1 to 25 of 53 Contract Incident Response Jobs in England

Cyber Incident Response Analyst - Contract Location: Sheffield (2 days onsite) Rate: 500 p/d Duration: 6 Months - July 2026 - January 2027 A large enterprise organisation is looking for a Cyber Incident Response Analyst to support their Cyber Defence team on a contract basis. This … coordination-focused incident response role, managing cyber incidents through the response lifecycle rather than deep technical remediation. Experience Required Previous experience within Incident Response/Security Operations Strong understanding of the NIST incident response lifecycle Familiarity with MITRE ATT&CK and cyber kill ...

working with a large retail business, and they are looking for a Security Engineer to help build and mature their Cyber Security Incident Response capability. This is a strategic and hands-on role, working closely with the Cyber Security Incident Manager, SOC, DFIR, Threat Intelligence and Engineering … organisation's readiness for high-impact cyber incidents such as ransomware, insider threats and major security breaches. Key experience required: CSIRT, SOC or Incident Response experience within a large enterprise environment. Building and improving incident response capabilities, processes, playbooks and runbooks. Supporting tabletop exercises, simulations ...

Senior Cyber Incident Responder Daily Rate: Inside IR35 Location: Sheffield Job Type: Hybrid (2-3 days on-site) Join our Cyber Defence Centre (CDC) as a Senior Cyber Incident Responder. This senior, business-facing role within Security Operations & Engineering focuses on end-to-end cyber incident management … coordination, and stakeholder engagement across complex environments. You will lead the response to high-severity cyber incidents, ensuring effective command, communication, and decision-making throughout the incident lifecycle. Day-to-day of the role: Incident Leadership & Management: Lead the coordination of high-severity cyber incidents from initiation ...

improvement Lead security engagement within client Design Authority and Enterprise Architecture forums Manage integration with the client SOC, including security reporting, SIEM alignment, and incident response coordination Oversee security incident management in line with the client Cyber Security Incident Response Plan Own joiner/mover … Strong understanding of NCSC HMG IAS5, Cyber Assessment Framework (CAF), ISO 27001, and GDPR Hands-on experience integrating with a UK Government SOC, including incident response and security reporting Strong working knowledge of Oracle Cloud security (OCI IAM, Vault, network security, audit, PAM) Experience securing Oracle SaaS applications ...

detected by automated controls Translate threat intelligence into actionable hunt hypotheses Continuously refine detection logic based on hunt outcomes and emerging threats Investigations & Incident Response Lead complex and high-severity security investigations from triage through containment and remediation Act as the technical escalation point for advanced SOC investigations … Conduct root cause analysis and attacker kill-chain reconstruction Produce clear, defensible investigation documentation suitable for executive, legal, and regulatory audiences Coordinate incident response activities with IR, IT, Legal, Risk, and external partners as required SOC Technical Leadership Define investigation standards, workflows, and quality benchmarks Mentor and upskill ...

Cyber Security Operations Centre supporting critical national security environments. This is an opportunity to work at the forefront of cyber defence, leading threat detection, incident response, vulnerability management, and continuous improvement of security monitoring capabilities. As a Senior SOC Analyst, you will play a key role in protecting … complex enterprise environments through the management and optimisation of security tooling, threat detection, incident response, and forensic investigations. You will work closely with internal and external stakeholders to enhance SOC capabilities, improve security visibility, and strengthen cyber resilience. Key Responsibilities Maintain and optimise SOC Protect, Detect and Respond ...

Cyber Security Operations Centre supporting critical national security environments. This is an opportunity to work at the forefront of cyber defence, leading threat detection, incident response, vulnerability management, and continuous improvement of security monitoring capabilities. As a Senior SOC Analyst, you will play a key role in protecting … complex enterprise environments through the management and optimisation of security tooling, threat detection, incident response, and forensic investigations. You will work closely with internal and external stakeholders to enhance SOC capabilities, improve security visibility, and strengthen cyber resilience. Key Responsibilities Maintain and optimise SOC Protect, Detect and Respond ...

This is an initial 6 month contract paying up to £600 per day Outside IR35. The role focuses on supporting security operations monitoring and incident response activities within a large enterprise environment. This role allows remote working with occasional travel to London when required. The successful SOC Analyst … cyber security incidents and responding appropriately • Working with SIEM platforms such as Splunk, Sentinel or QRadar • Conducting threat analysis and triaging security alerts • Supporting incident response and remediation activities • Working with security engineering teams to improve detection capabilities Experience within financial services, fintech or other regulated environments would ...

system environments. This role sits within a Security Operations function but is heavily engineering focused, combining hands on OT security tooling, detection engineering and incident response to strengthen resilience across critical infrastructure. Key Responsibilities: Act as the OT security engineering SME, supporting both operational and project based activities … equivalent) Develop and refine detection rules, alerting logic and monitoring coverage across OT and IT/OT convergence points Lead technical investigations and incident response for OT-related cyber events Analyse industrial network traffic to identify anomalies, threats and protocol misuse Integrate OT telemetry into SIEM ...

hybrid working mode. In this role, you will lead the Security Operations Center's day-to-day functions, focusing on operational excellence in incident management and response. This position ensures round-the-clock coverage, drives team performance, and maintains a high standard for incident handling and escalation. … providing leadership in Real Time threat detection and response, you will strengthen organizational resilience and safeguard critical systems against evolving cyber threats. Responsibilities Lead and oversee incident management and response processes within the SOC Manage shift coverage, ensuring continuous and effective operation Monitor and analyze key performance ...

Cyber Security Consultant - Incident and Vulnerability Management +6 months + +1 day a week on site in London/Preston/Birmingham - 4 days WFH +Inside IR35 + 550 - 580 a day +SC cleared role - must have current active clearance +Sole British nationals only due to nature … project Role Description: Security Incident & Vulnerability Management Consultant (Operational Integrator/SIAM - Transition Role) UK Sole National ONLY Security Clearance required Role Summary The Security Incident & Vulnerability Management Consultant operates within the Operational Integrator (OI) function to support the transition to a multi-supplier (SIAM) model within ...

alerts within a live SOC environment. Analyse security incidents to determine scope, impact, and priority, ensuring appropriate escalation and response. Manage end-to-end incident response activities from detection through to resolution. Support the development and enhancement of SIEM use cases, detection rules, analytics, and playbooks. Conduct real … cloud environments, and enterprise IT infrastructure. Experience creating and tuning detection use cases, analytics, and playbooks. Knowledge of Information Security principles, threat detection, and incident response practices. Familiarity with Microsoft technologies, Linux systems, and security tooling. Understanding of security frameworks and data protection principles including GDPR ...

firm's technology environment which includes Microsoft Defender & Sentinel. Key Responsibilities: * Monitor security event identification via the third-party security operations service. * Coordinate incident response activities including containment, evidence collection, documentation, and recovery support. * Contribute to threat hunting activities using KQL queries and intelligence-led techniques. * Support … maintain and tune Microsoft Defender, Sentinel, and Purview policies, analytics rules, alerts, and workflows. * Support the development, testing, and maintenance of automated playbooks and response actions (e.g., Logic Apps). * Verifying compliance with expected practice in the operation of technology services, including security baseline and access right reviews. * Support ...

Cisco 9500, Cisco 3850, Network Operations Centre (NOC), TAC, NMC, Layer 2, Layer 3, OSPF, BGP, VLAN, STP, QoS, CCNA, CCNP, Network Monitoring, Incident Management, Shift Operations, 24x7 Support Location: Small Heath, Birmingham, West Midlands, B10 0HQ Type: Temporary Contract Hours: 8-Hour Shifts … deep technical expertise across Cisco Catalyst switching technologies including Catalyst 3850, Catalyst 9300 and Catalyst 9500 platforms. Purpose: To provide 24x7 operational support, monitoring, incident management and technical troubleshooting across critical Cisco network infrastructure, ensuring maximum network availability, performance and service reliability. Technology Stack: * Cisco Catalyst 3850/ ...

execution of cyber security across a global environment. This is a high-impact role reporting to the CTO, with responsibility for security operations, risk, incident response, and overall security maturity across the business. Key Responsibilities Lead global IT and product security Own risk management, SOC, and incident response Drive security strategy, governance, and awareness Deliver key programmes (cloud, identity, vulnerability management) Engage at C-suite level , translating risk into business decisions Build and lead a high-performing security team What We're Looking For Proven leadership in enterprise cyber security environments Strong background across multiple ...

Certificate in Cyber Security Practices, Level 2) equips you with the practical skills employers are actively seeking. From threat intelligence and security testing to incident response and ethical compliance, you’ll gain hands-on experience that prepares you for today’s fast-growing cyber security and IT roles. … Understand cyber security principles and core frameworks Threat Intelligence: Develop expertise to identify risks Testing: Conduct cyber security testing, identify vulnerabilities and implement controls Incident Response: Prepare for and respond to cyber security incidents Ethics: Understand legislation and ethical conduct within cyber security Professional Skills: Build professional skills ...

site) Join our Cyber Defence Centre (CDC) as a SOC Analyst. This is a crucial hands-on operational role within Security Operations, focused on incident detection, investigation, and response. You will play a pivotal role in ensuring effective monitoring, triage, and response to security events, while also driving … continuous improvement and detection engineering initiatives. Day-to-day of the role: Incident Detection & Response: Investigate and respond to security incidents and alerts escalated from Tier 1/Tier 2 SOC. Perform in-depth analysis and triage of security events, identifying threats and determining impact. Support high-severity ...

Principles of Cyber Security, Level 2) equips you with the practical skills employers are actively seeking. From threat intelligence and security testing to incident response and ethical compliance, you’ll gain hands-on experience that prepares you for today’s fast-growing cyber security and IT roles. … Understand cyber security principles and core frameworks Threat Intelligence: Develop expertise to identify risks Testing: Conduct cyber security testing, identify vulnerabilities and implement controls Incident Response: Prepare for and respond to cyber security incidents Ethics: Understand legislation and ethical conduct within cyber security Professional Skills: Build professional skills ...

pragmatic cyber security strategy aligned to business priorities, whilst establishing and maintaining security policies, standards, and governance frameworks. You will oversee security operations, including incident detection, response, and continuous improvement, and manage key third-party security service providers, ensuring performance and accountability. Risk management activities will … following experience: Proven interim experience in a Cyber Security Manager/Lead/Security Consultant role. Strong understanding of security operations, threat detection, and incident response practices. Experience working with SIEM, EDR, and monitoring technologies in enterprise environments. Demonstrable knowledge of security frameworks, controls, and governance models. Experience ...

private cloud platform, ensuring systems are actively monitored, vulnerabilities are managed, and services remain secure, compliant and resilient. Key Responsibilities Security Monitoring & Response Monitor SIEM, EDR and platform telemetry. Investigate alerts and perform incident triage and escalation. Conduct structured incident response activities. Vulnerability & Patch Management Execute … Release Security Assess changes for security impact. Ensure deployments meet security requirements. Support secure-by-design implementation. Documentation & Continuous Improvement Maintain SOPs, runbooks and incident documentation. Contribute to improvement of SecOps processes and tooling. Essential Experience & Skills Experience in Security Operations or SecOps. SIEM, EDR and vulnerability management tooling ...

Evaluate, select, and integrate security technologies including: Identity and Access Management (IAM) Security Information and Event Management (SIEM) Endpoint Detection and Response (EDR) Data Loss Prevention (DLP) Web Application Firewalls (WAF) Encryption and key management solutions Collaborate with engineering, DevOps, and IT teams to embed security-by-design … support Secure Software Development Lifecycles (SSDLC) Lead initiatives around incident response strategy, detection engineering, mitigation planning, and digital forensics readiness Monitor emerging cyber threats, vulnerabilities, and regulatory changes, providing expert guidance to stakeholders Produce high-quality architectural documentation supporting audit, governance, and compliance requirements Required Experience & Skills Proven ...

systematic approach to diagnosing complex technical issues Strong analytical skills to interpret data, identify patterns, and draw actionable conclusions Be involved in investigating incident response activities and postmortem analyses using Dynatrace, Grafana or provide insights. Has the ability to troubleshoot and resolve data quality issues on time, ensuring … using Cloud solutions such as Azure & AWS and containerized environments (Kubernetes, OpenShift) to implement cloud-native monitoring Have good knowledge of ITSM/incident management tools integration. Interacts with and influences colleagues and has working level contact with customers Applies methodical approach to issue definition and resolution Demonstrates effective ...

Egress and MFA solutions. Produce technical documentation and support continuous improvement initiatives across IT systems and services. Assist with information security compliance, audits and incident response activities aligned to Cyber Essentials and ISO27001 standards. Participate in an out-of-hours on-call rota and provide occasional support across ...

security posture. SIEM Mastery: Collaborate with our SOC partner to design and optimise Splunk dashboards, alerts, and data models to identify sophisticated threats. Incident Response: Act as a technical escalation point for high-priority security incidents, utilising EDR and SIEM tools to enable rapid containment. Automation: Develop Security … Orchestration, Automation, and Response (SOAR) workflows to minimise manual intervention and enhance response times. Threat Hunting: Proactively search for undetected malicious activity using specialised queries. Training: Enhance the CrowdStrike, Splunk, and security analysis skills of the existing team, providing opportunities for professional development and leadership. Qualifications – Essential ...

SIEM: Collaborate with our SOC partner to design and optimise Splunk dashboards and alerts, turning raw data into actionable intelligence to combat sophisticated threats. Incident Response: Act as a technical escalation point for high-priority security incidents, employing EDR and SIEM tools for swift containment. Automate Security Processes … Develop Security Orchestration, Automation, and Response (SOAR) workflows to minimise manual intervention and enhance response efficiency. Conduct Threat Hunting: Utilise specialised queries to proactively identify undetected malicious activities within the environment. Train the Team: Elevate the skill level of the existing team in CrowdStrike, Splunk, and security analysis. ...