with internal/external auditors to support compliance. Collaborate with IT More ❯