1 to 25 of 480 Incident Response Jobs in the UK excluding London

IT Service Providers and business stakeholders across the company to implement and optimise cyber security operations capabilities. Responsibilities Accountable for managing the Cyber Security Response team and the quality of third party services and deliverables, reviewing performance, and driving continuous improvement. Take the lead management responsibility for all cyber … security event monitoring and incident response services received from all partner organisations with particular focus on the company’s Manage Security Service relationship (MSS). Proactively manage the search for cyber threats that may go undetected in our environment that have evaded our automated security tools and defences. … Accountable for Cyber Security incident response management including the establishment, maintenance and improvement of cyber security incident response plans, procedures, and playbooks. Manage post-incident activity to include scheduling and chairing Post Incident Reviews (PIR), the documentation of Root Cause Analysis (RCA) for security More ❯

Cyber Security Incident Response Lead We are working with a company that is looking for an experienced CSIRT specialist with a strong track record in high-stakes cyber incident response and digital forensics to take ownership of the IR process and help drive automation across the … CSIRT team. What You’ll Be Doing: Lead end-to-end cyber incident response investigations, including breach analysis, e-Discovery, and network forensics. Design, build, and maintain forensic infrastructure and incident response tooling. Take ownership of cyber investigations and coordinate response efforts across teams. Run … and support cyber tabletop exercises, resilience drills, and war-gaming sessions. Monitor and analyse security alerts, coordinating swift response and resolution. Perform detailed forensic reviews and support third-party security assessments. Present incident progress, reporting clearly to senior stakeholders, and escalating when necessary. Maintain real-time dashboards and More ❯

Security Incident Response Manager (Cyber Threat) - Global financial services company - Full time permanent role - Salary up to £100,000 plus bonus. Hybrid working (twice a week in the London office) A large global financial services firm is looking for an Incident Response Manager within its cyber … point once a month for weekends) - Deliver on information security projects - Ensuring services provided meet the business requirements To be considered suitable for this Incident Response Manager role you will need the following skills and experience: - Experience in a technical cyber/incident response role - Previous … team management experience - Good understanding of incident response frameworks and methodologies (ICERF) - Good understanding of threats, vulnerabilities and processes - Familiarity with incident response tools and measures - Relevant industry certifications would be seen as advantageous (CISSP, OSCP, OSCE etc. More ❯

Cybersecurity Incident Response Lead Location: Hybrid - must live in comutable distance to Glasgow city centre (maybe a requirement to be on-site in an office at short notice). Excellent Cybersecurity Incident Response Lead opportunity to join a leading UK bank who continue to expand their … Cyber Security capabilities. You will be a sharp, decisive, and highly experienced Cybersecurity Incident Response Specialist looking to join a high-performing Detect & Respond Operations Team. You will thrive working under pressure, excel at solving complex problems, and have a knack for identifying and neutralising threats before they … resilience. Provide clear, concise briefings and reports to senior leadership, offering insight into incidents, risks, and ongoing threat landscapes. 💡 Your background: Proven experience leading incident response operations and cybersecurity investigations. Deep understanding of cyber attack vectors, threat actors, and red team/blue team methodologies. Strong analytical skills More ❯

Join Centrica's IT Security Team as a Cyber Security Incident Response Manager! ?? Are you ready to drive the UK's energy transformation? Centrica is looking for a skilled Cyber Security Incident Response Manager to join our IT Security team. You'll handle cyber incident … investigations, e-Discovery, network forensics, and cyber breach inquiries. Location: Hybrid working with occasional travel to Windsor. Key Accountabilities: Carry out forensic analysis and incident response investigations Build and manage forensic and incident infrastructure. Lead cyber forensic investigations. Support weekly security operations calls. Oversee resilience planning and … and remediate vulnerabilities. Analyse security reports and manage alerts. Stay updated on security policies and regulations. Experience Required: Expert in Security Operations and Security Incident Response. Expert in cyber incident investigations, e-Discovery, network forensics, and cyber breach inquiries Proficiency in SIEM, SEM, and log monitoring. Scripting/ More ❯

Join Centrica's IT Security Team as a Cyber Security Incident Response Manager! ?? Are you ready to drive the UK's energy transformation? Centrica is looking for a skilled Cyber Security Incident Response Manager to join our IT Security team. You'll handle cyber incident … investigations, e-Discovery, network forensics, and cyber breach inquiries. Location: Hybrid working with occasional travel to Windsor. Key Accountabilities: Carry out forensic analysis and incident response investigations Build and manage forensic and incident infrastructure. Lead cyber forensic investigations. Support weekly security operations calls. Oversee resilience planning and … and remediate vulnerabilities. Analyse security reports and manage alerts. Stay updated on security policies and regulations. Experience Required: Expert in Security Operations and Security Incident Response. Expert in cyber incident investigatio... More ❯

will proactively identify, analyse, respond, and mitigate cyber threats that pose risks to Vanquis Banking Groups cybersecurity posture. This involves monitoring security events, conducting incident response activities, enhancing our threat detection capabilities, and ensuring compliance with policy, standards, and regulation. Your contributions will directly impact our ability to … participate the delivery of services provided by the Cyber Intelligence Centre including by not limited to Cyber Threat Intelligence, Security Posture Management, Cyber Security Incident Response, Threat Hunting, Penetration Testing & Red Team Testing, and Cyber Risk Mitigation. Incorporate threat intelligence into CIC activities. Collaborate and assist with the … investigation and resolution of complex security incidents. Support the delivery of retrospective improvements based on incident analysis, RCAs and PIRs. Engage with third-party security partners to enhance and mature services. Maintain centralised processes across all VBG product lines, promoting synergy and efficiency. Stay updated on the latest cyber More ❯

leadership and capabilities. We’re looking for a Level 3 SOC Analyst to join our client's team, offering expertise in security analysis and incident response to help drive the success of their Cyber Security Operations Center (CSOC). In this role, you will investigate and validate potential … mentor and uplift analyst skills and act as a key escalation point. The role will involve collaborating with global security teams, including CERT and Incident Management, to enhance overall security capabilities. Key Responsibilities: Advanced Incident Response: Handle escalated security incidents that L1 and L2 analysts cannot resolve … Security Reporting and Advisories: Contribute to or lead the delivery of cyber security reports and advisories to key stakeholders. Residual Risk Assessment: Deliver post-incident analysis, technical lessons learned, and reporting to assess residual risk. Advanced SIEM Tuning: Refine and tune SIEM tools to reduce false positives and detect More ❯

An exciting opportunity has arisen for a Cyber Security Incident Response Manager to join a leading Financial Services organisation based in Glasgow. This role plays a key part in safeguarding the organisation from cyber threats by identifying, responding to, and mitigating cybersecurity incidents. As part of the Cyber … Detect and Respond Operations Team , you will be instrumental in enhancing security operations, strengthening defences, and ensuring operational resilience. Key Responsibilities Lead real-time response to cyber threats, managing cybersecurity incidents and investigations through to resolution. Analyse security breaches, identify attack vectors, and ensure appropriate remediation actions are taken. … to improve cybersecurity measures and prevent future threats. Provide clear communication to senior management on cybersecurity risks and incidents. Drive continuous improvement through post-incident reviews and scenario testing. What They're Looking For Extensive experience in cybersecurity incident response and operational leadership within a Security Operations More ❯

Role Overview: Utilising knowledge of security operations, incident response, and detection engineering, you will be responsible for the delivery of SIEM detections and security automations. The successful candidate will be proficient in automation and orchestration tools (e.g., SOAR platforms, scripting languages like Python, PowerShell) and have experience with … APIs, and Case Management tools for data enrichment. Responsibilities: Build security automations, logging, and SIEM detections to improve the CDO's efficiency, scalability, and incident response capabilities. Design, implement, and maintain automated workflows and playbooks to streamline CDO operations, including incident response, threat hunting, cyber threat … intelligence and vulnerability management. Collaborate with CDO analysts to identify repetitive tasks and automate them to improve operational efficiency. Collaborate with Threat Intelligence, Incident Response, and Attack Surface Management to build and tune robust SIEM detections for both proactive and reactive response actions. Continuously evaluate automation solutions More ❯

Automation & Detection Engineer for a 6-month contract to start ASAP, based in Cambridge ( Hybrid), Inside IR35 Role Overview: Utilising knowledge of security operations, incident response, and detection engineering, you will be responsible for the delivery of Microsoft SIEM detections and security automations. The successful candidate will be … of log sources into Microsoft Sentinel SIEM. Build security automations, logging, and SIEM detections to improve the Cyber Defence Operation’s efficiency, scalability, and incident response capabilities. Design, implement, and maintain automated workflows and playbooks to streamline CDO operations, including incident response, threat hunting, cyber threat … and vulnerability management. Collaborate with Cyber Defence Operation analysts to identify repetitive tasks and automate them to improve operational efficiency. Collaborate with Threat Intelligence, Incident Response, and Attack Surface Management to build and tune robust SIEM detections for both proactive and reactive response actions. Continuously evaluate automation More ❯

Automation & Detection Engineer for a 6-month contract to start ASAP, based in Cambridge ( Hybrid), Inside IR35 Role Overview: Utilising knowledge of security operations, incident response, and detection engineering, you will be responsible for the delivery of Microsoft SIEM detections and security automations. The successful candidate will be … of log sources into Microsoft Sentinel SIEM. Build security automations, logging, and SIEM detections to improve the Cyber Defence Operation’s efficiency, scalability, and incident response capabilities. Design, implement, and maintain automated workflows and playbooks to streamline CDO operations, including incident response, threat hunting, cyber threat … and vulnerability management. Collaborate with Cyber Defence Operation analysts to identify repetitive tasks and automate them to improve operational efficiency. Collaborate with Threat Intelligence, Incident Response, and Attack Surface Management to build and tune robust SIEM detections for both proactive and reactive response actions. Continuously evaluate automation More ❯

business strategy, gap analysis and implementation, for securing their Azure-based infrastructure, integrating security automation, ensuring PCI DSS compliance, vulnerability and penetration testing and incident response. This role will focus on developing and maintaining secure, scalable Azure DevOps pipelines and Infrastructure as Code (IaC) using Terraform. Their ideal candidate … Leverage Azure Security Centre, Microsoft Defender for Cloud, and Microsoft Sentinel for advanced security monitoring. Threat Detection & SOAR Automation: Oversee Security Orchestration, Automation, and Response (SOAR) solutions including SOC Prime. Network & Application Security: Manage Web Application Firewalls (WAF) and Intrusion Prevention Systems (IPS). Vulnerability & Penetration Testing: Review Penetration … PCI DSS Compliance: Conduct security audits, risk assessments, and ensure regulatory compliance. DNS Security: Implement and monitor DNS security solutions to prevent cyber threats. Incident Response: Formulating and documenting a solid process utilising a 3rd party support partner Security Monitoring & Logging: Develop SIEM solutions, logging strategies, and real More ❯

business strategy, gap analysis and implementation, for securing their Azure-based infrastructure, integrating security automation, ensuring PCI DSS compliance, vulnerability and penetration testing and incident response. This role will focus on developing and maintaining secure, scalable Azure DevOps pipelines and Infrastructure as Code (IaC) using Terraform. Their ideal candidate … Leverage Azure Security Centre, Microsoft Defender for Cloud, and Microsoft Sentinel for advanced security monitoring. Threat Detection & SOAR Automation: Oversee Security Orchestration, Automation, and Response (SOAR) solutions including SOC Prime. Network & Application Security: Manage Web Application Firewalls (WAF) and Intrusion Prevention Systems (IPS). Vulnerability & Penetration Testing: Review Penetration … PCI DSS Compliance: Conduct security audits, risk assessments, and ensure regulatory compliance. DNS Security: Implement and monitor DNS security solutions to prevent cyber threats. Incident Response: Formulating and documenting a solid process utilising a 3rd party support partner Security Monitoring & Logging: Develop SIEM solutions, logging strategies, and real More ❯

Automation & Detection Engineer for a 6-month contract to start ASAP, based in Cambridge (Hybrid), Inside IR35 Role Overview: Utilising knowledge of security operations, incident response, and detection engineering, you will be responsible for the delivery of Microsoft SIEM detections and security automations. The successful candidate will be … of log sources into Microsoft Sentinel SIEM. Build security automations, logging, and SIEM detections to improve the Cyber Defence Operation's efficiency, scalability, and incident response capabilities. Design, implement, and maintain automated workflows and playbooks to streamline CDO operations, including incident response, threat hunting, cyber threat … and vulnerability management. Collaborate with Cyber Defence Operation analysts to identify repetitive tasks and automate them to improve operational efficiency. Collaborate with Threat Intelligence, Incident Response, and Attack Surface Management to build and tune robust SIEM detections for both proactive and reactive response actions. Continuously evaluate automation More ❯

By combining advanced technology and expert human insight, we provide a portfolio of comprehensive services, including 24/7 Managed Security Operations Centre (SOC), Incident Response, Penetration Testing, Cyber Risk Assessments, CISO/CIO as a service, and Training. Our certified security experts and consultants offer tailored solutions … seen as a subject matter expert when leading engagements. • Security Assessment & Recommendations on behalf of our clients: Conduct regular security assessments, risk analyses, and incident response guidance. Recommend and prioritise remediation efforts based on findings. • Security Solutions Design: Architect and design cybersecurity solutions for a wide range of … GDPR, ISO 27001, NIST, Cyber Essentials and NIS Directive. Offer guidance on data protection and cybersecurity practices in line with local and international standards. • Incident Response: Assist in developing and maintaining an incident response plan; provide expertise when responding to and investigating security incidents. Deliver tabletop More ❯

By combining advanced technology and expert human insight, we provide a portfolio of comprehensive services, including 24/7 Managed Security Operations Centre (SOC), Incident Response, Penetration Testing, Cyber Risk Assessments, CISO/CIO as a service, and Training. Our certified security experts and consultants offer tailored solutions … seen as a subject matter expert when leading engagements. • Security Assessment & Recommendations on behalf of our clients: Conduct regular security assessments, risk analyses, and incident response guidance. Recommend and prioritise remediation efforts based on findings. • Security Solutions Design: Architect and design cybersecurity solutions for a wide range of … GDPR, ISO 27001, NIST, Cyber Essentials and NIS Directive. Offer guidance on data protection and cybersecurity practices in line with local and international standards. • Incident Response: Assist in developing and maintaining an incident response plan; provide expertise when responding to and investigating security incidents. Deliver tabletop More ❯

By combining advanced technology and expert human insight, we provide a portfolio of comprehensive services, including 24/7 Managed Security Operations Centre (SOC), Incident Response, Penetration Testing, Cyber Risk Assessments, CISO/CIO as a service, and Training. Our certified security experts and consultants offer tailored solutions … seen as a subject matter expert when leading engagements. • Security Assessment & Recommendations on behalf of our clients: Conduct regular security assessments, risk analyses, and incident response guidance. Recommend and prioritise remediation efforts based on findings. • Security Solutions Design: Architect and design cybersecurity solutions for a wide range of … GDPR, ISO 27001, NIST, Cyber Essentials and NIS Directive. Offer guidance on data protection and cybersecurity practices in line with local and international standards. • Incident Response: Assist in developing and maintaining an incident response plan; provide expertise when responding to and investigating security incidents. Deliver tabletop More ❯

projects concurrently in partnership with our technical teams, clients, and internal stakeholders. This position will be focused on Unit 42’s Digital Forensics and Incident Response engagements, as well as Proactive Service engagements, and will report directly to the Manager for Unit 42 Security Consulting Project Management Office … PRINCE2 certification, or equivalent preferred 7+ years of professional experience in Project Management, focusing in one or more of the following: Cybersecurity, Digital Forensics, Incident Response, or Software Defined Lifecycle (SDLC)/Infrastructure or other IT related technical environments Ability to lead multiple large-scale projects creating project … Consulting is Palo Alto Network's security advisory team. Our vision is to create a more secure digital world by providing the highest quality incident response, risk management, and digital forensic services to clients of all sizes. Our team is composed of recognized experts and incident responders More ❯

Senior Security Operations Centre Analyst with a strong background in security operations, threat detection, and incident response is required by Logic Engagements to work for a large scale leading organisation based in Gosport, Hampshire As a Senior SOC Analyst, you will be at the forefront of digital defence … leading incident response, improving detection mechanisms, and mentoring Junior Analysts. Your responsibilities will include: Analysing security incidents using advanced SIEM platforms (Microsoft Sentinel, Splunk) Leading incident response and driving improvements in detection and containment strategies Tuning and maintaining detection rules, using threat frameworks like Mitre Att … with SIEM tools such as Microsoft Sentinel and Splunk Solid understanding of network protocols and infrastructure (eg TCP/IP, VPNs, Firewalls) Skilled in incident response and threat intelligence analysis Familiarity with Mitre Att&ck framework and advanced threat detection techniques Excellent analytical and problem-solving capabilities The More ❯

DORA. This role focuses on internal audits, regulatory compliance, and readiness for external audits while also contributing to Cybersecurity Operations Center (CSOC) activities, including incident monitoring and response. How will you make an impact? Internal Audit Execution: Conduct internal audits to evaluate and enhance IT controls, compliance with standards … and provide requested documentation and evidence. Security Monitoring: Use tools such as Rapid7 InsightIDR or other SIEM solutions to assist with security monitoring and incident detection. Incident Response Support: Participate in incident response efforts, documenting security incidents and assisting in containment and recovery actions. Threat … such as Rapid7 InsightIDR or other SIEM solutions. Hands-on experience in internal and external audits, compliance assessments, and process improvement. Basic understanding of incident response frameworks and cybersecurity best practices. Exceptional analytical, organizational, and communication skills. Commitment to continuous learning and professional development in audit, compliance, and More ❯

Cyber Response Services Senior Analyst – KPMG Curve Base Location: Leeds based (Hybrid – 3 days per week in office) Experienced professional (kpmgcareers.co.uk) As a result of the work that we do, we require applicants to hold or be capable of obtaining UK National Security Vetting, the requirements for which could … is what matters most. What will you be doing? Help manage and co-ordinate cyber security incidents for our clients, working closely with the incident management lead within the team. Digital forensics of relevant incident data (disk, volatile memory, network packets, log files). Maintaining a current view … and being able to advise clients on the threat landscape and attacks which may be relevant to them. Develop KPMG’s in house cyber-response tools Help assess client incident response capability maturity. Help stand-up or improve clients’ own incident response capabilities. Help with More ❯

Join Ofwats Corporate Enablers as a Head of Security Operations & Incident Response *Office Location: Birmingham (B5 4UA) with hybrid working * About Us We are Ofwat, the Water Services Regulation Authority, a non-ministerial government department responsible for regulating the water sector in England and Wales. Our work has … needed; holding water companies to account. Come and work at the source of everyday life. The Role As the Head of Security Operations and Incident Response, you will be responsible for the Security Strategy in Ofwat, our security operations, and overseeing the monitoring and response to security … team and be the primary point of contact for the leadership team and business stakeholders for any security event, ensuring comprehensive monitoring and effective response to cyber security threats across all networks, assets, and users. You will also be responsible for managing incidents related to personnel, technical, and physical More ❯

Join Police Digital Service as NMC Cyber Incident Management Lead £65,000 - £70,000 About Police Digital Service Police Digital Service strives to be the go-to partner for technology developments and programmes across UK policing. The National Management Centre (NMC) is part of Police Digital Service and provides … visibility and control of information risks for policing. It supports the 24x7x365 nature of police operations, providing a threat detection and response capability for digital services before, during and after cyber-attacks, enabling stakeholders to understand and proactively manage risk across the technology estate at both the national and … the NMC, along with any issues concerning quality and delivery of the service. You will have line management responsibility for the team of Cyber Incident Leads. Accountable for the evolution and development of the Incident Management Service with regards to continuously improving People, Processes and Technology. Responsible for More ❯

this role, you will be responsible for the SOC team's overall management, operations, and direction. You will oversee the monitoring, detection, analysis, and response to cybersecurity incidents and threats, ensuring that our organization's information systems and data remain secure. Your leadership will be instrumental in building a … effectively monitor and protect the organization's assets. - Maintain a high level of situational awareness regarding current and emerging threats, vulnerabilities, and attack vectors. - Incident Response & Management: - Lead the response to significant security incidents, working closely with other teams and stakeholders to contain, mitigate, and recover from … security breaches. - Coordinate post-incident analysis and reporting, ensuring that lessons learned are documented and applied to improve SOC processes. - Establish and maintain strong incident communication protocols, ensuring that relevant stakeholders are informed during and after an incident. - Collaboration & Communication: - Collaborate with other cybersecurity, IT, and business teams More ❯