1 to 25 of 1,178 Incident Response Jobs in the UK

Security Operations Center (GSOC) helps defend KPMG and its clients from cyber attacks, through timely detection, investigation and remediation of potential threats. Role summary The Director – Global Cyber Security Incident Response Team (CSIRT) Lead, holds a pivotal strategic role within KPMG's Global Information Security Services (ISS) function. This role will set the strategic direction for CSIRT, within … the crisis protocols This role presents an exciting opportunity to join a growing team and play a key part in building and shaping the future of the Cyber Security Incident Response Team (CSIRT) across the global organisation. Reporting directly to the Global Head of ISS, the Director will stand up the new global CSIRT capability, by developing and … mentoring other leaders across the firms and driving talent strategy This role will be required to act as cyber commander (part of a roster) during a critical or major incident and supporting cyber commanders when off roster. Key Accountabilities Digital Forensics & Incident Response (DFIR) Oversight & Information Handling incident oversight Oversee Digital forensics investigations associated with cyber More ❯

a global basis, the resilience of operations has become a board level issue. You will provide our clients with a full spectrum of services, covering proactive and reactive Cyber Incident Response (CIR) Services. The proactive arm of our business covers a breadth of propositions, including playbook development, wargaming, readiness assessments, post-breach assessments, managed threat hunting as well … as implementing response automation technologies. Our specialists work with clients to uplift their maturity and fundamentally enhance their preparedness to respond, via targeted capability uplift, C-Suite awareness campaigns and training. Our technical response team support our clients in live incident responses by working to identify root causes and evict threats. Our professionals apply their experience and … award-winning vendor relationships, we can do whatever it takes - from improving the security of a single component to delivering a holistic security and privacy program. As a Cyber Incident Response Advisory and Incident Management Senior Manager or Associate Director, you will focus on developing our business across both proactive and reactive services, whilst leading our advisory More ❯

a global basis, the resilience of operations has become a board level issue. You will provide our clients with a full spectrum of services, covering proactive and reactive Cyber Incident Response (CIR) Services. The proactive arm of our business covers a breadth of propositions, including playbook development, wargaming, readiness assessments, post-breach assessments, managed threat hunting as well … as implementing response automation technologies. Our specialists work with clients to uplift their maturity and fundamentally enhance their preparedness to respond, via targeted capability uplift, C-Suite awareness campaigns and training. Our technical response team support our clients in live incident responses by working to identify root causes and evict threats. Our professionals apply their experience and … award-winning vendor relationships, we can do whatever it takes - from improving the security of a single component to delivering a holistic security and privacy program. As a Cyber Incident Response Advisory and Incident Management Senior Manager or Associate Director, you will focus on developing our business across both proactive and reactive services, whilst leading our advisory More ❯

a global basis, the resilience of operations has become a board level issue. You will provide our clients with a full spectrum of services, covering proactive and reactive Cyber Incident Response (CIR) Services. The proactive arm of our business covers a breadth of propositions, including playbook development, wargaming, readiness assessments, post-breach assessments, managed threat hunting as well … as implementing response automation technologies. Our specialists work with clients to uplift their maturity and fundamentally enhance their preparedness to respond, via targeted capability uplift, C-Suite awareness campaigns and training. Our technical response team support our clients in live incident responses by working to identify root causes and evict threats. Our professionals apply their experience and … award-winning vendor relationships, we can do whatever it takes - from improving the security of a single component to delivering a holistic security and privacy program. As a Cyber Incident Response Advisory and Incident Management Senior Manager or Associate Director, you will focus on developing our business across both proactive and reactive services, whilst leading our advisory More ❯

Job Title: SOC Incident Response & Threat Hunting Manager Location: Remote Salary: £75k - £85k plus 10% bonus and £6k car allowance Mon - Fri as well as an on-call rota - 1 week in 4. Candidates must be willing and eligible to go through SC security clearance for this role Job Description: We are seeking a highly skilled and experienced … SOC Incident Response & Threat Hunting Manager to join our growing Security Operations Centre. This pivotal role will be responsible for leading our Tier 3 Security and Incident Response Analysts, overseeing advanced incident response activities, driving proactive threat hunting initiatives, and providing strategic direction for the Cyber Threat Intelligence (CTI) capability. This is a hands … a strong technical background, exceptional management skills, and a strategic vision for cybersecurity. You will play a key role in mentoring and developing a high-performing team, leading complex incident response engagements from initial detection through to post-incident review, and significantly enhancing the security posture of our diverse customer base. The role demands a unique blend More ❯

We are seeking a highly skilled and experienced SOC Incident Response & Threat Hunting Manager to join our growing Security Operations Centre. This pivotal role will be responsible for leading our Tier 3 Security and Incident Response Analysts, overseeing advanced incident response activities, driving proactive threat hunting initiatives, and providing strategic direction for the Cyber … a strong technical background, exceptional management skills, and a strategic vision for cybersecurity. You will play a key role in mentoring and developing a high-performing team, leading complex incident response engagements from initial detection through to post-incident review, and significantly enhancing the security posture of our diverse customer base. The role demands a unique blend … of strategic leadership, deep technical expertise in digital forensics and incident response (DFIR), and a proactive mindset to anticipate and neutralise sophisticated and evolving cyber threats. Key Responsibilities: Provide expert guidance and technical oversight on complex security incidents and threat hunting operations. Lead and coordinate high-severity incident response engagements, acting as the primary incident More ❯

We are seeking a highly skilled and experienced SOC Incident Response & Threat Hunting Manager to join our growing Security Operations Centre. This pivotal role will be responsible for leading our Tier 3 Security and Incident Response Analysts, overseeing advanced incident response activities, driving proactive threat hunting initiatives, and providing strategic direction for the Cyber … a strong technical background, exceptional management skills, and a strategic vision for cybersecurity. You will play a key role in mentoring and developing a high-performing team, leading complex incident response engagements from initial detection through to post-incident review, and significantly enhancing the security posture of our diverse customer base. The role demands a unique blend … of strategic leadership, deep technical expertise in digital forensics and incident response (DFIR), and a proactive mindset to anticipate and neutralise sophisticated and evolving cyber threats. Find out if this opportunity is a good fit by reading all of the information that follows below. Key Responsibilities: Provide expert guidance and technical oversight on complex security incidents and threat More ❯

Lead Incident Response Manager - Build It, Lead It, Own It £125,000 + bonus Hybrid (Manchester-based) Clear path to Technical Director When a cyber incident hits, you are the calm in the chaos. You take control, make the decisions, and guide clients through the storm. This is your opportunity to lead a fast-growing Incident Response function within a rapidly expanding UK cyber practice that is winning major contracts and investing heavily in its capability. You will have the freedom to build the function your way, lead high-impact response work, and progress to Technical Director of Cyber within 12 to 18 months. Why This Role Stands Out Lead the full incident response lifecycle from triage and containment to negotiation and recovery Work directly with senior stakeholders and executive teams, trusted as the safe pair of hands when it matters most Join a cyber business that is scaling quickly and building one of the strongest response teams in the UK Full autonomy to shape the team, tooling, and playbooks More ❯

Lead Incident Response Manager - Build It, Lead It, Own It £125,000 + bonus | Hybrid (Manchester-based) | Clear path to Technical Director When a cyber incident hits, you are the calm in the chaos. You take control, make the decisions, and guide clients through the storm. This is your opportunity to lead a fast-growing Incident Response function within a rapidly expanding UK cyber practice that is winning major contracts and investing heavily in its capability. You will have the freedom to build the function your way, lead high-impact response work, and progress to Technical Director of Cyber within 12 to 18 months. Why This Role Stands Out Lead the full incident response lifecycle from triage and containment to negotiation and recovery Work directly with senior stakeholders and executive teams, trusted as the safe pair of hands when it matters most Join a cyber business that is scaling quickly and building one of the strongest response teams in the UK Full autonomy to shape the team, tooling, and playbooks More ❯

Lead Incident Response Manager - Build It, Lead It, Own It £125,000 + bonus | Hybrid (Manchester-based) | Clear path to Technical Director When a cyber incident hits, you are the calm in the chaos. You take control, make the decisions, and guide clients through the storm. This is your opportunity to lead a fast-growing Incident Response function within a rapidly expanding UK cyber practice that is winning major contracts and investing heavily in its capability. You will have the freedom to build the function your way, lead high-impact response work, and progress to Technical Director of Cyber within 12 to 18 months. Why This Role Stands Out Lead the full incident response lifecycle from triage and containment to negotiation and recovery Work directly with senior stakeholders and executive teams, trusted as the safe pair of hands when it matters most Join a cyber business that is scaling quickly and building one of the strongest response teams in the UK Full autonomy to shape the team, tooling, and playbooks More ❯

Lead Incident Response Manager - Build It, Lead It, Own It £125,000 + bonus | Hybrid (Manchester-based) | Clear path to Technical Director When a cyber incident hits, you are the calm in the chaos. You take control, make the decisions, and guide clients through the storm. This is your opportunity to lead a fast-growing Incident Response function within a rapidly expanding UK cyber practice that is winning major contracts and investing heavily in its capability. You will have the freedom to build the function your way, lead high-impact response work, and progress to Technical Director of Cyber within 12 to 18 months. Why This Role Stands Out Lead the full incident response lifecycle from triage and containment to negotiation and recovery Work directly with senior stakeholders and executive teams, trusted as the safe pair of hands when it matters most Join a cyber business that is scaling quickly and building one of the strongest response teams in the UK Full autonomy to shape the team, tooling, and playbooks More ❯

to lead and produce deliverables based on reactive services client engagements. The Principal Consultant will work directly with multiple customers and key stakeholders (Admins, C-Suite, etc) to manage incident response engagements and provide guidance on longer term remediation. Your Impact Weekend Work Schedule is Friday-Monday (10 hr work day/40 hr work week) Perform reactive … incident response functions including but not limited to - host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs) Examine firewall, web, database, and other log sources to identify evidence of malicious activity Investigate data breaches leveraging forensics tools including Encase, FTK, X-Ways, SIFT, Splunk, and custom Crypsis investigation … tools to determine source of compromises and malicious activity that occurred in client environments Manage incident response engagements to scope work, guide clients through forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations Ability to perform travel requirements as needed to meet business demands (on average 20%) Mentorship of team members in incident More ❯

to lead and produce deliverables based on reactive services client engagements. The Principal Consultant will work directly with multiple customers and key stakeholders (Admins, C-Suite, etc) to manage incident response engagements and provide guidance on longer term remediation. Your Impact Weekend Work Schedule is Friday-Monday (10 hr work day/40 hr work week) Perform reactive … incident response functions including but not limited to - host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs) Examine firewall, web, database, and other log sources to identify evidence of malicious activity Investigate data breaches leveraging forensics tools including Encase, FTK, X-Ways, SIFT, Splunk, and custom Crypsis investigation … tools to determine source of compromises and malicious activity that occurred in client environments Manage incident response engagements to scope work, guide clients through forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations Ability to perform travel requirements as needed to meet business demands (on average 20%) Mentorship of team members in incident More ❯

to lead and produce deliverables based on reactive services client engagements. The Principal Consultant will work directly with multiple customers and key stakeholders (Admins, C-Suite, etc) to manage incident response engagements and provide guidance on longer term remediation. Your Impact Weekend Work Schedule is Friday-Monday (10 hr work day/40 hr work week) Perform reactive … incident response functions including but not limited to - host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs) Examine firewall, web, database, and other log sources to identify evidence of malicious activity Investigate data breaches leveraging forensics tools including Encase, FTK, X-Ways, SIFT, Splunk, and custom Crypsis investigation … tools to determine source of compromises and malicious activity that occurred in client environments Manage incident response engagements to scope work, guide clients through forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations Ability to perform travel requirements as needed to meet business demands (on average 20%) Mentorship of team members in incident More ❯

the Global Security Operations Center (GSOC) helps defend KPMG and its clients from cyber attacks, through timely detection, investigation and remediation of potential threats. Role summary The Cyber Security Incident Response Manager plays a pivotal role in identifying, investigating, and managing cyber and data handling incidents within KPMG's Global Information Security Services (ISS) function. ISS delivers and … oversees critical cybersecurity capabilities—including Security Monitoring & Response (SMR), Vulnerability Assessment & Secure Development (VASD), and Cyber Threat Intelligence (CTI)—across Global, Global Functions, and the broader KPMG network of member firms. This position offers an exciting opportunity to join a progressive and innovation-driven security team, contributing directly to the evolution of the Cyber Security Incident Response Team (CSIRT) on a global scale. The role reports directly to the Global Cyber Security Incident Response (CSIRT) Lead. The ideal candidate will bring knowledge in Cyber incident response, data protection, and regulatory compliance, along with the ability to collaborate effectively across functions to reduce risk and strengthen KPMG's global data security posture. Key More ❯

the Global Security Operations Center (GSOC) helps defend KPMG and its clients from cyber attacks, through timely detection, investigation and remediation of potential threats. Role summary The Cyber Security Incident Response Manager plays a pivotal role in identifying, investigating, and managing cyber and data handling incidents within KPMG’s Global Information Security Services (ISS) function. ISS delivers and … oversees critical cybersecurity capabilities—including Security Monitoring & Response (SMR), Vulnerability Assessment & Secure Development (VASD), and Cyber Threat Intelligence (CTI)—across Global, Global Functions, and the broader KPMG network of member firms. This position offers an exciting opportunity to join a progressive and innovation-driven security team, contributing directly to the evolution of the Cyber Security Incident Response Team (CSIRT) on a global scale. The role reports directly to the Global Cyber Security Incident Response (CSIRT) Lead. The ideal candidate will bring knowledge in Cyber incident response, data protection, and regulatory compliance, along with the ability to collaborate effectively across functions to reduce risk and strengthen KPMG’s global data security posture. Key More ❯

An exciting opportunity has arisen for an accomplished SOC Incident Response & Threat Hunting Manager to lead a high-performing team within a dynamic and evolving Security Operations Centre (SOC) environment. This critical role is ideal for a technically proficient cybersecurity professional with a passion for proactive defence, threat intelligence, and strategic leadership. The successful candidate will oversee a … team of Tier 3 Security and Incident Response Analysts, driving advanced incident response, digital forensics, and threat hunting operations across a diverse customer base. Acting as a technical authority, the role will play a pivotal part in enhancing cyber resilience, refining detection capabilities, and leading complex investigations from detection through to remediation and review. Key Responsibilities … Lead, mentor and develop a team of senior SOC analysts, ensuring the delivery of effective and efficient incident response and threat hunting operations. Oversee and coordinate high-severity incident response engagements, acting as incident lead when required, and guiding cross-functional teams through time-critical decision-making. Provide expert oversight on complex security incidents, ensuring More ❯

Overview We now have an exciting opportunity for an Associate Director to join our Digital Forensics and Incident Response (DFIR) team in London. As the senior member of the EMEA DFIR team with deep digital forensic experience, you will be integral to the wider EMEA practice, and in turn part of a global practice offering and influencing the … direction of our forensic technology and digital forensics incident response capability. The Discovery and Data Insights department is the hub of all technical consulting and you will provide digital forensics and incident response solutions for matters which involve cyber response investigations, digital forensic investigations, eDiscovery and data analytics. Our clients include law firms and Fortune … need to deploy the team and support crises. As the technical lead for engagements, you will provide direction to empower the team and provide quality assured, highly responsive forensic incident management. A significant portion of the role will require you to engage across the business to leverage technology consulting into all business development and go-to-market strategy. You More ❯

Job Title: SOC Incident Response & Threat Hunting Manager Location: Remote Salary: £75k - £85k plus 10% bonus and £6k car allowance Mon – Fri as well as an on-call rota - 1 week in 4. Candidates must be willing and eligible to go through SC security clearance for this role Job Description: We are seeking a highly skilled and experienced … SOC Incident Response & Threat Hunting Manager to join our growing Security Operations Centre. This is a Player Manager position, someone that is able to speak to the customer and keep them updated on the progress of an escalated incident but also someone that comes from a technical Incident response and Forensics background. Key Responsibilities: Provide … expert guidance and technical oversight on complex security incidents and threat hunting operations. Lead and coordinate high-severity incident response engagements, acting as the primary incident lead when required. This includes managing cross-functional teams, communications, and critical decision-making under pressure. Ensure all incident response and threat hunting activities are thoroughly documented, with comprehensive More ❯

DFIR Consultant | Digital Forensics & Incident Response Salary - £50,000 – £65,000 Location: Remote UK About the Role We're looking for a DFIR Consultant (Digital Forensics and Incident Response) to join our expert cybersecurity team. In this role, you'll apply your technical skills, investigative mindset, and forensic expertise to help clients respond to and recover … from complex cyber incidents. You'll lead and support forensic investigations across endpoint, network, and cloud environments, guiding clients through incident triage and digital evidence collection. This position is ideal for someone who thrives in fast-paced environments and enjoys solving technical challenges under pressure. What You'll Do Lead digital forensic investigations across endpoint, network, and cloud environments … AWS, Azure). Perform incident response for on-premises and cloud infrastructures, identifying root causes and containment strategies. Use tools like CrowdStrike, Magnet Axiom, X-Ways, SIFT Workstations, and EZTools to collect, preserve, and analyse evidence. Develop custom scripts and forensic tooling to automate investigation workflows. Document findings clearly in reports and client presentations, tailoring communication for both More ❯

Head of Security to join them on a permanent basis. You will help to establish and lead local security operations capability across European offices, providing strategic technical leadership in incident response, cyber threat visibility, and security resilience. This role will bridge the gap between our centralized corporate security services and regional business needs. Key Responsibilities Incident Response & Security Operations Lead and mature security incident response capabilities across the organisation Oversee incident investigations, alert triage, and threat hunting activities Develop and execute tabletop exercises and incident response playbooks Provide expert technical guidance during security incidents and recovery efforts Build real-time visibility into organisational cyber telemetry and security posture Leadership & Team Management … tools, processes, and procedures Ensure appropriate balance between local autonomy and corporate alignment Contribute to broader security strategy and roadmap development Essential Requirements Technical Expertise Demonstrable expertise in security incident investigation, detection, response, and recovery (NIST/NIS2 frameworks) Strong foundation in security operations, but with strategic vision beyond SOC alert handling Experience with security telemetry, SIEM platforms More ❯

Head of Security to join them on a permanent basis. You will help to establish and lead local security operations capability across European offices, providing strategic technical leadership in incident response, cyber threat visibility, and security resilience. This role will bridge the gap between our centralized corporate security services and regional business needs. Key Responsibilities Incident Response & Security Operations Lead and mature security incident response capabilities across the organisation Oversee incident investigations, alert triage, and threat hunting activities Develop and execute tabletop exercises and incident response playbooks Provide expert technical guidance during security incidents and recovery efforts Build real-time visibility into organisational cyber telemetry and security posture Leadership & Team Management … tools, processes, and procedures Ensure appropriate balance between local autonomy and corporate alignment Contribute to broader security strategy and roadmap development Essential Requirements Technical Expertise Demonstrable expertise in security incident investigation, detection, response, and recovery (NIST/NIS2 frameworks) Strong foundation in security operations, but with strategic vision beyond SOC alert handling Experience with security telemetry, SIEM platforms More ❯

Head of Security to join them on a permanent basis. You will help to establish and lead local security operations capability across European offices, providing strategic technical leadership in incident response, cyber threat visibility, and security resilience. This role will bridge the gap between our centralized corporate security services and regional business needs. Key Responsibilities Incident Response & Security Operations Lead and mature security incident response capabilities across the organisation Oversee incident investigations, alert triage, and threat hunting activities Develop and execute tabletop exercises and incident response playbooks Provide expert technical guidance during security incidents and recovery efforts Build real-time visibility into organisational cyber telemetry and security posture Leadership & Team Management … tools, processes, and procedures Ensure appropriate balance between local autonomy and corporate alignment Contribute to broader security strategy and roadmap development Essential Requirements Technical Expertise Demonstrable expertise in security incident investigation, detection, response, and recovery (NIST/NIS2 frameworks) Strong foundation in security operations, but with strategic vision beyond SOC alert handling Experience with security telemetry, SIEM platforms More ❯

Head of Security to join them on a permanent basis. You will help to establish and lead local security operations capability across European offices, providing strategic technical leadership in incident response, cyber threat visibility, and security resilience. This role will bridge the gap between our centralized corporate security services and regional business needs. Key Responsibilities Incident Response & Security Operations Lead and mature security incident response capabilities across the organisation Oversee incident investigations, alert triage, and threat hunting activities Develop and execute tabletop exercises and incident response playbooks Provide expert technical guidance during security incidents and recovery efforts Build real-time visibility into organisational cyber telemetry and security posture Leadership & Team Management … tools, processes, and procedures Ensure appropriate balance between local autonomy and corporate alignment Contribute to broader security strategy and roadmap development Essential Requirements Technical Expertise Demonstrable expertise in security incident investigation, detection, response, and recovery (NIST/NIS2 frameworks) Strong foundation in security operations, but with strategic vision beyond SOC alert handling Experience with security telemetry, SIEM platforms More ❯

Head of Security to join them on a permanent basis. You will help to establish and lead local security operations capability across European offices, providing strategic technical leadership in incident response, cyber threat visibility, and security resilience. This role will bridge the gap between our centralized corporate security services and regional business needs. Key Responsibilities Incident Response & Security Operations Lead and mature security incident response capabilities across the organisation Oversee incident investigations, alert triage, and threat hunting activities Develop and execute tabletop exercises and incident response playbooks Provide expert technical guidance during security incidents and recovery efforts Build real-time visibility into organisational cyber telemetry and security posture Leadership & Team Management … tools, processes, and procedures Ensure appropriate balance between local autonomy and corporate alignment Contribute to broader security strategy and roadmap development Essential Requirements Technical Expertise Demonstrable expertise in security incident investigation, detection, response, and recovery (NIST/NIS2 frameworks) Strong foundation in security operations, but with strategic vision beyond SOC alert handling Experience with security telemetry, SIEM platforms More ❯