1 to 25 of 363 Incident Response Jobs in the UK

Dublin, Ireland. Learn more at experianplc.com. Internal Grade E Job Description As a Cyber Defence Analyst, you will join the Cyber Fusion Center, performing in-depth analysis, assessment, and response to security threats by following documented policies to meet Service Level Goals. The team provides global 24x7 security operations and monitoring for cybersecurity events affecting Experian. You will be … a part of the first line of defence in Experian's broader incident response and incident management departments, responsible for receiving and prioritizing cybersecurity alerts, including being the dedicated contact for potential security incidents reported by users (e.g., Experian employees). Depending on the results of assessment, this team is then responsible for investigating, containing, eradicating, and … recovering from events falling in its scope or escalating higher-risk events to dedicated incident response and management teams in the CFC. This role is critical in ensuring the handling of potential threats and plays a part in improving security operations. This is a home based role reporting to the Director of Security Operations for SecOps & Threat Detection. More ❯

to lead and produce deliverables based on reactive services client engagements. The Principal Consultant will work directly with multiple customers and key stakeholders (Admins, C-Suite, etc) to manage incident response engagements and provide guidance on longer term remediation. Your Impact Weekend Work Schedule is Friday-Monday (10 hr work day/40 hr work week) Perform reactive … incident response functions including but not limited to - host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs) Examine firewall, web, database, and other log sources to identify evidence of malicious activity Investigate data breaches leveraging forensics tools including Encase, FTK, X-Ways, SIFT, Splunk, and custom Crypsis investigation … tools to determine source of compromises and malicious activity that occurred in client environments Manage incident response engagements to scope work, guide clients through forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations Ability to perform travel requirements as needed to meet business demands (on average 20%) Mentorship of team members in incident More ❯

reflects on the outstanding calibre that makes us truly one team. Who are we looking for? Due to continued growth, Bridewell's CSIRT is seeking a capable and motivated Incident Response Consultant to support and deliver consultancy services to our Critical National Infrastructure (CNI) clients. This role is ideal for professionals with foundational experience in cyber security and … incident response, looking to deepen their expertise and take ownership of client-facing engagements while continuing to develop under the guidance of senior consultants. Requirements You will contribute to strengthening clients' response capabilities through preparation activities, documentation development, and cyber incident exercise facilitation. The role spans the full incident lifecycle, from preparation through post-incident review and recovery, across diverse client environments. Main Responsibilities: Contribute to the development and delivery of Incident Response Consultancy services. Assist in designing and maintaining incident response plans and playbooks tailored to client environments. Support and facilitate cyber incident exercises and simulations, aligned with Bridewell's NCSC CIE assurance framework. Act as a supporting More ❯

point within the SOC, leading investigations into complex security incidents · Perform in-depth analysis of escalated events and alerts to determine root cause, scope, and impact · Lead and coordinate incident response efforts, ensuring timely containment, eradication, and recovery · Act as the Centre of Excellence (CoE) for Incident Response, setting best practices and standards across the global … SOC and IR (Incident response) functions · Contribute to the globalization of SOC and IR processes, ensuring alignment and consistency across regions · Collaborate with global SOC and IR teams to harmonize incident response workflows, tooling, and reporting standards · Provide expert guidance to Detection Engineers to optimize detection logic and improve alert fidelity · Mentor and train junior SOC … capabilities and threat coverage · Support audit and regulatory engagements by providing timely and accurate responses to information requests · Liaise with cross-functional technology teams to ensure timely resolution of response tasks and escalate issues as needed · Support broader Information Security and Operational Security initiatives as required · Maintain up-to-date knowledge of cyber threats, attacker techniques, and relevant laws More ❯

Incident Response (CSIRT)/Security Operations Centre (SOC) Level 3 Analyst 2-3 Days onsite - Crawley 6-9 Month duration Reporting line: The Analyst will report to the Cyber Security Response Manager and work within the Information Systems directorate, based in the Crawley office. Job purpose: The role of an Incident Response (CSIRT)/SOC … owners to ensure log sources are onboarded into the SIEM solution. Create use cases to correlate suspicious activities across endpoints, networks, applications, and both on-premises and cloud environments. Incident Response: Improve playbooks and processes, lead escalated security incidents, oversee remediation and recovery actions, track incidents, liaise with partners, report findings, and apply root cause analysis with lessons … types and enhance operational playbooks. Digital Forensics: Use forensic tools and techniques to analyse data sources such as logs, SIEM data, applications, and network traffic patterns, and recommend appropriate response actions to ensure threats are contained and eradicated. Cyber Crisis Testing: Participate in cyber-attack simulations and scenario exercises to test resilience and improve preparedness. Reporting: Develop and improve More ❯

Stevenage The CERT Incident Responder is responsible for leading digital forensics and incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation (AEV)— including Red and Purple Team activities The role ensures detection, response, and control validation against real-world threat actor tactics, techniques, and procedures (TTPs). Salary … The Healthcare Cash Plan benefit provides the option to claim cash back on everyday healthcare expenses such as optical, dental, health and wellbeing and more. The opportunity: The CERT Incident Responder is responsible for leading digital forensics and incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation (AEV)— including Red and Purple Team … activities. The role ensures detection, response, and control validation against real-world threat actor tactics, techniques, and procedures (TTPs). This is a Next step role for an experienced Analyst with a passion for Incident response and Threat mitigation. Essentials: Lead digital forensics and incident response (DFIR) activities, ensuring lab readiness, artefact management, and delivery More ❯

Bolton The CERT Incident Responder is responsible for leading digital forensics and incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation (AEV)- including Red and Purple Team activities The role ensures detection, response, and control validation against real-world threat actor tactics, techniques, and procedures (TTPs). Salary … Healthcare Cash Plan benefit provides the option to claim cash back on everyday healthcare expenses such as optical, dental, health and wellbeing and more . The opportunity: The CERT Incident Responder is responsible for leading digital forensics and incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation (AEV)- including Red and Purple Team … activities. The role ensures detection, response, and control validation against real-world threat actor tactics, techniques, and procedures (TTPs). This is a Next step role for an experienced Analyst with a passion for Incident response and Threat mitigation. Essentials: Lead digital forensics and incident response (DFIR) activities, ensuring lab readiness, artefact management, and delivery More ❯

Stevenage The CERT Incident Responder is responsible for leading digital forensics and incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation (AEV)- including Red and Purple Team activities The role ensures detection, response, and control validation against real-world threat actor tactics, techniques, and procedures (TTPs). Salary … Healthcare Cash Plan benefit provides the option to claim cash back on everyday healthcare expenses such as optical, dental, health and wellbeing and more . The opportunity: The CERT Incident Responder is responsible for leading digital forensics and incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation (AEV)- including Red and Purple Team … activities. The role ensures detection, response, and control validation against real-world threat actor tactics, techniques, and procedures (TTPs). This is a Next step role for an experienced Analyst with a passion for Incident response and Threat mitigation. Essentials: Lead digital forensics and incident response (DFIR) activities, ensuring lab readiness, artefact management, and delivery More ❯

Bolton The CERT Incident Responder is responsible for leading digital forensics and incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation (AEV)- including Red and Purple Team activities The role ensures detection, response, and control validation against real-world threat actor tactics, techniques, and procedures (TTPs). Salary … Healthcare Cash Plan benefit provides the option to claim cash back on everyday healthcare expenses such as optical, dental, health and wellbeing and more . The opportunity: The CERT Incident Responder is responsible for leading digital forensics and incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation (AEV)- including Red and Purple Team … activities. The role ensures detection, response, and control validation against real-world threat actor tactics, techniques, and procedures (TTPs). This is a Next step role for an experienced Analyst with a passion for Incident response and Threat mitigation. Essentials: Lead digital forensics and incident response (DFIR) activities, ensuring lab readiness, artefact management, and delivery More ❯

Bolton The CERT Incident Responder is responsible for leading digital forensics and incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation (AEV)- including Red and Purple Team activities The role ensures detection, response, and control validation against real-world threat actor tactics, techniques, and procedures (TTPs). Salary … Healthcare Cash Plan benefit provides the option to claim cash back on everyday healthcare expenses such as optical, dental, health and wellbeing and more . The opportunity: The CERT Incident Responder is responsible for leading digital forensics and incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation (AEV)- including Red and Purple Team … activities. The role ensures detection, response, and control validation against real-world threat actor tactics, techniques, and procedures (TTPs). This is a Next step role for an experienced Analyst with a passion for Incident response and Threat mitigation. Essentials: Lead digital forensics and incident response (DFIR) activities, ensuring lab readiness, artefact management, and delivery More ❯

Job Description What is the opportunity? You will be a key member of the RBC Global Security Incident Response team as an experienced Security Analyst. This is a key role within the Global Security Operations Centre (GSOC). You will be providing technical expertise and leadership support to the proactive and reactive responses to cyber threats targeting RBC … s global environment. You will report to the Senior Manager, Incident Response and works with a team of 4-6 technical specialists. You will act as the focal point of contact for GSOC management with regards to security incidents. You will support local and extended team members with critical incidents impacting RBC users, systems, infrastructure, and resources. RBC … accurate and timely reporting to Global Cyber Security Leadership. Provide 7/24/365 support for security incidents impacting mission critical business and IT infrastructure, including supporting global incident management and response, remediation and reporting. Support and maintain communication with Computer Security Incident Response Team (CSIRT) extended team members ensuring timely communication to all stakeholders More ❯

Incident Response - Recovery Specialist Salary: Up to £60,000 DOE Location: Manchester (with travel at short notice) Step into a role where your expertise makes an immediate and measurable impact. We're recruiting on behalf of a fast-growing cyber security organisation that specialises in incident response, recovery and digital forensics. This is a unique opportunity … technologies and industries You'll join a company that invests heavily in training, development and career progression This is not routine support work. This is hands-on, technically rich incident recovery where your skills directly shape the outcome. What You'll Be Doing Restoring and rebuilding client infrastructures after cyber attacks Remediating compromised environments and enabling business operations to … resume Working closely with incident response investigators to help prevent future breaches Segmenting networks and containing threats during live incidents Collecting Firewall and authentication logs for forensic analysis Migrating on-prem systems to secure cloud alternatives Automating recovery processes using PowerShell or similar tooling Communicating confidently, calmly and clearly with clients during high-pressure situations What You'll More ❯

Incident Response - Recovery Specialist Salary: Up to £60,000 DOE Location: Manchester (with travel at short notice) Step into a role where your expertise makes an immediate and measurable impact. We're recruiting on behalf of a fast-growing cyber security organisation that specialises in incident response, recovery and digital forensics. This is a unique opportunity … technologies and industries You'll join a company that invests heavily in training, development and career progression This is not routine support work. This is hands-on, technically rich incident recovery where your skills directly shape the outcome. What You'll Be Doing Restoring and rebuilding client infrastructures after cyber attacks Remediating compromised environments and enabling business operations to … resume Working closely with incident response investigators to help prevent future breaches Segmenting networks and containing threats during live incidents Collecting firewall and authentication logs for forensic analysis Migrating on-prem systems to secure cloud alternatives Automating recovery processes using PowerShell or similar tooling Communicating confidently, calmly and clearly with clients during high-pressure situations What You'll More ❯

getting hands-on with red team activities in critical industrial environments? Do you want a role that mixes penetration testing, threat emulation and resilience validation with security architecture and incident response? Would you like to help major UK operators strengthen their cyber resilience across energy, water, renewables and manufacturing? What's in it for you Fantastic basic salary … e.g. IET, BCS, CIISEC) with professional membership fees covered What will you be doing? Delivering OT-focused red team activities with specialist partners, including penetration testing, adversary simulation and incident response exercises Planning and executing security assessments and incident response exercises in OT/ICS environments Developing and implementing attack scenarios and detection use cases using … and compliance against standards such as IEC 62443, NIST SP800-82 and NIS-R Helping deploy, configure and maintain OT cybersecurity and security monitoring solutions Contributing to crisis simulations, incident response plans and cybersecurity awareness training Preparing reports, documenting findings and recommending improvements to strengthen cyber resilience Supporting proposal development and wider service delivery documentation Where you'll More ❯

and are looking for a proactive and skilled Level 2 SOC Analyst to support their growing client base. This role is ideal for someone with hands-on SOC or incident response experience who enjoys analysing complex security events and helping strengthen defensive operations. As a Level 2 SOC Analyst, you will act as a key escalation point for … Junior Analysts, taking ownership of advanced investigations and contributing to continuous improvement of our security monitoring services. You'll work across a variety of customer environments, supporting incident response, enhancing detection logic, and ensuring threats are identified and contained quickly. This position includes participation in an on-call rotation for high-priority incidents, with additional compensation provided for … in-depth analysis using SIEM, EDR, XDR and threat intelligence sources to establish root cause, scope and impact. Lead containment and remediation actions in coordination with senior engineers and incident response leads. Develop and refine detection content, queries and automated workflows within SIEM/SOAR tooling. Provide customers with clear incident summaries, technical explanations and remediation guidance. More ❯

and are looking for a proactive and skilled Level 2 SOC Analyst to support their growing client base. This role is ideal for someone with hands-on SOC or incident response experience who enjoys analysing complex security events and helping strengthen defensive operations. As a Level 2 SOC Analyst, you will act as a key escalation point for … junior analysts, taking ownership of advanced investigations and contributing to continuous improvement of our security monitoring services. You'll work across a variety of customer environments, supporting incident response, enhancing detection logic, and ensuring threats are identified and contained quickly. This position includes participation in an on-call rotation for high-priority incidents, with additional compensation provided for … in-depth analysis using SIEM, EDR, XDR and threat intelligence sources to establish root cause, scope and impact. Lead containment and remediation actions in coordination with senior engineers and incident response leads. Develop and refine detection content, queries and automated workflows within SIEM/SOAR tooling. Provide customers with clear incident summaries, technical explanations and remediation guidance. More ❯

Investigator - Cyber Incident Response Location Flexible (UK) Please Note: Due to the nature of client work you will be undertaking, you will need to be willing to go through a Security Clearance process as part of this role, which requires 5+ years UK address history at the point of application. Accenture is a leading global professional services company … of our global team, you'll be working with cutting-edge technologies and will have the opportunity to develop a wide range of new skills. At Accenture, our global Incident Response team takes on some of the hardest and most meaningful challenges in cyber security. When major organisations are breached, when ransomware hits the headlines, when espionage or … problems under pressure, thrive on collaboration, and want to work with the best in the industry. Who We Are We’re a globally distributed team of nearly 200 dedicated incident responders, forensics specialists, and crisis managers spread across more than 25 countries. Every day, we work across time zones, cultures, and languages to protect clients that range from household More ❯

in EMEA and partners with Unit 42 leadership to drive high-stakes client and internal programs. The role focuses on ensuring successful execution of all Digital Forensics and Incident Response (DFIR) and Proactive Services engagements. This position serves as the VP's core strategic partner, translating executive vision into actionable program execution and ensuring the operational excellence of … be able to learn our products and services. Qualifications Your Experience 10+ years of professional experience, specializing in one or more of the following: transformative IT, Cybersecurity, Digital Forensics, Incident Response, or Infrastructure. Bachelor's degree in MIS, Cybersecurity, Computer Science or a related field, or equivalent work/military experience. Proven ability to lead multiple large-scale … Information The Team Unit 42 Consulting is Palo Alto Network's security advisory team. Our vision is to create a more secure digital world by providing the highest quality incident response, risk management, and digital forensic services to clients of all sizes. Our team is composed of recognized experts and incident responders with deep technical expertise and More ❯

Job Title: SOC Incident Response & Threat Hunting Manager Location: Warrington, UK (Travel may be required) Flexible Working: "Work Your Way" available from day one Im working with a gold-standard IT Managed Service Provider renowned for delivering secure, enterprise-grade solutions across cloud, infrastructure, and cyber domains. Theyre expanding their Security Operations Centre and hiring a hands-on … SOC Incident Response & Threat Hunting Manager to lead Tier 3 analysts and drive proactive defence strategies. This is a strategic and technical leadership role, ideal for someone with deep DFIR expertise, strong mentoring capabilities, and a passion for threat hunting and CTI development. Key Responsibilities: Lead and coordinate high-severity incident response engagements Provide technical oversight More ❯

30+ countries), ensuring alignment to the firms risk appetite, client expectations and legal and regulatory changes and attitudes Manage and provide day to day leadership and advice on data incident response globally, ensuring appropriate action is taken to minimize the risks associated with actual or potential exfiltration of data, including forensic document review, legal and regulatory reporting, client … and individual notifications and reputation management. Act as a trusted adviser to partners, functional heads and others on data incident management, response and remediation worldwide To support the CPO and CISO in the formulation and delivery of the firms cyber and incident response strategy and response framework Ensure data security risks are appropriately identified, mitigated … meets its legal obligations and to inform decision-making and strategy development in the firm Provide expert advice to Client Audit and Engagement Terms teams in connection with data incident response and reporting Lead thorough and independent investigations into data privacy and security issues, including in response to compliance breaches and complaints, ensuring the highest levels of More ❯

As an Operational IS Specialist, you will support information security and risk activities within Operational Security Management. Our Security Operations Center (SOC) is the frontline of defense, responsible for incident response, initial triage, and proactive threat hunting. You will work closely with the Cyber Security Incident Response Team (CSIRT) and business units across bp. As the … Friday 7 - 4 with weekend work as part of a rotation. Where weekend work is done days off during the week will be provided. What you will deliver: Perform incident detection and response within the SOC, including analysis and escalation of security alerts. Investigate security incidents and ensure accurate documentation in SIEM and case management systems. Develop and … procedures, ensuring compliance with standards. Collaborate with internal teams, senior partners, and third-party providers to address security and risk issues. Find opportunities for process improvement and automation in response to evolving threats. Conduct proactive threat hunting and work with the cyber intelligence team to implement risk mitigation measures. Uphold bps Code of Conduct and model bps values and More ❯

As an Operational IS Specialist, you will support information security and risk activities within Operational Security Management. Our Security Operations Center (SOC) is the frontline of defense, responsible for incident response, initial triage, and proactive threat hunting. You will work closely with the Cyber Security Incident Response Team (CSIRT) and business units across bp. As the … Friday 7 - 4 with weekend work as part of a rotation. Where weekend work is done days off during the week will be provided. What you will deliver: Perform incident detection and response within the SOC, including analysis and escalation of security alerts. Investigate security incidents and ensure accurate documentation in SIEM and case management systems. Develop and … procedures, ensuring compliance with standards. Collaborate with internal teams, senior partners, and third-party providers to address security and risk issues. Find opportunities for process improvement and automation in response to evolving threats. Conduct proactive threat hunting and work with the cyber intelligence team to implement risk mitigation measures. Uphold bps Code of Conduct and model bps values and More ❯

As an Operational IS Specialist, you will support information security and risk activities within Operational Security Management. Our Security Operations Center (SOC) is the frontline of defense, responsible for incident response, initial triage, and proactive threat hunting. You will work closely with the Cyber Security Incident Response Team (CSIRT) and business units across bp. As the … Friday 7 - 4 with weekend work as part of a rotation. Where weekend work is done days off during the week will be provided. What you will deliver: Perform incident detection and response within the SOC, including analysis and escalation of security alerts. Investigate security incidents and ensure accurate documentation in SIEM and case management systems. Develop and … procedures, ensuring compliance with standards. Collaborate with internal teams, senior partners, and third-party providers to address security and risk issues. Find opportunities for process improvement and automation in response to evolving threats. Conduct proactive threat hunting and work with the cyber intelligence team to implement risk mitigation measures. Uphold bps Code of Conduct and model bps values and More ❯

giving you peace of mind. Secure your future with our defined contribution pension scheme, featuring matched contributions up to 10% from the company. The Role As a Cyber Insurance Incident Manager at Willis, you will serve as an advisor and support lead for internal colleagues and clients facing cyber incidents. This role requires strong coordination and communication skills to … support clients through high-stress events such as ransomware attacks, data breaches, and business email compromises. You will help ensure rapid response, align incident actions with insurance policy terms, and manage relationships with insurers, legal counsel, and technical vendors to protect client interests and minimize disruption. You will also support the coordination of incident support capabilities; including … pre-, during and post- incident services. Key Responsibilities: Client Advocacy: Working alongside our cyber broking team to function as the incident manager for clients experiencing a cyber event—providing strategic guidance, triaging issues and supporting communication across stakeholders. Policy Interpretation : Help clients understand how their cyber insurance coverage applies in real time during an incident, identifying covered More ❯

positive working relationships with them. Including: Perform threat management, threat modelling, identify threat vectors and develop use cases for security monitoring with the wider CISO team Support Cyber Security incident response process Support Vulnerability Management Process Support RFI for wider stakeholders What do you need to thrive in this role? Knowledge of security concepts such as cyber-attacks … and techniques, threat vectors, risk management, incident management etc Experience in threat management Knowledge of various operating system flavors including but not limited to Windows, Linux, Unix Knowledge of applications, databases, middleware to address security threats against the same Experience in delivering a threat intelligence function and working with information security, especially Computer Incident Response Team (CIRT … Computer Emergency Response Team (CERT), Computer Security Incident Response Centre (CSIRC) or a Security Operations Centre (SOC) Demonstrable experience of supporting the development and delivering of a cyber defence strategy Demonstratable experience of building deliverables, reporting and metrics around Threat Intelligence functions Knowledge of cloud security concepts and tools assessing cloud-based vulnerabilities Proficient in preparation of More ❯