1 to 25 of 556 Incident Response Jobs in the UK

Principal Consultant - Incident Response Salary: Up to £85,000 + £4,700 cash benefits Location: London, Cardiff, Manchester, Birmingham or Edinburgh Working pattern: Hybrid - 2-3 days per week in the office About the Role Our client is seeking an experienced Principal Consultant to join their Incident Response practice. This is a senior, client-facing role within a highly regarded cyber security team, delivering both emergency response services and proactive incident readiness engagements. When not leading live cyber incidents, you will work closely with organisations to strengthen their preparedness. This includes reviewing ...

Incident Response Analyst – London (Hybrid) – Excellent Permanent Package – Financial Services We are looking for a skilled Incident Response Analyst to join our Security Operations team. This role focuses on responding to cyber security incidents while supporting proactive threat intelligence efforts. You will play a key part … posture through continuous monitoring and analysis. Key Responsibilities Investigate and respond to cyber security incidents, including malware outbreaks, phishing attempts, and insider threats. Lead incident response efforts and conduct digital forensics. Enhance detection and response capabilities through process improvements and automation. Monitor alerts from SOC tools ...

Bolton The CERT Incident Responder is responsible for leading digital forensics and incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation (AEV)- including Red and Purple Team activities The role ensures detection, response, and control validation against real-world threat actor tactics … option to claim cash back on everyday healthcare expenses such as optical, dental, health and wellbeing and more . The opportunity: The CERT Incident Responder is responsible for leading digital forensics and incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation (AEV)- including ...

Incident Response Analyst Specialist Location: London/Manchester Role Type: Permanent Work Setup: Hybrid - 3 days per week Who We Are Vanguard is one of the world's leading investment firms, dedicated to helping clients achieve lasting financial success. Established in 1975, its unique ownership structure-where funds … cost investing, fosters an inclusive and collaborative culture that empowers employees to make a meaningful impact globally. What you'll do: Lead incident response for major security breaches and complex escalations from staff and clients. Develop and execute multi-year incident action plans and implementation, ensuring timely ...

based on reactive services client engagements. The Principal Consultant will work directly with multiple customers and key stakeholders (Admins, C-Suite, etc) to manage incident response engagements and provide guidance on longer term remediation.Your ImpactResponsibilitiesWeekend Work Schedule is Friday-Monday (10 hr work day/40 hr work … week)Perform reactive incident response functions including but not limited to host-based analysis through investigating Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs)Examine firewall, web, database, and other log sources to identify evidence of malicious activityInvestigate data breaches leveraging forensics tools ...

This CIRT L3 Lead role is a hands-on leadership position responsible for end-to-end cyber incident response, proactive threat hunting, and detection engineering in Rapid7 InsightIDR for a retail-focused environment My client is an international Consultancy firm, specialising in Cyber Security looking for a hands … Cyber Incident Response Tech Lead , responsible for end-to-end cyber incident response, proactive threat hunting, and detection engineering in Rapid7 InsightIDR for a retail-focused environment. You will coordinate cross-functional technical teams during major incidents, drive containment and recovery, and own post-incident ...

NHS. Operational areas Cyber Security Operations Unit (CSOU & SIO) Cyber Delivery Unit (CDU) Cyber Improvement Programme Chief Information Security Office Function (CISO) National CSOC Incident Management Function The National CSOC Incident Management function operates within the NHS National CSOC operational team, working alongside protective monitoring, threat hunting … cyber incidents across the entire NHS, the Department of Health and Social Care (DHSC), and its arm‐length bodies. Their responsibilities include overseeing incident response capabilities and managing relationships with our internal and external stakeholders. The Head of Security (Lead) Incident Management will be accountable ...

days per week onsite) Competitive Salary Role details: Our client, a prominent organisation within the defence and security sector, is seeking a skilled Incident Responder to join their team in Stevenage or Bolton. This role is focused on leading digital forensics and incident response activities, while also … advancing adversarial exposure validation through red and purple team exercises. The successful individual will be critical in enhancing threat detection, response, and control strategies against real-world cyber threats within a high-security environment. Key Responsibilities: Lead digital forensics and incident response (DFIR) activities, maintaining lab readiness ...

Responsibilities Lead and coordinate the organisations response to security incidents from detection through containment, eradication, recovery, and closure Act as the incident commander during security incidents, leading incident bridge calls, war rooms, and stakeholder updates Coordinate and oversee forensic investigations, including evidence preservation, scoping, and investigative workflows … forensic providers to support root cause analysis and impact assessment Maintain close alignment with the SOC provider to ensure timely alert escalation, investigation, and response actions Review forensic findings, timelines, and reports to validate accuracy and completeness Coordinate with infrastructure, cloud, application, IT, and security teams to support investigation ...

Were looking for a highly technical Cyber Incident Responder to join a specialist incident response capability on a contract basis and/or Perm basis . This role is hands-on and front-line. Youll be involved from the moment an incident breaks securing the environment … client site visits may be required (realistically rare, but you must be comfortable with this) What youll be doing Leading and supporting live cyber incident response activities Rapid containment, investigation, and eradication of threats Performing deep technical analysis across endpoints, networks, and cloud environments Conducting forensic investigations ...

Role Overview We are seeking an experienced SOC Operator to support a public sector security operations capability, with a focus on threat detection, incident response, and collaboration with delivery teams to improve security monitoring and resilience. The role involves developing detection content aligned to recognised threat frameworks, supporting … incident investigations, and helping technical and non-technical stakeholders prepare for and respond to security incidents. Key Responsibilities Develop and maintain SIEM rules and alerts in Splunk , mapped to the MITRE ATT&CK framework Analyse security events and alerts to identify potential threats and incidents Contribute to and lead ...

operational areas: Cyber Security Operations Unit (CSOU & SIO) Cyber Delivery Unit (CDU) Cyber Improvement Programme Chief Information Security Office Function (CISO) The National CSOC Incident Management function operates within the NHS National CSOC operational team, working alongside protective monitoring, threat hunting, and intelligence activities. This team is responsible … cyber incidents across the entire NHS, the Department of Health and Social Care (DHSC), and its arm's‐length bodies. Their responsibilities include overseeing incident response capabilities and managing relationships with our internal and external stakeholders. The Head of Security (Lead) Incident Management, will be accountable ...

operational areas: Cyber Security Operations Unit (CSOU & SIO) Cyber Delivery Unit (CDU) Cyber Improvement Programme Chief Information Security Office Function (CISO) The National CSOC Incident Management function operates within the NHS National CSOC operational team, working alongside protective monitoring, threat hunting, and intelligence activities. This team is responsible … cyber incidents across the entire NHS, the Department of Health and Social Care (DHSC), and its arm's-length bodies. Their responsibilities include overseeing incident response capabilities and managing relationships with our internal and external stakeholders. The Head of Security (Lead) Incident Management, will be accountable ...

Operational Areas Cyber Security Operations Unit (CSOU & SIO) Cyber Delivery Unit (CDU) Cyber Improvement Programme Chief Information Security Office Function (CISO) The National CSOC Incident Management function operates within the NHS National CSOC operational team, working alongside protective monitoring, threat hunting, and intelligence activities. This team is responsible … cyber incidents across the entire NHS, the Department of Health and Social Care (DHSC), and its arm’s-length bodies. Their responsibilities include overseeing incident response capabilities and managing relationships with our internal and external stakeholders. The Head of Security (Lead) Incident Management, will be accountable ...

BRISTOL OR STEVENAGE - Sole British Citizen We are seeking a proactive CERT Incident Responder to lead our Digital Forensics and Incident Response (DFIR) readiness and drive our Adversarial Exposure Validation (AEV) program. This role is a unique hybrid of defensive response and proactive testing, ensuring … Techniques, and Procedures (TTPs). This is an ideal "next step" role for an experienced Cyber Analyst with a deep passion for high-stakes incident response, digital forensics, and threat mitigation. Compensation & Logistics Salary: £50,000 - £60,000 (depending on experience). Working Pattern: Dynamic (hybrid) working; minimum ...

Title: Cyber Investigation and Forensic Response Manager/Senior Manager Location: UK Level: Manager & Senior Manager Salary: Competitive Salary & Package (Dependent on Experience) Travel: Expected travel across UK and EMEA Please Note: Any offer of employment is subject to satisfactory BPSS and SC security clearance which requires 5 years … fastest growing areas of the business with significant growth plans through additional recruitment and acquisitions. Our global Cyber Investigation and Forensic Response (CIFR) practice is rapidly expanding in order to uniquely deliver around the clock incident response services to our expanding portfolio of enterprise customers. The sheer ...

issues. Root Cause Analysis: Conduct thorough root cause analysis for security incidents and systemic vulnerabilities, leveraging insights to drive developer training and systemic improvements. Incident Response Management: Act as Investigation Lead or Incident Commander during incident response efforts, including facilitating tabletop exercises to enhance … incident readiness. Skills & Experience: Expertise: Deep knowledge in vulnerability management, threat modeling, security architecture, and secure software development lifecycle (SDLC) practices. Incident Response Skills: Strong background in incident response, root cause analysis, and managing bug bounty programs. Communication Ability: Excellent communication and stakeholder management skills ...

Security Lead - Incident Response & Threat Management 4 Months Contract £400 to £500 a day Inside IR35 Remote working *Active Security Clearance is Needed* A well-established consultancy firm is urgently looking for an experienced Security Lead with a strong background in Incident Response and Threat Management … high-profile client. This role requires a professional with active SC Clearance and a deep understanding of SecOps analyst support. Core Responsibilities Incident Management: Directing the full incident response lifecycle, including the triage, investigation, and total resolution of security events. Threat Intelligence: Utilising Recorded Future, OpenCTI ...

threat intel and dark web experts, etc. We have helped clients and partners for 10+ years across industries and geographies with the following services: Incident Response, Intelligence, and Investigations. Technology, Privacy, and Cyber Risk Advisory. End Point & Managed Detection & Response. The EMEA Cyber security & Privacy practice is growing … ambitions to expand its capabilities from a strong base in incident response, intelligence and investigations into additional proactive security, AI security and managed detection & response services. Why Join Ankura You will have the opportunity to get involved with both Proactive and Reactive work We can support ...

clear mandate to progressively absorb higher-value operational ownership into Cyber Security. Over time, this role becomes the centre of gravity for detection engineering, incident response, and threat-driven defence.When major incidents occur, you are the technical authority. You make decisions under uncertainty, set priorities, and advise executives … high-severity security incidents* Owning adversary-focused defence, including threat modelling, detection engineering, and threat hunting strategy* Designing and enforcing runbooks, escalation models, and incident response playbooks* Setting security standards and having authority to block or escalate high-risk architectural decisions* Building and scaling Cyber Security capabilities, including ...

organisations array of IT systems. As the business continues to strengthen its security posture, this role will play a key part in operational security, incident response, and risk management across the business. This is an exciting opportunity to join a growing security function and contribute to the development … culture is embedded across the business. The role offers exposure to a wide range of security disciplines, from threat intelligence and vulnerability management to incident simulations and vendor risk management. Key Responsibilities: Endpoint Detection & Response (EDR) Security Operations & Incident Response Vulnerability Assessment & Penetration Testing Threat Intelligence ...

Remote | Contract (Inside IR35) | 6+ Months | Rate (TBC) We are seeking a Network Security SMEto support our client in strengthening their contain-to-eradicate incident response capability. This role is focused on enabling rapid, controlled network isolation and eradication during high-impact security and operational incidents … regulated environment. This is a hands-on senior role requiring proven experience in enterprise-scale containment and incident response within security-critical environments. It is a contract position (Inside IR35) which is intially 6 months but likely to extend. The rate ...

direction and operational excellence of the company’s cyber defence capabilities. This role leads the global Security Operations Centre (SOC), ensuring robust threat detection, incident response, and continuous monitoring to protect Informa’s digital assets and operations. You will also support mergers and acquisitions (M&A) from … Centre (SOC): Leadership and management of the SOC; oversee daily operations, monitor and respond to security incidents; mentor and manage security analysts and engineers.Incident Response: Develop and implement incident response protocols; coordinate with departments and external partners to manage threats.Threat Intelligence: Utilize threat intelligence to identify ...

secure ICT services supporting critical UK Defence systems. Operating within highly regulated, high-availability environments, they deliver resilient infrastructure, operational assurance, and rapid incident response across mission-critical platforms. The engineering teams work at the forefront of secure networking, virtualisation, automation, and monitoring technologies to ensure Defence systems … within secure Defence ICT environments, providing 24/7 operational support for mission-critical systems. The role ensures system availability, resilience, security, and rapid incident resolution in line with contractual SLAs and KPIs, combining deep infrastructure expertise with modern automation and monitoring practices to deliver stable and compliant services. ...

selection, design, and transition from fragmented security tooling to a unified SIEM platform and security data lake . Drive a fundamental shift from incident-focused, task-based workflows to preventative security activities and platform optimisation . Proactive Threat Focus Guide the evolution from reactive alert handling to proactive threat … prompt injection, data poisoning, and model theft . Deploy and monitor “guardian agents” to provide real-time detection of malicious behaviour within AI systems. Incident Response & Resilience Guide the development, testing, and maintenance of advanced incident response plans , with a focus on high-impact threats such ...