1 to 25 of 306 Incident Response Jobs in the UK

Dublin, Ireland. Learn more at experianplc.com. Internal Grade E Job Description As a Cyber Defence Analyst, you will join the Cyber Fusion Center, performing in-depth analysis, assessment, and response to security threats by following documented policies to meet Service Level Goals. The team provides global 24x7 security operations and monitoring for cybersecurity events affecting Experian. You will be … a part of the first line of defence in Experian's broader incident response and incident management departments, responsible for receiving and prioritizing cybersecurity alerts, including being the dedicated contact for potential security incidents reported by users (e.g., Experian employees). Depending on the results of assessment, this team is then responsible for investigating, containing, eradicating, and … recovering from events falling in its scope or escalating higher-risk events to dedicated incident response and management teams in the CFC. This role is critical in ensuring the handling of potential threats and plays a part in improving security operations. This is a home based role reporting to the Director of Security Operations for SecOps & Threat Detection. More ❯

to lead and produce deliverables based on reactive services client engagements. The Principal Consultant will work directly with multiple customers and key stakeholders (Admins, C-Suite, etc) to manage incident response engagements and provide guidance on longer term remediation. Your Impact Weekend Work Schedule is Friday-Monday (10 hr work day/40 hr work week) Perform reactive … incident response functions including but not limited to - host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs) Examine firewall, web, database, and other log sources to identify evidence of malicious activity Investigate data breaches leveraging forensics tools including Encase, FTK, X-Ways, SIFT, Splunk, and custom Crypsis investigation … tools to determine source of compromises and malicious activity that occurred in client environments Manage incident response engagements to scope work, guide clients through forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations Ability to perform travel requirements as needed to meet business demands (on average 20%) Mentorship of team members in incident More ❯

reflects on the outstanding calibre that makes us truly one team. Who are we looking for? Due to continued growth, Bridewell's CSIRT is seeking a capable and motivated Incident Response Consultant to support and deliver consultancy services to our Critical National Infrastructure (CNI) clients. This role is ideal for professionals with foundational experience in cyber security and … incident response, looking to deepen their expertise and take ownership of client-facing engagements while continuing to develop under the guidance of senior consultants. Requirements You will contribute to strengthening clients' response capabilities through preparation activities, documentation development, and cyber incident exercise facilitation. The role spans the full incident lifecycle, from preparation through post-incident review and recovery, across diverse client environments. Main Responsibilities: Contribute to the development and delivery of Incident Response Consultancy services. Assist in designing and maintaining incident response plans and playbooks tailored to client environments. Support and facilitate cyber incident exercises and simulations, aligned with Bridewell's NCSC CIE assurance framework. Act as a supporting More ❯

Incident Response (CSIRT)/Security Operations Centre (SOC) Level 3 Analyst 2-3 Days onsite - Crawley 6-9 Month duration Reporting line: The Analyst will report to the Cyber Security Response Manager and work within the Information Systems directorate, based in the Crawley office. Job purpose: The role of an Incident Response (CSIRT)/SOC … owners to ensure log sources are onboarded into the SIEM solution. Create use cases to correlate suspicious activities across endpoints, networks, applications, and both on-premises and cloud environments. Incident Response: Improve playbooks and processes, lead escalated security incidents, oversee remediation and recovery actions, track incidents, liaise with partners, report findings, and apply root cause analysis with lessons … types and enhance operational playbooks. Digital Forensics: Use forensic tools and techniques to analyse data sources such as logs, SIEM data, applications, and network traffic patterns, and recommend appropriate response actions to ensure threats are contained and eradicated. Cyber Crisis Testing: Participate in cyber-attack simulations and scenario exercises to test resilience and improve preparedness. Reporting: Develop and improve More ❯

Stevenage The CERT Incident Responder is responsible for leading digital forensics and incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation (AEV)— including Red and Purple Team activities The role ensures detection, response, and control validation against real-world threat actor tactics, techniques, and procedures (TTPs). Salary … The Healthcare Cash Plan benefit provides the option to claim cash back on everyday healthcare expenses such as optical, dental, health and wellbeing and more. The opportunity: The CERT Incident Responder is responsible for leading digital forensics and incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation (AEV)— including Red and Purple Team … activities. The role ensures detection, response, and control validation against real-world threat actor tactics, techniques, and procedures (TTPs). This is a Next step role for an experienced Analyst with a passion for Incident response and Threat mitigation. Essentials: Lead digital forensics and incident response (DFIR) activities, ensuring lab readiness, artefact management, and delivery More ❯

Stevenage The CERT Incident Responder is responsible for leading digital forensics and incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation (AEV)- including Red and Purple Team activities The role ensures detection, response, and control validation against real-world threat actor tactics, techniques, and procedures (TTPs). Salary … Healthcare Cash Plan benefit provides the option to claim cash back on everyday healthcare expenses such as optical, dental, health and wellbeing and more . The opportunity: The CERT Incident Responder is responsible for leading digital forensics and incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation (AEV)- including Red and Purple Team … activities. The role ensures detection, response, and control validation against real-world threat actor tactics, techniques, and procedures (TTPs). This is a Next step role for an experienced Analyst with a passion for Incident response and Threat mitigation. Essentials: Lead digital forensics and incident response (DFIR) activities, ensuring lab readiness, artefact management, and delivery More ❯

getting hands-on with red team activities in critical industrial environments? Do you want a role that mixes penetration testing, threat emulation and resilience validation with security architecture and incident response? Would you like to help major UK operators strengthen their cyber resilience across energy, water, renewables and manufacturing? What's in it for you Fantastic basic salary … e.g. IET, BCS, CIISEC) with professional membership fees covered What will you be doing? Delivering OT-focused red team activities with specialist partners, including penetration testing, adversary simulation and incident response exercises Planning and executing security assessments and incident response exercises in OT/ICS environments Developing and implementing attack scenarios and detection use cases using … and compliance against standards such as IEC 62443, NIST SP800-82 and NIS-R Helping deploy, configure and maintain OT cybersecurity and security monitoring solutions Contributing to crisis simulations, incident response plans and cybersecurity awareness training Preparing reports, documenting findings and recommending improvements to strengthen cyber resilience Supporting proposal development and wider service delivery documentation Where you'll More ❯

Head of IT Security Incident and Threat Management Package to £117k DOE + 15% Bonus + Benefits Based Birmingham This is an exciting opportunity to take a strategic leadership role at the forefront of cybersecurity. As Head of IT Security Incident and Threat Management, you will shape and lead the organization s global response to cyber threats … ensuring they stay one step ahead of emerging risks. You will have the scope to define and deliver a world-class threat intelligence and incident response strategy, working with innovative cutting-edge tools, partners, and experts. The successful candidate will lead and develop a talented in-house team, while managing the external Security Operations Centre (SOC) to ensure … proactive defence and rapid response to incidents. Key Responsibilities Develop and execute incident response and threat management strategies. Lead investigations, resolution, and post-incident analysis of security incidents. Oversee and mentor a team of three direct reports, ensuring their growth and performance. Conduct security audits and vulnerability assessments to strengthen defences. Collaborate across departments to embed More ❯

Head of IT Security Incident and Threat Management Package to £117k DOE + 15% Bonus + Benefits Based Birmingham This is an exciting opportunity to take a strategic leadership role at the forefront of cybersecurity. As Head of IT Security Incident and Threat Management, you will shape and lead the organization’s global response to cyber threats … ensuring they stay one step ahead of emerging risks. You will have the scope to define and deliver a world-class threat intelligence and incident response strategy, working with innovative cutting-edge tools, partners, and experts. The successful candidate will lead and develop a talented in-house team, while managing the external Security Operations Centre (SOC) to ensure … proactive defence and rapid response to incidents. Key Responsibilities Develop and execute incident response and threat management strategies. Lead investigations, resolution, and post-incident analysis of security incidents. Oversee and mentor a team of three direct reports, ensuring their growth and performance. Conduct security audits and vulnerability assessments to strengthen defences. Collaborate across departments to embed More ❯

Investigator - Cyber Incident Response Location Flexible (UK) Please Note: Due to the nature of client work you will be undertaking, you will need to be willing to go through a Security Clearance process as part of this role, which requires 5+ years UK address history at the point of application. Accenture is a leading global professional services company … of our global team, you'll be working with cutting-edge technologies and will have the opportunity to develop a wide range of new skills. At Accenture, our global Incident Response team takes on some of the hardest and most meaningful challenges in cyber security. When major organisations are breached, when ransomware hits the headlines, when espionage or … problems under pressure, thrive on collaboration, and want to work with the best in the industry. Who We Are We’re a globally distributed team of nearly 200 dedicated incident responders, forensics specialists, and crisis managers spread across more than 25 countries. Every day, we work across time zones, cultures, and languages to protect clients that range from household More ❯

role, you will: Act as the primary escalation point for complex IT and cybersecurity incidents. Manage and secure core client infrastructure and cloud environments. Ensure centralised security, monitoring, and incident response platforms operate effectively. You will collaborate closely with our Service Desk, Projects and Account Management teams to maintain high standards of service, document solutions and mentor junior … and maintain security hardening across infrastructure, cloud services, endpoints, and networks, in alignment with best practices and frameworks such as ISO27001, NIST, and Cyber Essentials Plus. Lead and coordinate incident response efforts, including root cause analysis, threat containment and post-incident reporting for clients. Collaborate with the Project and Service Desk teams to embed security into deployments … upgrades, and automation workflows, ensuring systems remain secure by design. Maintain and improve Standard Operating Procedures (SOPs) for security operations, ensuring knowledge is shared across the team for rapid incident handling. Provide mentorship and cybersecurity guidance to junior engineers and Service Desk staff, fostering a culture of security awareness and proactive threat management. Perform ongoing threat intelligence monitoring and More ❯

in EMEA and partners with Unit 42 leadership to drive high-stakes client and internal programs. The role focuses on ensuring successful execution of all Digital Forensics and Incident Response (DFIR) and Proactive Services engagements. This position serves as the VP's core strategic partner, translating executive vision into actionable program execution and ensuring the operational excellence of … be able to learn our products and services. Qualifications Your Experience 10+ years of professional experience, specializing in one or more of the following: transformative IT, Cybersecurity, Digital Forensics, Incident Response, or Infrastructure. Bachelor's degree in MIS, Cybersecurity, Computer Science or a related field, or equivalent work/military experience. Proven ability to lead multiple large-scale … Information The Team Unit 42 Consulting is Palo Alto Network's security advisory team. Our vision is to create a more secure digital world by providing the highest quality incident response, risk management, and digital forensic services to clients of all sizes. Our team is composed of recognized experts and incident responders with deep technical expertise and More ❯

Job Title: SOC Incident Response & Threat Hunting Manager Location: Warrington, UK (Travel may be required) Flexible Working: "Work Your Way" available from day one Im working with a gold-standard IT Managed Service Provider renowned for delivering secure, enterprise-grade solutions across cloud, infrastructure, and cyber domains. Theyre expanding their Security Operations Centre and hiring a hands-on … SOC Incident Response & Threat Hunting Manager to lead Tier 3 analysts and drive proactive defence strategies. This is a strategic and technical leadership role, ideal for someone with deep DFIR expertise, strong mentoring capabilities, and a passion for threat hunting and CTI development. Key Responsibilities: Lead and coordinate high-severity incident response engagements Provide technical oversight More ❯

30+ countries), ensuring alignment to the firms risk appetite, client expectations and legal and regulatory changes and attitudes Manage and provide day to day leadership and advice on data incident response globally, ensuring appropriate action is taken to minimize the risks associated with actual or potential exfiltration of data, including forensic document review, legal and regulatory reporting, client … and individual notifications and reputation management. Act as a trusted adviser to partners, functional heads and others on data incident management, response and remediation worldwide To support the CPO and CISO in the formulation and delivery of the firms cyber and incident response strategy and response framework Ensure data security risks are appropriately identified, mitigated … meets its legal obligations and to inform decision-making and strategy development in the firm Provide expert advice to Client Audit and Engagement Terms teams in connection with data incident response and reporting Lead thorough and independent investigations into data privacy and security issues, including in response to compliance breaches and complaints, ensuring the highest levels of More ❯

giving you peace of mind. Secure your future with our defined contribution pension scheme, featuring matched contributions up to 10% from the company. The Role As a Cyber Insurance Incident Manager at Willis, you will serve as an advisor and support lead for internal colleagues and clients facing cyber incidents. This role requires strong coordination and communication skills to … support clients through high-stress events such as ransomware attacks, data breaches, and business email compromises. You will help ensure rapid response, align incident actions with insurance policy terms, and manage relationships with insurers, legal counsel, and technical vendors to protect client interests and minimize disruption. You will also support the coordination of incident support capabilities; including … pre-, during and post- incident services. Key Responsibilities: Client Advocacy: Working alongside our cyber broking team to function as the incident manager for clients experiencing a cyber event—providing strategic guidance, triaging issues and supporting communication across stakeholders. Policy Interpretation : Help clients understand how their cyber insurance coverage applies in real time during an incident, identifying covered More ❯

Overview Our client is seeking three hands-on SOC Analysts to join a security operations team in London. These roles are focused on real-time monitoring, investigation, and incident response across a modern enterprise security environment. Collectively, the team must cover a broad set of security technologies, and candidates who bring strong, recent experience in at least two … and containing incidents as required. Optimise and tune detection rules, policies, and alerting mechanisms to improve SOC efficiency. Collaborate with internal teams to support security operations, threat analysis, and incident recovery. Produce clear incident documentation, reports, and recommendations for continuous improvement. Contribute to maintaining and enhancing SOC processes, runbooks, and operational workflows. Required Technical Expertise Across the three … managing Microsoft security alerts from the Microsoft Security Center/Microsoft Defender portal Microsoft Defender for Endpoint (MDE): advanced or enterprise-level operational expertise, including investigations, threat hunting, and response Trellix (ePO) Hands-on experience with configuration, policy management, agent deployment, and alert handling SentinelOne SOC operations experience including tuning, alert triage, threat investigation, and incident response More ❯

highly visible security operations function with global impact upon Colt, business units, partners, and customers. While working as part of this team, the successful individual will provide world class incident response functions to detect, protect, respond, and sustain operations within cyberspace. Job description: Support SOC Manager to deliver the followingSIEM, IR tools platform management including all design, implementation … health checks Responsible for operational activities, Technology escalation support, Security Solution assessment, build activities , existing Service maturing and Build activities assist Analyse potential infrastructure security incidents to determine if incident qualifies as a legitimate security breach Establishing and governing the security incident response processes, investigations and security operational processes. Maintenance and enhancement of formal service catalogue, service … agreed action plan and outcomes Understands cultural differences and utilises this understanding to build rapport across different teams in order to obtain the necessary cooperation. Required profile: Information Security Incident Response experience with a focus on detection and response to malicious activity using log data from various sources preferred. Strong Networking and Systems experience, preferably in an More ❯

our corporate travel clients who are getting organised ahead of their anticipated growth. We’re focused on finding them a Security Operations (SecOps) Manager to enhance their cybersecurity, oversee incident response and ensure the protection of critical systems and data. This position also includes line management of two team members who support IT operations, data and applications. Security … Operations. Location: Hybrid, London office 2x a week, 3 days from home. Key Responsibilities Monitor and analyse alerts from SIEM, EDR, firewalls, and other security platforms Lead and coordinate incident response activities Manage security projects including DPIAs, supplier assurance, penetration testing, and remediation Support evaluation and implementation of emerging technology, including AI security tools Conduct threat hunting and … support vulnerability scanning and patch management Develop and refine security policies, playbooks, and response procedures Provide leadership and guidance to two direct reports Essential Experience & Knowledge Experience in Security Operations, Incident Response, or similar role Strong understanding of networking, Windows/Linux, and cybersecurity fundamentals Experience with SIEM (e.g., Sentinel, Splunk), EDR tools, and vulnerability platforms Understanding More ❯

our corporate travel clients who are getting organised ahead of their anticipated growth. We’re focused on finding them a Security Operations (SecOps) Manager to enhance their cybersecurity, oversee incident response and ensure the protection of critical systems and data. This position also includes line management of two team members who support IT operations, data and applications. Security … Operations. Location: Hybrid, London office 2x a week, 3 days from home. Key Responsibilities Monitor and analyse alerts from SIEM, EDR, firewalls, and other security platforms Lead and coordinate incident response activities Manage security projects including DPIAs, supplier assurance, penetration testing, and remediation Support evaluation and implementation of emerging technology, including AI security tools Conduct threat hunting and … support vulnerability scanning and patch management Develop and refine security policies, playbooks, and response procedures Provide leadership and guidance to two direct reports Essential Experience & Knowledge Experience in Security Operations, Incident Response, or similar role Strong understanding of networking, Windows/Linux, and cybersecurity fundamentals Experience with SIEM (e.g., Sentinel, Splunk), EDR tools, and vulnerability platforms Understanding More ❯

Operations function and support the delivery of key security controls across the business. This is a great opportunity for someone with a strong technical mindset who enjoys threat detection, incident response, and improving day to day security resilience. Working as part of the Cyber Resilience team, you'll play a hands-on role in monitoring systems, responding to … incidents, and supporting the upkeep of core security tooling. What you'll be doing: Work with the Cyber Security team to enhance threat monitoring and response capability across the organisation. Handle security incident response, working closely with internal teams and third parties to ensure a high standard of investigation and reporting. Monitor, review, and respond to security … activities. Gather evidence to support audits and demonstrate the effectiveness of security controls. Ensure security tooling is maintained, updated, and correctly licensed. Contribute to regular testing of the cyber incident response plan for both IT and OT environments. Company Benefits: Competitive salary with clear progression routes Discretionary bonus up to 10% Industry recognised training and certifications Strong pension More ❯

Operations function and support the delivery of key security controls across the business. This is a great opportunity for someone with a strong technical mindset who enjoys threat detection, incident response, and improving day to day security resilience. Working as part of the Cyber Resilience team, you'll play a hands-on role in monitoring systems, responding to … incidents, and supporting the upkeep of core security tooling. What you'll be doing: Work with the Cyber Security team to enhance threat monitoring and response capability across the organisation. Handle security incident response, working closely with internal teams and third parties to ensure a high standard of investigation and reporting. Monitor, review, and respond to security … activities. Gather evidence to support audits and demonstrate the effectiveness of security controls. Ensure security tooling is maintained, updated, and correctly licensed. Contribute to regular testing of the cyber incident response plan for both IT and OT environments. Company Benefits: Competitive salary with clear progression routes Discretionary bonus up to 10% Industry recognised training and certifications Strong pension More ❯

Manage Risk: Conduct regular risk assessments, identify vulnerabilities, and implement mitigation strategies that protect our infrastructure and digital assets. Oversee Security Operations: Lead daily security operations, including monitoring and incident response, ensuring our defences stay robust. Ensure Compliance: Work with our risk and compliance team to ensure compliance with regulations such as GDPR, overseeing security audits and certifications … like ISO 27001. Promote Security Awareness: Foster a security-conscious culture through employee training, keeping the whole organisation alert to security risks. Incident Response: Manage and lead the resolution of security incidents, containing threats and ensuring our recovery is swift and effective. What You'll Bring Experience working with leading security tools and platforms. Proven experience in an … essential. What Sets You Apart: Experience with cloud security (AWS, Azure). Hands-on experience with Security Information and Event Management (SIEM) systems. Ability to guide and advise in incident response situations. Inspires and guides people with clarity and confidence, making smart decisions that bring everyone together toward shared goals. Why Breedon? Joining Breedon means being part of More ❯

and accountability. The ideal candidate will have a strong understanding of IT infrastructure and information security in large-scale, fast-paced environments. Responsibilities Information Security & Compliance Lead and coordinate incident response remediation activities across Office tenant and related infrastructure. Oversee the application security request review process, including white paper evaluations and coordination with InfoSec teams. Conduct Infosec Criticality … procedures. Participate in systems design and implementation from a security perspective. Develop user and technical security documentation and training resources. Document and maintain critical security and infrastructure policies, e.g., Incident Response Plan, Business Continuity Plan, Change Management Procedures, and Disaster Recovery Plan. Test and improve Disaster Recovery capabilities and identify process gaps. Physical & On-Set Security Manage and … Experience in security testing, vulnerability scanning, and risk management. Ability to create formal documents such as reports or procedures. Detailed knowledge of Microsoft O365 environment, Threat Intelligence analysis, Security Incident Response, and Disaster Recovery principles. Strong interpersonal skills, analytical mindset, and ability to communicate in non-technical language. Good organisational skills and the ability to manage and prioritise More ❯

internal and external audits by providing security evidence and documentation. Work alongside platform and development teams to resolve identified security issues. Maintain detailed documentation of security controls, policies, and incident response activities. Participate in penetration testing, red teaming, and regular security assurance exercises. Assist in defining security requirements for new cloud-based initiatives. Requirements Active SC (Security Check … and supporting AWS security services. Strong scripting skills in Python, Bash, or similar for automation purposes. Understanding of IAM principles, encryption techniques, and secure cloud networking. Practical knowledge of incident response and vulnerability management processes. AWS certification such as AWS Certified Security – Specialty or AWS Certified SysOps Administrator. Strong troubleshooting abilities and attention to detail in technical documentation. … Familiarity with DevSecOps practices and security integration in CI/CD workflows. Exposure to Security Operations Centre (SOC) functions and tooling. Willingness to participate in on-call rotations and incident response escalation. Benefits Why people choose to grow their careers at UBDS Group Professionals choose to grow their careers at UBDS Group for its reputation as a dynamic More ❯

a leading global organisation seeking a Cyber Security Analyst to help strengthen its security posture and safeguard critical systems. This is an excellent opportunity for someone passionate about cyber, incident response and proactive threat management within a dynamic, fast-paced environment. This is a junior/intermediate security analyst position, and could be ideal for someone with some … accurate logging and escalation. Lead remediation efforts for identified vulnerabilities in collaboration with technology teams. Respond to incidents alongside the Head of Information Security Work with the MSSP across incident response and proactive monitoring. Maintain and optimise Microsoft Sentinel SIEM, XDR/MDR/EDR solutions, and supporting tools. Track deployment and health of all security products across … as a Cybersecurity Analyst in a SOC environment. Experience with the Microsoft Defender suite would be ideal but other toolsets will be considered. Solid understanding of cybersecurity principles and incident response processes. Strong problem-solving skills and technical acumen. Excellent communication skills and ability to work independently in a fast-paced setting. What's on Offer More ❯