1 to 25 of 49 Contract Incident Response Jobs in England

Analyst: Strong experience with Microsoft Sentinel (SIEM) and Microsoft Defender suite (Defender for Endpoint, Identity, Cloud, etc.). Proven track record in security monitoring, incident response, and alert troubleshooting . Working knowledge of SOAR platforms (preferably within Sentinel or similar). Understanding of threat detection, log analysis … Sentinel and Microsoft Defender . Perform detailed security event analysis and correlation, escalating incidents where necessary. Develop and optimise SOAR (Security Orchestration, Automation and Response) playbooks to enhance incident response and efficiency. Collaborate with wider IT and security teams to improve threat detection, incident handling

Analyst: Strong experience with Microsoft Sentinel (SIEM) and Microsoft Defender suite (Defender for Endpoint, Identity, Cloud, etc.). Proven track record in security monitoring, incident response, and alert troubleshooting . Working knowledge of SOAR platforms (preferably within Sentinel or similar). Understanding of threat detection, log analysis … Sentinel and Microsoft Defender . Perform detailed security event analysis and correlation, escalating incidents where necessary. Develop and optimise SOAR (Security Orchestration, Automation and Response) playbooks to enhance incident response and efficiency. Collaborate with wider IT and security teams to improve threat detection, incident handling

Threat Detection technologies across the UK Network Perimeter. The SOC Analyst reports to the SOC Manager and conducts a range of analyses, assisting the incident response team with investigations that need to be escalated to an embedded staff member. The SOC Analyst key responsibilities are: Effective Tier … Conduct proactive threat hunting in collaboration with the CTI function Conduct HR and InfoSec related investigations Ensure the timely triage and remediation of any incident or request tickets raised to the SOC Participate in the activity of adding/removing URLs from the AcceptList and BlockList Attend routine security

Case Development: Develop and refine detection rules based on threat intelligence and attack patterns Continuously improve detection efficacy and reduce false positives Security Monitoring & Incident Response: Monitor systems for anomalies and malicious activity Contribute to threat hunting and incident response playbooks Provide expert guidance on securing

Case Development: Develop and refine detection rules based on threat intelligence and attack patterns Continuously improve detection efficacy and reduce false positives Security Monitoring & Incident Response: Monitor systems for anomalies and malicious activity Contribute to threat hunting and incident response playbooks Provide expert guidance on securing

Operational Technology) Outside IR35 Duration: 6 9 months Location: Crawley, Hybrid 2 days per week on site Overview of project: The role of an Incident Response (CSIRT)/Security Operations Centre (SOC) Level 3 Analyst is to respond to high-severity cyber security incidents and/or escalated … policies, standards and procedures aligned with best practice. Logs: Ensure all logs feed into the SIEM and build use cases to detect anomalous activity. Incident Response: Lead high-severity incidents, improve playbooks and manage remediation, communication and reporting. SOAR: Develop automated workflows to streamline detection, enrichment and response.

Operational Technology) Outside IR35 Duration: 6 – 9 months Location: Crawley, Hybrid 2 days per week on site Overview of project: The role of an Incident Response (CSIRT)/Security Operations Centre (SOC) Level 3 Analyst is to respond to high-severity cyber security incidents and/or escalated … policies, standards and procedures aligned with best practice. Logs: Ensure all logs feed into the SIEM and build use cases to detect anomalous activity. Incident Response: Lead high-severity incidents, improve playbooks and manage remediation, communication and reporting. SOAR: Develop automated workflows to streamline detection, enrichment and response.

maintaining our security information and event management (SIEM) system. Your focus will be on leveraging Elasticsearch and related technologies to enhance threat detection, incident response, and overall security posture. - 3 days on site in Birmingham (Please ensure you are local before applying) - £400 - £500 p/d depending … manage the performance of the SIEM infrastructure. Contribute to security engineering projects, transitions, and transformations. Work closely with security operations and associated security incident response systems Stay informed about emerging threats and security best practices. What you need to do now If you're interested in this role

services, define strategic vision for improvement and reliability. Service Design and Implementation: Collaborate with architects and engineers to design secure services and oversee deployments. Incident Management: Coordinate incident response, root cause analysis, and corrective actions. Infrastructure Management: Ensure patching, evergreening, backups, and compliance for on-prem

working with the best standard technologies.The SOC Analyst reports to the SOC Manager. The SOC Analyst conducts a range of analysis and assists the incident response team with investigations that need to be escalated to an embedded member of staff. The SOC Analyst key responsibilities are: Effective Tier … threat hunting in collaboration with the CTI function Assist IR in HR and InfoSec related investigations Ensure the timely triage and remediation of any incident or request tickets raised to the SOC Participate in the activity of adding/removing URLs from the AcceptList and BlockList Attend routine security

with the best standard technologies. The SOC Analyst reports to the SOC Manager. The SOC Analyst conducts a range of analysis and assists the incident response team with investigations that need to be escalated to an embedded member of staff. The SOC Analyst key responsibilities are: Effective Tier … threat hunting in collaboration with the CTI function Assist IR in HR and InfoSec related investigations Ensure the timely triage and remediation of any incident or request tickets raised to the SOC Participate in the activity of adding/removing URLs from the AcceptList and BlockList Attend routine security

Security Alerts on the various monitoring tools to identify potential Security Incidents. Escalate suspected Security Incidents to the Lead Analysts. Assist Lead Analysts and Incident Response team with investigation and containment. Maintain knowledge of technology and cyber threats by reading Threat Intel, reports, attending Threat Intel briefings

Security Alerts on the various monitoring tools to identify potential Security Incidents. Escalate suspected Security Incidents to the Lead Analysts. Assist Lead Analysts and Incident Response team with investigation and containment. Maintain knowledge of technology and cyber threats by reading Threat Intel, reports, attending Threat Intel briefings

Security Alerts on the various monitoring tools to identify potential Security Incidents. Escalate suspected Security Incidents to the Lead Analysts. Assist Lead Analysts and Incident Response team with investigation and containment. Maintain knowledge of technology and cyber threats by reading Threat Intel, reports, attending Threat Intel briefings

other engineers. Monitoring and Operational Excellence: Implement and manage monitoring, logging, and alerting solutions (e.g., Prometheus, Grafana, Stackdriver) to ensure high availability and proactive incident response for all hybrid infrastructure. Required Skills & Qualifications Experience: 5+ years of experience in a DevOps, SRE, or Platform Engineering role. GCVE Expertise

Analyzer) to reduce exposure and prevent repeat issues. Produce clear remediation guidance, runbooks, and reporting dashboards for both technical and non-technical stakeholders. Support incident response and post-remediation validation where high-risk findings are exploited or trending. kills & Experience AWS/Cloud Security Deep, hands

dashboarding, along with experience migrating workloads to Elasticsearch. In addition to migration duties, the candidate will maintain and enhance existing Splunk infrastructure, provide incident support, manage upgrades, and ensure observability platforms remain secure and performant. This role demands a technically strong individual with excellent stakeholder communication and problem-solving … configure alerting and monitoring using Kibana, Elasticsearch Watcher, or third-party tools. Ensure migration plans include validation, rollback procedures, and knowledge transfer. Platform Operations & Incident Response: Maintain Splunk infrastructure in both Production and Non-Production environments. Support Splunk SRE and Application teams in incident investigation and resolution.

Manage and optimise Microsoft Defender across Endpoint, Identity, Cloud Apps, Office 365, and Cloud Security Posture Management. Monitor alerts and conduct threat investigations. Support incident response with containment and remediation. Conduct proactive threat hunting. Platform administration and governance Configure policy baselines and protection profiles. Maintain governance and compliance … Security teams. Provide security insights to projects. Produce reporting for stakeholders. Identify automation and workflow enhancements. Essential Skills Strong experience with Microsoft Defender platforms. Incident investigation skills across endpoint, identity, and cloud. Understanding of Microsoft 365, Azure, and Zero Trust. Skilled in ASR rules, AV baselines, and KQL analytics.

requirements. Job Responsibilities/Objectives Maintain high availability and resilience of IKP services across multi-cloud and on-prem environments. Implement monitoring, alerting, and incident response for IKP components. Develop automation for IKP deployment, scaling, and lifecycle management. Integrate IKP processes into CI/CD pipelines for secure … Familiarity with OpenShift, Kubernetes, and container security best practices. Knowledge of cryptographic principles, PKI, and encryption standards. Proficiency in monitoring tools (Prometheus, Grafana) and incident management frameworks. Certifications such as CISSP, CISM, or cloud security certifications preferred. If you are interested in this opportunity, please apply now with your

also translated into actionable insights and long-term improvements across the business. Skills required from the Security Analyst: Proven experience in a Security Analyst , Incident Response , or SOC environment (2nd line or similar). Strong hands-on experience in threat investigation, log analysis, and remediation . Good understanding … management and relevant stakeholders. Advise on security best practices and improvement initiatives across systems, networks, and processes. Contribute to ongoing development of detection, response, and monitoring capabilities. Support reviews and recommendations around security toolsets, processes, and automation opportunities. The Security Analyst can work fully remote for the duration

dashboards for threat detection. Map detection rules to frameworks like MITRE ATT&CK, STRIDE, and NIST CSF. Collaborate with SOC teams to refine incident response workflows. Governance & Compliance Align SIEM architecture with Secure by Design and Zero Trust principles. Support compliance with ISO 27001, PCI DSS, etc Document

performance of the SIEM infrastructure to maintain optimal functionality. Security Engineering:Contribute to various security engineering projects and work closely with security operations and incident response systems. Stay updated on emerging threats and best practises in the cybersecurity landscape. Skills You'll Need to Succeed: Essential:- Strong experience

successful candidate will play a key role in assessing risks, reviewing supplier and project security documentation, responding to security questionnaires and tenders, supporting incident investigations, and helping to maintain AFC s security posture and compliance with relevant standards (Cyber Essentials Plus, ISO 27001, DSPT, GDPR, NCSC). This … interview) Minimum 5 years hands-on experience in Information Security Experience conducting security risk assessments Supplier/third-party security assurance Strong technical grounding Incident response collaboration Knowledge of compliance frameworks Strong written communication skills Stakeholder engagement Availability & flexibility Right to work in the UK To find

successful candidate will play a key role in assessing risks, reviewing supplier and project security documentation, responding to security questionnaires and tenders, supporting incident investigations, and helping to maintain AFC's security posture and compliance with relevant standards (Cyber Essentials Plus, ISO 27001, DSPT, GDPR, NCSC). This … interview) Minimum 5 years' hands-on experience in Information Security Experience conducting security risk assessments Supplier/third-party security assurance Strong technical grounding Incident response collaboration Knowledge of compliance frameworks Strong written communication skills Stakeholder engagement Availability & flexibility Right to work in the UK To find

successful candidate will play a key role in assessing risks, reviewing supplier and project security documentation, responding to security questionnaires and tenders, supporting incident investigations, and helping to maintain AFC’s security posture and compliance with relevant standards (Cyber Essentials Plus, ISO 27001, DSPT, GDPR, NCSC). This … interview) Minimum 5 years’ hands-on experience in Information Security Experience conducting security risk assessments Supplier/third-party security assurance Strong technical grounding Incident response collaboration Knowledge of compliance frameworks Strong written communication skills Stakeholder engagement Availability & flexibility Right to work in the UK To find