1 to 25 of 295 Permanent Incident Response Jobs in England

Principal Consultant - Incident Response Salary: Up to £85,000 + cash benefits Location: London, Cardiff, Manchester, Birmingham or Edinburgh Working pattern: Hybrid - 2-3 days per week in the office About the Role Our client is seeking an experienced Principal Consultant to join their Incident Response practice. This is a senior, client-facing role within a highly regarded cyber security team, delivering proactive incident readiness engagements. You will work closely with organisations to strengthen their preparedness. This includes reviewing and developing incident response plans, facilitating tabletop exercises, running simulated attack scenarios ...

Cyber Services and Capabilities Employment Type: Full Time Location: GBR Manchester Hardman Boulevard Role Purpose: To manage and service NCC Group clients within the Incident Response space. The Managing Consultant plays a critical role within the DFIR team of experienced consultants, delivering high‐quality incident response and proactive services to clients. The role involves leading and contributing to detailed technical analysis, managing incident response activities, and ensuring effective communication and coordination throughout an engagement. With a strong focus on technically supporting clients during live incidents, the Managing Consultant is also expected to contribute ...

Incident Response Manager (Cyber Threat) - Global financial services company - Full time permanent role - Salary up to £110,000 plus bonus. Hybrid working (twice a week in the London office) A large global financial services firm is looking for an Incident Response Manager within its cyber threat … point once a month for weekends) - Deliver on information security projects - Ensuring services provided meet the business requirements To be considered suitable for this Incident Response Manager role you will need the following skills and experience: - Experience in a technical cyber/incident response role - Previous ...

Incident Response Manager (Cyber Threat) - Global financial services company - Full time permanent role - Salary up to £110,000 plus bonus. Hybrid working (twice a week in the London office) A large global financial services firm is looking for an Incident Response Manager within its cyber threat … point once a month for weekends) - Deliver on information security projects - Ensuring services provided meet the business requirements To be considered suitable for this Incident Response Manager role you will need the following skills and experience: - Experience in a technical cyber/incident response role - Previous ...

Security Incident Response Manager (Cyber Threat) - Global financial services company - Full time permanent role - Salary up to £110,000 plus bonus. Hybrid working (twice a week in the London office) A large global financial services firm is looking for an Incident Response Manager within its cyber … point once a month for weekends) - Deliver on information security projects - Ensuring services provided meet the business requirements To be considered suitable for this Incident Response Manager role you will need the following skills and experience: - Experience in a technical cyber/incident response role - Previous ...

Security Incident Response Manager (Cyber Threat) - Global financial services company - Full time permanent role - Salary up to £110,000 plus bonus. Hybrid working (twice a week in the London office) A large global financial services firm is looking for an Incident Response Manager within its cyber … point once a month for weekends) - Deliver on information security projects - Ensuring services provided meet the business requirements To be considered suitable for this Incident Response Manager role you will need the following skills and experience: - Experience in a technical cyber/incident response role - Previous ...

global platform for the LGBTQ+ business community. Please do not contact the recruiter directly. About the Role: Grade Level (for internal use): 11 Cyber Incident Response Analyst The Role As a Cyber Incident Response Analyst, you will be part of the Cyber Defence team that develops … decisively respond to security incidents, enrich investigations with timely intelligence, and help drive proactive defences. While based in the UK, you will support response and intelligence needs globally. Candidates should have a genuine interest in cyber security and a strong grasp of attacker tactics, techniques, and procedures (TTPs). ...

energy operations within a Critical National Infrastructure (CNI) environment. This role is responsible for real-time security monitoring, alert triage, investigation, and early-stage incident response. You will work with industry-standard security monitoring and incident/event management platforms to identify suspicious activity, validate alerts, and escalate … helping tune detections, and strengthening operational procedures and documentation. Key Responsibilities Monitoring and Triage Monitor security events and alerts using industry-standard SIEM and incident/event management platforms (e.g., Elastic, Microsoft Sentinel, Splunk). Perform rapid triage to determine alert validity, severity, scope, and potential business or operational ...

supportive and collaborative environment with ongoing opportunities to develop your technical expertise and progress your career within cyber security. Key Responsibilities Security Monitoring & Incident Response Monitor alerts and telemetry across endpoints, identities, email, and cloud services using Rapid7 SIEM, Microsoft Defender, and Sophos Antivirus. Investigate cyber security incidents … including malware infections, phishing attacks, identity compromise, and unauthorised access attempts. Conduct incident triage, root cause analysis, containment, remediation, and recovery activities. Lead or support incident response activities in line with internal procedures and security standards. Escalate major incidents appropriately and provide timely updates to stakeholders. Threat ...

Department: Cyber Services and Capabilities Employment Type: Full Time Location: NLD Rijswijk To manage and service NCC Group clients within the Digital Forensics and Incident Response space. The Principal DFIR Consultant plays a pivotal role within the team of seasoned analysts, actively participating in the analysis and response … collaboration, clear communication, and efficient workflow throughout technical engagements. Responding to emergency incidents, including mitigation and remediation activities. Maintaining composure and effectiveness in client incident‐management scenarios. Providing clients with high‐quality technical investigations. Collaborating in the identification, resolution, and documentation of security incidents. Conducting intelligence‐driven investigative analysis. ...

operations. This is a technical role suited to an experienced analyst with strong engineering instincts, hands-on coding capabilities, and a deep understanding of incident response, detection engineering, and adversary tradecraft. This position includes approximately one week per month of on-call availability for high-priority incident … ideal for someone who has likely grown from an engineering background and can write scripts (Python, Bash) to automate, enhance, and refine detection and response workflows. Experience with Splunk, SIEM operations, cloud endpoints, networks, and detection engineering will be highly advantageous. NOTE: Candidates for this role must be eligible ...

Services (MSSP) function, reporting directly to the Head of SOC Operations. You will act as the senior technical authority, driving excellence in threat detection, incident response, and security operations across a diverse, multi-client portfolio. While you will lead and mentor a team, this is not a purely … schedules, handovers, and on-call rotations Act as the primary escalation point for security incidents and analyst queries Ensure high-quality triage, investigation, and response aligned to SOC processes Drive team development through training, coaching, and technical mentoring Ensure accurate and timely case management (HALO) and delivery against SLAs ...

environment and you will have on-going opportunities to develop your technical skills and grow within cyber security What you will do: Security Monitoring & Incident Response Actively monitor alerts and telemetry across endpoints, identities, email, and cloud services using Rapid7 SIEM, Microsoft Defender, and Sophos AV. Investigate suspected … malware infections, phishing campaigns, identity compromise, and unauthorised access attempts. Perform triage, root cause analysis, containment, and remediation of security incidents. Lead or support incident response activities in line with internal policies and procedures. Escalate significant incidents appropriately and provide clear, timely updates to stakeholders. Threat Detection & Prevention ...

Description Senior Cyber Incident Responder Daily Rate: Inside IR35 Location: Sheffield Job Type: Hybrid (2-3 days on-site) Join our Cyber Defence Centre (CDC) as a Senior Cyber Incident Responder. This senior, business-facing role within Security Operations & Engineering focuses on end-to-end cyber incident management, coordination, and stakeholder engagement across complex environments. You will lead the response to high-severity cyber incidents, ensuring effective command, communication, and decision-making throughout the incident lifecycle. Day-to-day of the role: Incident Leadership & Management: Lead the coordination of high-severity cyber incidents ...

high-security operational environment supporting mission-critical systems. This is an exciting opportunity for a skilled Tier 2/3 SOC professional with strong incident response and SIEM expertise to work within a fast-paced enterprise Security Operations Centre. The successful candidate will be responsible for monitoring … analysing security events in real time, investigating incidents, and supporting the continuous improvement of detection and response capabilities. Key Responsibilities Monitor and analyse security events within an enterprise SOC environment Perform real-time alert triage and incident investigation Determine incident scope, priority, impact, and remediation actions Manage ...

capability across a modern hybrid estate.This is a hands-on leadership role where you'll combine technical depth with stakeholder engagement, driving security operations, incident response, and continuous improvement across infrastructure, cloud, and workplace environments. The Role You'll take ownership of cybersecurity operations, leading a small engineering … team and working closely with an outsourced SOC/MSSP to ensure robust monitoring, response, and continuous improvement. Responsibilities Leading technical incident response (containment, eradication, recovery) and post-incident analysis Owning and improving security controls across endpoints, identity, networks, and cloud platforms Driving vulnerability management, patching ...

incidents and mangment of the SOC Analysts. This is a critical leadership role, responsible for protecting the organisation against real-time cyber threats, driving incident response, and ensuring resilience across a complex technology estate. Our client is offering a 6 month rolling contract, paying … high-impact opportunity to shape cyber strategy at an enterprise level, working closely with senior stakeholders and external agencies to strengthen security posture and response capability. You will play a key role in building and evolving the CSOC capability, operating within a highly visible and business-critical function, with ...

Cyber Security Operations Centre (CSOC). This is a critical leadership role, responsible for protecting the organisation against real-time cyber threats, driving incident response, and ensuring resilience across a complex technology estate. Our client is offering a 6 month rolling contract, paying up to £850 PD Inside … high-impact opportunity to shape cyber strategy at an enterprise level, working closely with senior stakeholders and external agencies to strengthen security posture and response capability. You will play a key role in building and evolving the CSOC capability, operating within a highly visible and business-critical function, with ...

threat landscape. This is a high-impact position where you'll lead the security operations function end-to-end, driving improvements across threat detection, incident response, and overall security posture within a complex, evolving environment. The Role You'll take ownership of security operations, ensuring the business … capability. Key responsibilities include: Leading the day-to-day operations of the Security Operations function, including oversight of any outsourced SOC Managing the full incident response lifecycle (detection through to recovery and post-incident review) Overseeing threat detection, vulnerability management, and cyber defence capabilities Driving improvements across ...

evolve the position based on their strengths and expertise. The successful candidate will play a key role in strengthening security posture through SIEM ownership, incident response, and system hardening, directly contributing to Europe's technological sovereignty. The Role The IT Security Specialist will: Design, build, and operate … centralised SIEM platform to aggregate and analyse security logs across infrastructure, networks, and applications Own security log analysis, vulnerability management, and incident investigation, including defining baselines and developing alerting rules for critical events Lead incident response efforts, using log correlation and analysis to investigate and resolve security ...

strengthening and evolving their cyber defence capability. This is a high-impact leadership role where you'll own security operations end-to-end , lead incident response, and work closely with the CISO to drive continuous improvement across a mature but evolving cyber function. What you'll be doing … Leading and developing a Cyber Security Operations team Acting as incident commander during cyber events and investigations Maturing SOC, CSIRT and incident response capabilities Driving threat hunting, detection and monitoring improvements Owning vulnerability management and pen test governance Ensuring alignment with ISO27001, NIST, GDPR and regulatory expectations ...

operations. This is a technical role suited to an experienced analyst with strong engineering instincts, hands-on coding capabilities, and a deep understanding of incident response, detection engineering, and adversary tradecraft. This position includes approximately one week per month of on-call availability for high-priority incident … ideal for someone who has likely grown from an engineering background and can write scripts (Python, Bash) to automate, enhance, and refine detection and response workflows. Experience with Splunk, SIEM operations, cloud endpoints, networks, and detection engineering will be highly advantageous. NOTE: Candidates for this role must be eligible ...

business performance. Based in Hertfordshire (hybrid), you'll lead end-to-end service management across IT, logistics, fulfilment, and customer operations - owning major incident response, service performance, and continuous improvement at scale. Key responsibilities Lead end-to-end IT service management (incident, problem, change, release, configuration) aligned … ITIL 4 Own major incident management (P1/P2), acting as the senior escalation point with clear executive communication Drive root cause analysis and continuous improvement using service metrics (MTTR, trends, backlog) Oversee IT service delivery, 24/7 support operations, and ITSM tooling Coordinate cyber incident response ...

delivery of cyber security across Total IT not just the strategy, but the execution. You will take full accountability for client security roadmaps, incident response, technical controls, and the day today running of our cyber capability. This role blends hands - on technical leadership with operational delivery. Youll … person who ensures this gets done. Responsibilities: Own client cyber security roadmaps: creation, prioritisation , scheduled review, and delivery. Lead and continually improve our incident response function including triage, containment, communications, and lessons learned. Drive remediation by working closely with Service Desk, Projects, and clients. Maintain robust security reporting ...

security operations tooling (SIEM, DLP, IAM, endpoint protection) to safeguard systems and data Develop, implement, and monitor KPIs and dashboards to measure detection effectiveness, incident response performance, data protection posture, and compliance Own and support Microsoft Purview capabilities including Information Protection, Data Loss Prevention, Data Lifecycle Management … risk, compliance, data governance, and IT teams to maintain robust security controls, support audit readiness, and strengthen operational resilience Support and participate in security incident response and investigations, ensuring rapid containment, remediation, and recovery. What we are looking for in our ideal Security Operations Engineer : Proven experience ...