1 to 25 of 320 Incident Response Jobs in the UK

carefully selected team of experts are capable of solving complex cyber security challenges – keeping data secure and businesses running as usual. CyberClan’ Global Incident Response Teams are available 24/7/365 to leap into action, responding to all cyber-attacks with proven defensive methodology. Our goal … unauthorized access, malicious code. Job Summary This role serves as a critical leader within the global CERT and DFIR team, managing end-to-end incident response operations, including detection, analysis, containment, and remediation of security incidents. The position oversees the development and execution of incident response ...

title: Cyber Incident Response Consultant (Contractor) Contract: Six Months (possibility of extension) Location: Basingstoke (X3 days onsite; X2 working remote) Role Overview We are seeking an experienced Cyber Incident Response Consultant to support our cybersecurity function on a contract basis. The consultant will be responsible … collaborating with organisation stakeholders in developing, updating, and enhancing a comprehensive set of tactical and operational cyber incident response documents, including the Incident Response Plan, Communication Plan, Incident Response Playbooks, and Containment & Eradication procedures. This engagement is focused on delivering high-quality, actionable documentation ...

relentless focus on operational excellence, the Head of Security Services builds and empowers high-performing teams to deliver 24/7 threat detection, rapid incident response, and proactive risk management. This includes ownership of security controls, security testing, tech assurance and vulnerability and threat management, and incident response across the organisation. Collaboration is at the heart of this position. By working across the GCS Leadership Team, with business and technology stakeholders, and with industry experts to align strategy, share intelligence, and drive a single, cohesive approach to security services, this leader ensures the Group ...

carefully selected team of experts are capable of solving complex cyber security challenges – keeping data secure and businesses running as usual. CyberClan’s Global Incident Response Teams are available 24/7/365 to leap into action, responding to all cyber attacks with proven defensive methodology … Tier 2 case resolution, resolving complex security cases including generating initial reporting, providing follow-ups and requesting information and resolution activity. Day to day incident tirage and escalation using contextual and threat intelligence Responsible for providing security expertise to escalated incidents Act as the incident handler ...

BRISTOL OR STEVENAGE - Sole British Citizen We are seeking a proactive CERT Incident Responder to lead our Digital Forensics and Incident Response (DFIR) readiness and drive our Adversarial Exposure Validation (AEV) program. This role is a unique hybrid of defensive response and proactive testing, ensuring … Techniques, and Procedures (TTPs). This is an ideal "next step" role for an experienced Cyber Analyst with a deep passion for high-stakes incident response, digital forensics, and threat mitigation. Compensation & Logistics Salary: £50,000 - £60,000 (depending on experience). Working Pattern: Dynamic (hybrid) working; minimum ...

integrating SAST, DAST, and SCA tooling to maintain supply chain integrity Engineer Kubernetes security solutions, including RBAC, network policies, and runtime protection Detection, Monitoring & Incident Response Perform incident response activities including triage, containment, eradication, and recovery Develop and optimise security detections (e.g. Sentinel, KQL, YARA) Manage … logging, ingestion pipelines, and monitoring infrastructure Conduct threat hunting and analysis to identify emerging risks Lead or support incident investigations, including post-incident reviews and remediation Vulnerability & Risk Management Identify, track, and remediate vulnerabilities across cloud, endpoint, and infrastructure environments Implement controls arising from security assessments, audits ...

business opportunities. Managing and completing Requests for Proposals (RFPs) and Requests for Information (RFIs). Work closely with internal teams – including the Cybersecurity Incident Response Team (CSIRT) and Security Operations Center (SOC) teams – to scope and design managed security solutions that meet customer needs. Define technical requirements … architectures for services such as 24x7 SOC monitoring, incident response workflows, identity management solutions, cloud security (SASE), and threat protection services. Translate customer needs into detailed technical proposals, statements of work, and solution diagrams/documentation. Develop and validate pricing for proposed solutions. Work with internal finance ...

interface between customer stakeholders and a global Security Operations Centre, ensuring the smooth delivery of 24/7 security monitoring and incident response services. This is a senior leadership role responsible for overseeing SOC operations, coordinating offshore analysts, improving detection and response capabilities, and ensuring strong governance … daily SOC operations supporting a global 24×7 security monitoring capability Guide SOC analysts (L1–L3) and threat hunters to ensure efficient investigation and response Monitor operational performance and ensure adherence to SLAs and response timelines Drive continuous improvement across SOC processes, procedures, and workflows Incident Response ...

safeguarding our digital assets and ensuring the resilience of our information systems. You will contribute to a secure environment by applying your expertise in incident response, risk management, and security guidelines. Key Accountabilities: Vulnerability & Exposure Management Leading efforts to identify, prioritise, and track vulnerabilities across cloud … materials, and briefings to enhance security maturity Offering excellent customer service by supporting various business units through best-practice guidance and responsive problem-solving Incident Response & Assurance Leading and participating in incident investigations to identify root causes and implement effective solutions Providing expert consulting on secure design ...

Investigator - Cyber Incident Response Location Flexible (UK) Please Note: Due to the nature of client work you will be undertaking, you will need to be willing to go through a Security Clearance process as part of this role, which requires 5+ years UK address history at the point … working with cutting-edge technologies and will have the opportunity to develop a wide range of new skills. At Accenture, our global Incident Response team takes on some of the hardest and most meaningful challenges in cyber security. When major organisations are breached, when ransomware hits the headlines ...

modernisation of its technology and security environment. As part of this programme, the organisation is strengthening its Security Operations capability to improve threat detection, response, and operational automation across its infrastructure and cloud platforms. This role sits within a small, hands-on Security Operations team reporting into the Head … SecOps. The team works closely with an external MSSP that provides 24/7 monitoring support, while internal engineers focus on detection quality, incident response, and improving operational capabilities. The position is intentionally broad - blending elements of detection engineering, alert investigation, threat hunting, and automation - and will play ...

carefully selected team of experts are capable of solving complex cyber security challenges – keeping data secure and businesses running as usual. CyberClan’s Global Incident Response Teams are available 24/7/365 to leap into action, responding to all cyber-attacks with proven defensive methodology … business operations. Role Overview: This role supports the CERT/Sales team with reviewing insurance policies, assisting with claims assessments, and contributing to breach response efforts. Ideal for someone with early in house or private practice experience who’s ready to grow into a broader commercial legal role. This ...

Remote - £70,000 - £95,000 + Bonus Opus is partnered with a major UK enterprise undergoing significant investment in its cyber defence and incident response capability. They are looking for highly experienced DFIR Specialists to join their growing security function. This role is fully remote within … suited to professionals who thrive in complex, large‐scale environments where digital forensics and incident response are critical to business resilience. Key Responsibilities Lead and support end‐to‐end incident response, from initial triage through containment, eradication, and recovery. Conduct digital forensic investigations across endpoints, servers ...

CYBER SECURITY OPERATIONS MANAGER - CHESTER (HYBRID) KEY POINTS Senior operational security leadership role Lead Security Operations, Incident Response & Vulnerability Management Hybrid working - minimum 2 days per week onsite in the Chester Area Competitive salary ABOUT THE CLIENT We're working with a well-established UK organisation recognised … responsible for leading the day-to-day operational security activities that protect the organisation's systems and data. You'll manage security monitoring, incident response, and vulnerability management processes, ensuring they remain effective, efficient, and aligned with industry best practice. A key part of the role will ...

Incident and Vulnerability Manager This role is for an experienced professional in vulnerability management and threat intelligence to join our Cyber Operations team. You will work closely with colleagues across the organisation to further mature and continuously improve our cyber defence capabilities. Cyber Operations forms part of a wider … intelligence products with internal and external stakeholders and use this intelligence to support vulnerability management and threat hunting activities. Additionally, you will contribute to incident response processes and provide support to colleagues responsible for the IPOs protection, detection, and response capabilities. if you have strong relevant expertise ...

ensuring the organisation's systems, networks, and data remain protected against evolving cyber threats. As the SecOps Lead, you will manage security monitoring and incident response activities while providing strategic direction for security tools including SIEM and Endpoint Detection & Response (EDR) platforms. You will work closely with … daily operational activities and performance. Define and implement the strategy and operational roadmap for security monitoring, detection, and response. Own and manage the security incident response lifecycle, including investigation, containment, remediation, and post-incident reviews. Lead incident response efforts during high-severity security events ...

Developer Role Candidates in this role are responsible for the development and maintenance of the code and capabilities of the Security Orchestration, Automation and Response (SOAR) platform. Candidates will work with the Manager of Detection & Response Engineering and will work jointly with our detection engineering, threat detection … response teams to specify clear priorities, evaluate technical tradeoffs, and build high-impact features within the SOAR platform. The candidates' main responsibilities will be to: Focus on the development, maintenance, and delivery of new Security Orchestration and Automation content including custom SOAR Playbooks, Automations/Scripts, Jobs, dashboards, reports ...

build integrated, automated security workflows that support modern security operations. Key Responsibilities Define and own the ServiceNow SecOps architecture across modules including Security Incident Response (SIR), Vulnerability Response (VR), Threat Intelligence, and Configuration Compliance . Design and deliver integrations between ServiceNow and cybersecurity tools such as SIEM … SOAR, EDR platforms, threat intelligence feeds, and CMDB. Collaborate with cybersecurity, IT operations, and engineering teams to design secure workflows for incident response, vulnerability management, and risk mitigation . Lead platform strategy and define the roadmap for ServiceNow SecOps capabilities across the organisation. Ensure solutions are scalable, secure ...

mature, multi-client SOC Drive real improvements to tooling, playbooks, and threat detection capability Mentor and develop a team of skilled Analysts and Incident Responders Engage directly with senior stakeholders and shape security strategy Work within a collaborative leadership team that values your expertise WHAT … carry full operational responsibility for service delivery, performance, and continuous improvement. Leadership & Team Development Lead, mentor, and develop a team of SOC Analysts and Incident Responders Conduct regular performance reviews and create structured development plans Foster a culture of continuous improvement and operational excellence Incident Management Oversee ...

build the reliability, observability and infrastructure foundations that allow a fast-moving engineering team to ship safely. You’ll: Own production reliability, monitoring, alerting, incident response and post-incident learning Build and evolve the Infrastructure as Code (Terraform on GCP) Implement observability across the stack: metrics, logs … traces, dashboards Improve deployment pipelines and release processes Design secure-by-default infrastructure Shape the company’s incident response culture and processes Introduce tooling to monitor AI-native systems and non-deterministic agents You’ll be defining what “good” reliability looks like from day one. ⚙️ Tech Snapshot ...

security environment. The successful consultant will play a key role in strengthening the organisation’s security operations capability, helping to modernise threat detection, automate response workflows, and improve visibility across the security ecosystem. Key Responsibilities Lead the implementation and configuration of Palo Alto XSIAM within an enterprise SOC environment … Design and optimise full-spectrum XDR capabilities, improving detection and response across endpoints, networks, and cloud workloads Integrate SIEM and security telemetry sources into XSIAM to create a unified security operations platform Develop and maintain automation workflows and playbooks to streamline incident response and reduce manual ...

with hybrid identity, AAD Connect, and secure authentication methods (MFA, SSO). Familiarity with privileged access management (PAM) or PIM solutions. Strong troubleshooting and incident-response skills. Soft Skills Strong communication skills and ability to work with business stakeholders. Strong communication skills with the ability to interact with … PowerShell and Microsoft Identity solutions. Manage service accounts, privileged accounts, and password policies. Work with HR and application teams to streamline identity lifecycle operations. Incident Response & Troubleshooting Investigate authentication failures, account lockouts, replication issues, and access anomalies. Support incident response for identity related threats such ...

support and enhance a Security Operations Centre for a leading technology provider. This role focuses on detection engineering, SIEM optimisation, and automation, alongside supporting incident response across complex environments. Key Responsibilities Develop and tune SIEM detection rules and use cases (e.g., Splunk, QRadar) Automate SOC workflows and incident response processes (Python/PowerShell) Improve alert quality, reducing false positives and enhancing detection coverage Support and lead incident investigations and escalations Integrate threat intelligence into monitoring and detection Maintain SOC playbooks and support continuous improvement of tooling and processes Skills & Experience Experience in SOC Engineering ...

support and enhance a Security Operations Centre for a leading technology provider. This role focuses on detection engineering, SIEM optimisation, and automation, alongside supporting incident response across complex environments. Key Responsibilities Develop and tune SIEM detection rules and use cases (e.g., Splunk, QRadar) Automate SOC workflows and incident response processes (Python/PowerShell) Improve alert quality, reducing false positives and enhancing detection coverage Support and lead incident investigations and escalations Integrate threat intelligence into monitoring and detection Maintain SOC playbooks and support continuous improvement of tooling and processes Skills & Experience Experience in SOC Engineering ...

support and enhance a Security Operations Centre for a leading technology provider. This role focuses on detection engineering, SIEM optimisation, and automation, alongside supporting incident response across complex environments. Key Responsibilities Develop and tune SIEM detection rules and use cases (e.g., Splunk, QRadar) Automate SOC workflows and incident response processes (Python/PowerShell) Improve alert quality, reducing false positives and enhancing detection coverage Support and lead incident investigations and escalations Integrate threat intelligence into monitoring and detection Maintain SOC playbooks and support continuous improvement of tooling and processes Skills & Experience Experience in SOC Engineering ...