1 to 25 of 660 Incident Response Jobs in the UK

Dublin, Ireland. Learn more at experianplc.com. Internal Grade E Job Description As a Cyber Defence Analyst, you will join the Cyber Fusion Center, performing in-depth analysis, assessment, and response to security threats by following documented policies to meet Service Level Goals. The team provides global 24x7 security operations and monitoring for cybersecurity events affecting Experian. You will be … a part of the first line of defence in Experian's broader incident response and incident management departments, responsible for receiving and prioritizing cybersecurity alerts, including being the dedicated contact for potential security incidents reported by users (e.g., Experian employees). Depending on the results of assessment, this team is then responsible for investigating, containing, eradicating, and … recovering from events falling in its scope or escalating higher-risk events to dedicated incident response and management teams in the CFC. This role is critical in ensuring the handling of potential threats and plays a part in improving security operations. This is a home based role reporting to the Director of Security Operations for SecOps & Threat Detection. More ❯

a global basis, the resilience of operations has become a board level issue. You will provide our clients with a full spectrum of services, covering proactive and reactive Cyber Incident Response (CIR) Services. The proactive arm of our business covers a breadth of propositions, including playbook development, wargaming, readiness assessments, post-breach assessments, managed threat hunting as well … as implementing response automation technologies. Our specialists work with clients to uplift their maturity and fundamentally enhance their preparedness to respond, via targeted capability uplift, C-Suite awareness campaigns and training. Our technical response team support our clients in live incident responses by working to identify root causes and evict threats. Our professionals apply their experience and … award-winning vendor relationships, we can do whatever it takes - from improving the security of a single component to delivering a holistic security and privacy program. As a Cyber Incident Response Advisory and Incident Management Senior Manager or Associate Director, you will focus on developing our business across both proactive and reactive services, whilst leading our advisory More ❯

a global basis, the resilience of operations has become a board level issue. You will provide our clients with a full spectrum of services, covering proactive and reactive Cyber Incident Response (CIR) Services. The proactive arm of our business covers a breadth of propositions, including playbook development, wargaming, readiness assessments, post-breach assessments, managed threat hunting as well … as implementing response automation technologies. Our specialists work with clients to uplift their maturity and fundamentally enhance their preparedness to respond, via targeted capability uplift, C-Suite awareness campaigns and training. Our technical response team support our clients in live incident responses by working to identify root causes and evict threats. Our professionals apply their experience and … award-winning vendor relationships, we can do whatever it takes - from improving the security of a single component to delivering a holistic security and privacy program. As a Cyber Incident Response Advisory and Incident Management Senior Manager or Associate Director, you will focus on developing our business across both proactive and reactive services, whilst leading our advisory More ❯

a global basis, the resilience of operations has become a board level issue. You will provide our clients with a full spectrum of services, covering proactive and reactive Cyber Incident Response (CIR) Services. The proactive arm of our business covers a breadth of propositions, including playbook development, wargaming, readiness assessments, post-breach assessments, managed threat hunting as well … as implementing response automation technologies. Our specialists work with clients to uplift their maturity and fundamentally enhance their preparedness to respond, via targeted capability uplift, C-Suite awareness campaigns and training. Our technical response team support our clients in live incident responses by working to identify root causes and evict threats. Our professionals apply their experience and … award-winning vendor relationships, we can do whatever it takes - from improving the security of a single component to delivering a holistic security and privacy program. As a Cyber Incident Response Advisory and Incident Management Senior Manager or Associate Director, you will focus on developing our business across both proactive and reactive services, whilst leading our advisory More ❯

We are seeking a highly skilled and experienced SOC Incident Response & Threat Hunting Manager to join our growing Security Operations Centre. This pivotal role will be responsible for leading our Tier 3 Security and Incident Response Analysts, overseeing advanced incident response activities, driving proactive threat hunting initiatives, and providing strategic direction for the Cyber … a strong technical background, exceptional management skills, and a strategic vision for cybersecurity. You will play a key role in mentoring and developing a high-performing team, leading complex incident response engagements from initial detection through to post-incident review, and significantly enhancing the security posture of our diverse customer base. The role demands a unique blend … of strategic leadership, deep technical expertise in digital forensics and incident response (DFIR), and a proactive mindset to anticipate and neutralise sophisticated and evolving cyber threats. Key Responsibilities: Provide expert guidance and technical oversight on complex security incidents and threat hunting operations. Lead and coordinate high-severity incident response engagements, acting as the primary incident More ❯

to lead and produce deliverables based on reactive services client engagements. The Principal Consultant will work directly with multiple customers and key stakeholders (Admins, C-Suite, etc) to manage incident response engagements and provide guidance on longer term remediation. Your Impact Weekend Work Schedule is Friday-Monday (10 hr work day/40 hr work week) Perform reactive … incident response functions including but not limited to - host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs) Examine firewall, web, database, and other log sources to identify evidence of malicious activity Investigate data breaches leveraging forensics tools including Encase, FTK, X-Ways, SIFT, Splunk, and custom Crypsis investigation … tools to determine source of compromises and malicious activity that occurred in client environments Manage incident response engagements to scope work, guide clients through forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations Ability to perform travel requirements as needed to meet business demands (on average 20%) Mentorship of team members in incident More ❯

to lead and produce deliverables based on reactive services client engagements. The Principal Consultant will work directly with multiple customers and key stakeholders (Admins, C-Suite, etc) to manage incident response engagements and provide guidance on longer term remediation. Your Impact Weekend Work Schedule is Friday-Monday (10 hr work day/40 hr work week) Perform reactive … incident response functions including but not limited to - host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs) Examine firewall, web, database, and other log sources to identify evidence of malicious activity Investigate data breaches leveraging forensics tools including Encase, FTK, X-Ways, SIFT, Splunk, and custom Crypsis investigation … tools to determine source of compromises and malicious activity that occurred in client environments Manage incident response engagements to scope work, guide clients through forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations Ability to perform travel requirements as needed to meet business demands (on average 20%) Mentorship of team members in incident More ❯

the Global Security Operations Center (GSOC) helps defend KPMG and its clients from cyber attacks, through timely detection, investigation and remediation of potential threats. Role summary The Cyber Security Incident Response Manager plays a pivotal role in identifying, investigating, and managing cyber and data handling incidents within KPMG’s Global Information Security Services (ISS) function. ISS delivers and … oversees critical cybersecurity capabilities—including Security Monitoring & Response (SMR), Vulnerability Assessment & Secure Development (VASD), and Cyber Threat Intelligence (CTI)—across Global, Global Functions, and the broader KPMG network of member firms. This position offers an exciting opportunity to join a progressive and innovation-driven security team, contributing directly to the evolution of the Cyber Security Incident Response Team (CSIRT) on a global scale. The role reports directly to the Global Cyber Security Incident Response (CSIRT) Lead. The ideal candidate will bring knowledge in Cyber incident response, data protection, and regulatory compliance, along with the ability to collaborate effectively across functions to reduce risk and strengthen KPMG’s global data security posture. Key More ❯

An exciting opportunity has arisen for an accomplished SOC Incident Response & Threat Hunting Manager to lead a high-performing team within a dynamic and evolving Security Operations Centre (SOC) environment. This critical role is ideal for a technically proficient cybersecurity professional with a passion for proactive defence, threat intelligence, and strategic leadership. The successful candidate will oversee a … team of Tier 3 Security and Incident Response Analysts, driving advanced incident response, digital forensics, and threat hunting operations across a diverse customer base. Acting as a technical authority, the role will play a pivotal part in enhancing cyber resilience, refining detection capabilities, and leading complex investigations from detection through to remediation and review. Key Responsibilities … Lead, mentor and develop a team of senior SOC analysts, ensuring the delivery of effective and efficient incident response and threat hunting operations. Oversee and coordinate high-severity incident response engagements, acting as incident lead when required, and guiding cross-functional teams through time-critical decision-making. Provide expert oversight on complex security incidents, ensuring More ❯

point within the SOC, leading investigations into complex security incidents. Perform in depth analysis of escalated events and alerts to determine root cause, scope, and impact. Lead and coordinate incident response efforts, ensuring timely containment, eradication, and recovery. Act as the Centre of Excellence (CoE) for Incident Response, setting best practices and standards across the global … SOC and IR (Incident response) functions. Contribute to the globalization of SOC and IR processes, ensuring alignment and consistency across regions. Collaborate with global SOC and IR teams to harmonise incident response workflows, tooling, and reporting standards. Provide expert guidance to Detection Engineers to optimise detection logic and improve alert fidelity. Mentor and train junior SOC … capabilities and threat coverage. Support audit and regulatory engagements by providing timely and accurate responses to information requests. Liaise with cross functional technology teams to ensure timely resolution of response tasks and elevate issues as needed. Support broader Information Security and Operational Security initiatives as required. Maintain up to date knowledge of cyber threats, attacker techniques, and relevant laws More ❯

Overview We now have an exciting opportunity for an Associate Director to join our Digital Forensics and Incident Response (DFIR) team in London. As the senior member of the EMEA DFIR team with deep digital forensic experience, you will be integral to the wider EMEA practice, and in turn part of a global practice offering and influencing the … direction of our forensic technology and digital forensics incident response capability. The Discovery and Data Insights department is the hub of all technical consulting and you will provide digital forensics and incident response solutions for matters which involve cyber response investigations, digital forensic investigations, eDiscovery and data analytics. Our clients include law firms and Fortune … need to deploy the team and support crises. As the technical lead for engagements, you will provide direction to empower the team and provide quality assured, highly responsive forensic incident management. A significant portion of the role will require you to engage across the business to leverage technology consulting into all business development and go-to-market strategy. You More ❯

Incident Response (CSIRT)/Security Operations Centre (SOC) Level 3 Analyst 2-3 Days onsite - Crawley 6-9 Month duration Reporting line: The Analyst will report to the Cyber Security Response Manager and work within the Information Systems directorate, based in the Crawley office. Job purpose: The role of an Incident Response (CSIRT)/SOC … owners to ensure log sources are onboarded into the SIEM solution. Create use cases to correlate suspicious activities across endpoints, networks, applications, and both on-premises and cloud environments. Incident Response: Improve playbooks and processes, lead escalated security incidents, oversee remediation and recovery actions, track incidents, liaise with partners, report findings, and apply root cause analysis with lessons … types and enhance operational playbooks. Digital Forensics: Use forensic tools and techniques to analyse data sources such as logs, SIEM data, applications, and network traffic patterns, and recommend appropriate response actions to ensure threats are contained and eradicated. Cyber Crisis Testing: Participate in cyber-attack simulations and scenario exercises to test resilience and improve preparedness. Reporting: Develop and improve More ❯

Stevenage The CERT Incident Responder is responsible for leading digital forensics and incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation (AEV)— including Red and Purple Team activities The role ensures detection, response, and control validation against real-world threat actor tactics, techniques, and procedures (TTPs). Salary … The Healthcare Cash Plan benefit provides the option to claim cash back on everyday healthcare expenses such as optical, dental, health and wellbeing and more. The opportunity: The CERT Incident Responder is responsible for leading digital forensics and incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation (AEV)— including Red and Purple Team … activities. The role ensures detection, response, and control validation against real-world threat actor tactics, techniques, and procedures (TTPs). This is a Next step role for an experienced Analyst with a passion for Incident response and Threat mitigation. Essentials: Lead digital forensics and incident response (DFIR) activities, ensuring lab readiness, artefact management, and delivery More ❯

Stevenage The CERT Incident Responder is responsible for leading digital forensics and incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation (AEV)- including Red and Purple Team activities The role ensures detection, response, and control validation against real-world threat actor tactics, techniques, and procedures (TTPs). Salary … Healthcare Cash Plan benefit provides the option to claim cash back on everyday healthcare expenses such as optical, dental, health and wellbeing and more . The opportunity: The CERT Incident Responder is responsible for leading digital forensics and incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation (AEV)- including Red and Purple Team … activities. The role ensures detection, response, and control validation against real-world threat actor tactics, techniques, and procedures (TTPs). This is a Next step role for an experienced Analyst with a passion for Incident response and Threat mitigation. Essentials: Lead digital forensics and incident response (DFIR) activities, ensuring lab readiness, artefact management, and delivery More ❯

Job Title: SOC Incident Response & Threat Hunting Manager Location: Remote Salary: £75k - £85k plus 10% bonus and £6k car allowance Mon – Fri as well as an on-call rota - 1 week in 4. Candidates must be willing and eligible to go through SC security clearance for this role Job Description: We are seeking a highly skilled and experienced … SOC Incident Response & Threat Hunting Manager to join our growing Security Operations Centre. This is a Player Manager position, someone that is able to speak to the customer and keep them updated on the progress of an escalated incident but also someone that comes from a technical Incident response and Forensics background. Key Responsibilities: Provide … expert guidance and technical oversight on complex security incidents and threat hunting operations. Lead and coordinate high-severity incident response engagements, acting as the primary incident lead when required. This includes managing cross-functional teams, communications, and critical decision-making under pressure. Ensure all incident response and threat hunting activities are thoroughly documented, with comprehensive More ❯

Head of Security to join them on a permanent basis. You will help to establish and lead local security operations capability across European offices, providing strategic technical leadership in incident response, cyber threat visibility, and security resilience. This role will bridge the gap between our centralized corporate security services and regional business needs. Key Responsibilities Incident Response & Security Operations Lead and mature security incident response capabilities across the organisation Oversee incident investigations, alert triage, and threat hunting activities Develop and execute tabletop exercises and incident response playbooks Provide expert technical guidance during security incidents and recovery efforts Build real-time visibility into organisational cyber telemetry and security posture Leadership & Team Management … tools, processes, and procedures Ensure appropriate balance between local autonomy and corporate alignment Contribute to broader security strategy and roadmap development Essential Requirements Technical Expertise Demonstrable expertise in security incident investigation, detection, response, and recovery (NIST/NIS2 frameworks) Strong foundation in security operations, but with strategic vision beyond SOC alert handling Experience with security telemetry, SIEM platforms More ❯

Head of Security to join them on a permanent basis. You will help to establish and lead local security operations capability across European offices, providing strategic technical leadership in incident response, cyber threat visibility, and security resilience. This role will bridge the gap between our centralized corporate security services and regional business needs. Key Responsibilities Incident Response & Security Operations Lead and mature security incident response capabilities across the organisation Oversee incident investigations, alert triage, and threat hunting activities Develop and execute tabletop exercises and incident response playbooks Provide expert technical guidance during security incidents and recovery efforts Build real-time visibility into organisational cyber telemetry and security posture Leadership & Team Management … tools, processes, and procedures Ensure appropriate balance between local autonomy and corporate alignment Contribute to broader security strategy and roadmap development Essential Requirements Technical Expertise Demonstrable expertise in security incident investigation, detection, response, and recovery (NIST/NIS2 frameworks) Strong foundation in security operations, but with strategic vision beyond SOC alert handling Experience with security telemetry, SIEM platforms More ❯

Lead Cyber Incident Response Manager Permanent opportunity Remote (occasional travel to customer sites) Consultancy work/External client facing Paying up to £125,000 per annum (dependent on experience) *Please note that this role requires NPPV3 clearance in addition to National Security Clearance (SC). Job Description This is working for a leading UK provider of Digital Forensics … organisations, and law enforcement agencies. We’re looking for passionate and ambitious individuals who want to make a real impact through technology. Key Responsibilities Lead, mentor, and develop the incident response and business resumption team, promoting a culture of technical excellence and continuous improvement. Define and drive the strategic direction for incident response services, ensuring they … and evolving client requirements. Act as a trusted advisor to executive leadership and clients, presenting technical findings and risk insights clearly and effectively for board-level audiences. Oversee the response to major cyber incidents, ensuring consistent, timely, and high-quality incident handling and recovery. Collaborate with senior stakeholders across internal teams and client organisations to coordinate containment, remediation More ❯

practical experience. 3 years of experience in enterprise network topology and common security controls. Experience working in at least one of the following areas: Security Operations Center, Security consulting, Incident Response, risk management, cyber threat intelligence, vulnerability and patch management, security controls audit, incident management or cyber security management. Preferred qualifications: Experience in one or more of … the following information security domains: Incident Response, Security Operations, Threat Intelligence, Cloud Security, Enterprise Architecture. Experience working with national government departments, military or intelligence services. Experience communicating technical details (both written and verbal) in a clear and concise manner to technical, non-technical, and executive audiences. Knowledge of NIS2, DORA, and NIST frameworks. Understanding of the cyber threat … tactical levels and address the difficult problems that organizations are facing. You will have communication skills, consulting acumen, and experience in security strategy, security operations, security architecture, or cyber incident response. Part of Google Cloud, Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. Mandiant's cybersecurity expertise has earned the More ❯

Incident Response (CSIRT)/SOC Level 3 Analyst Location: Crawley (Hybrid) Department: Information Systems Type: Contract | Full-time Outside IR35 About the Role My client is seeking an experienced Incident Response (CSIRT)/Security Operations Centre (SOC) Level 3 Analyst to join their Information Systems directorate, based in Crawley. In this critical role, you'll respond … s network systems, operational technology, and customer data from emerging and sophisticated cyber risks. Key Responsibilities As a senior member of the Security Operations team, you will: Lead the response to escalated and high-severity cyber incidents, ensuring rapid containment and recovery. Conduct advanced threat hunting across IT and OT environments to identify and eliminate hidden threats. Develop and … enhance SOC policies, playbooks, and incident response processes to align with industry best practices. Collaborate with the Managed Security Service Provider (MSSP) and internal teams to ensure complete log source integration and effective alert correlation across cloud and on-prem environments. Support and develop the organisation's SOAR platform, creating automated workflows and improving response efficiency. Perform More ❯

SOC Incident Response & Threat Hunting Manager Fully Remote (UK-based) | Up to £85,000 + 10–15% Bonus + £6k Car Allowance + Excellent Benefits (Occasional travel to Warrington, approx. once per quarter) Our client is expanding their virtual Security Operations Centre (vSOC) and looking for an experienced SOC Incident Response & Threat Hunting Manager to lead … expertise in DFIR, threat hunting, and detection engineering with a proactive approach to strengthening security posture across diverse customer environments. The Role Lead and mentor Tier 3 SOC and Incident Response Analysts. Act as the technical lead on high-severity security incidents from initial detection through to post-incident review. Design and execute advanced threat hunting exercises … translates into actionable improvements. Participate in the on-call rota (1 week in 4) to provide leadership during critical incidents. What You’ll Bring Strong background in SOC operations, incident response, and threat hunting . Experience leading teams or acting as senior escalation within a fast-moving SOC. Technical depth across digital forensics and adversary TTPs. Excellent analytical More ❯

We are representing a consultancy that are a leader in the Cyber Security and Incident response space. If you have experience leading the legal aspects of Data Breach case this could be the role for you. This role is open to any of the multiple offices my client has across the UK. The client is looking for a … Principal Associate to support and shape the delivery of expert incident response, digital risk, and cyber advisory services for a broad portfolio of global clients, from tech innovators and major insurers to public sector bodies and emergency services. This award-winning cyber group is uniquely positioned at the intersection of law, digital forensics, and strategic response. With capabilities … that span incident response, regulatory strategy, privacy law, threat intelligence, security controls, and tech litigation, they’re rewriting how legal support is delivered in high-pressure digital environments. What You’ll Be Doing You’ll play a critical role across matters ranging from real-time cyber incidents to regulatory investigations, and ongoing advisory support. Key responsibilities include: Leading More ❯

We are representing a consultancy that are a leader in the Cyber Security and Incident response space. If you have experience leading the legal aspects of Data Breach case this could be the role for you. This role is open to any of the multiple offices my client has across the UK. The client is looking for a … Principal Associate to support and shape the delivery of expert incident response, digital risk, and cyber advisory services for a broad portfolio of global clients, from tech innovators and major insurers to public sector bodies and emergency services. This award-winning cyber group is uniquely positioned at the intersection of law, digital forensics, and strategic response. With capabilities … that span incident response, regulatory strategy, privacy law, threat intelligence, security controls, and tech litigation, they’re rewriting how legal support is delivered in high-pressure digital environments. What You’ll Be Doing You’ll play a critical role across matters ranging from real-time cyber incidents to regulatory investigations, and ongoing advisory support. Key responsibilities include: Leading More ❯

Head of IT Security Incident and Threat Management Package to £117k DOE + 15% Bonus + Benefits Based Birmingham This is an exciting opportunity to take a strategic leadership role at the forefront of cybersecurity. As Head of IT Security Incident and Threat Management, you will shape and lead the organization s global response to cyber threats … ensuring they stay one step ahead of emerging risks. You will have the scope to define and deliver a world-class threat intelligence and incident response strategy, working with innovative cutting-edge tools, partners, and experts. The successful candidate will lead and develop a talented in-house team, while managing the external Security Operations Centre (SOC) to ensure … proactive defence and rapid response to incidents. Key Responsibilities Develop and execute incident response and threat management strategies. Lead investigations, resolution, and post-incident analysis of security incidents. Oversee and mentor a team of three direct reports, ensuring their growth and performance. Conduct security audits and vulnerability assessments to strengthen defences. Collaborate across departments to embed More ❯

Head of IT Security Incident and Threat Management Package to £117k DOE + 15% Bonus + Benefits Based Birmingham This is an exciting opportunity to take a strategic leadership role at the forefront of cybersecurity. As Head of IT Security Incident and Threat Management, you will shape and lead the organization’s global response to cyber threats … ensuring they stay one step ahead of emerging risks. You will have the scope to define and deliver a world-class threat intelligence and incident response strategy, working with innovative cutting-edge tools, partners, and experts. The successful candidate will lead and develop a talented in-house team, while managing the external Security Operations Centre (SOC) to ensure … proactive defence and rapid response to incidents. Key Responsibilities Develop and execute incident response and threat management strategies. Lead investigations, resolution, and post-incident analysis of security incidents. Oversee and mentor a team of three direct reports, ensuring their growth and performance. Conduct security audits and vulnerability assessments to strengthen defences. Collaborate across departments to embed More ❯