1 to 25 of 222 Permanent Incident Response Jobs in England

relentless focus on operational excellence, the Head of Security Services builds and empowers high-performing teams to deliver 24/7 threat detection, rapid incident response, and proactive risk management. This includes ownership of security controls, security testing, tech assurance and vulnerability and threat management, and incident response across the organisation. Collaboration is at the heart of this position. By working across the GCS Leadership Team, with business and technology stakeholders, and with industry experts to align strategy, share intelligence, and drive a single, cohesive approach to security services, this leader ensures the Group ...

integrating SAST, DAST, and SCA tooling to maintain supply chain integrity Engineer Kubernetes security solutions, including RBAC, network policies, and runtime protection Detection, Monitoring & Incident Response Perform incident response activities including triage, containment, eradication, and recovery Develop and optimise security detections (e.g. Sentinel, KQL, YARA) Manage … logging, ingestion pipelines, and monitoring infrastructure Conduct threat hunting and analysis to identify emerging risks Lead or support incident investigations, including post-incident reviews and remediation Vulnerability & Risk Management Identify, track, and remediate vulnerabilities across cloud, endpoint, and infrastructure environments Implement controls arising from security assessments, audits ...

Investigator - Cyber Incident Response Location Flexible (UK) Please Note: Due to the nature of client work you will be undertaking, you will need to be willing to go through a Security Clearance process as part of this role, which requires 5+ years UK address history at the point … working with cutting-edge technologies and will have the opportunity to develop a wide range of new skills. At Accenture, our global Incident Response team takes on some of the hardest and most meaningful challenges in cyber security. When major organisations are breached, when ransomware hits the headlines ...

modernisation of its technology and security environment. As part of this programme, the organisation is strengthening its Security Operations capability to improve threat detection, response, and operational automation across its infrastructure and cloud platforms. This role sits within a small, hands-on Security Operations team reporting into the Head … SecOps. The team works closely with an external MSSP that provides 24/7 monitoring support, while internal engineers focus on detection quality, incident response, and improving operational capabilities. The position is intentionally broad - blending elements of detection engineering, alert investigation, threat hunting, and automation - and will play ...

ensuring the organisation's systems, networks, and data remain protected against evolving cyber threats. As the SecOps Lead, you will manage security monitoring and incident response activities while providing strategic direction for security tools including SIEM and Endpoint Detection & Response (EDR) platforms. You will work closely with … daily operational activities and performance. Define and implement the strategy and operational roadmap for security monitoring, detection, and response. Own and manage the security incident response lifecycle, including investigation, containment, remediation, and post-incident reviews. Lead incident response efforts during high-severity security events ...

tasks specialized at threat hunting, SIEM/SOAR, Network Security and other operational security tasks such as performance and availability monitoring, log monitoring, security incident detection and response, security event reporting, and content maintenance (tuning). What we are looking for Key Responsibilities: Serves as a senior member … optimization of enterprise security platforms, overseeing lifecycle management including break-fix, patching, version upgrades, and integration with broader security ecosystems. Directs complex security incident response efforts across multiple vectorsendpoint protection, EDR, malware analysis, network and computer forensicsensuring rapid containment and root cause analysis. Designs and executes advanced vulnerability ...

Developer Role Candidates in this role are responsible for the development and maintenance of the code and capabilities of the Security Orchestration, Automation and Response (SOAR) platform. Candidates will work with the Manager of Detection & Response Engineering and will work jointly with our detection engineering, threat detection … response teams to specify clear priorities, evaluate technical tradeoffs, and build high-impact features within the SOAR platform. The candidates' main responsibilities will be to: Focus on the development, maintenance, and delivery of new Security Orchestration and Automation content including custom SOAR Playbooks, Automations/Scripts, Jobs, dashboards, reports ...

build integrated, automated security workflows that support modern security operations. Key Responsibilities Define and own the ServiceNow SecOps architecture across modules including Security Incident Response (SIR), Vulnerability Response (VR), Threat Intelligence, and Configuration Compliance . Design and deliver integrations between ServiceNow and cybersecurity tools such as SIEM … SOAR, EDR platforms, threat intelligence feeds, and CMDB. Collaborate with cybersecurity, IT operations, and engineering teams to design secure workflows for incident response, vulnerability management, and risk mitigation . Lead platform strategy and define the roadmap for ServiceNow SecOps capabilities across the organisation. Ensure solutions are scalable, secure ...

Lead SOC Analyst, the position will act as the escalation point for complex security incidents, driving investigations, guiding junior analysts, and ensuring effective response and remediation across critical systems. Whats on Offer Salary: £55,000 £65,000 25% shift allowance on top of base salary Structured shift pattern … days and nights (3 days on/4 days off rotation) Exposure to highly secure, cutting-edge infrastructure environments Opportunity to work on advanced incident response and threat analysis Career progression within a specialist cyber security function What You Need To be successful in this role, candidates should ...

strong security posture across mission-critical systems. You will operate within a 24/7 Security Operations Centre , leading your assigned shift, coordinating incident response activities, and ensuring operational continuity in the absence of senior management. Key Responsibilities Lead investigations into escalated security incidents, assessing attack vectors, scope … business impact. Correlate telemetry across SIEM, EDR, network, and cloud data sources to form complete incident narratives. Direct containment, eradication, and recovery actions in partnership with IT/OT stakeholders. Own medium- and high-severity incident response activities, producing detailed investigation documentation. Tune and optimise detection content ...

platforms. The SOC Shift Lead will take ownership of security operations during assigned shifts, acting as the senior escalation point for complex incidents, leading response activities, and ensuring effective coordination across teams. This role also carries leadership responsibility, including oversight of analysts and accountability in the absence of senior … Clear progression within a specialist cyber security function What You Need To succeed in this role, candidates should demonstrate: 710 years experience in SOC, incident response, or threat analysis Strong leadership capability, with experience mentoring or guiding analysts Proven experience acting as an escalation point for high-severity ...

heart of a thriving Cyber Practice covering Assurance, Compliance, SecOps, Offensive Security and Research. You’ll play a pivotal part in threat detection, incident response, detection engineering, and security monitoring — helping defend major UK organisations. This role is perfect for someone who thrives in technical depth, enjoys problem … improvements Review and uplift existing SecOps standards, logging maturity, BAU monitoring and threat‐led optimisation Perform day‐to‐day security monitoring, alert triage and incident response (9am–5:30pm rota) Investigate cyber security incidents and provide technical leadership during escalations Mentor junior analysts through shadowing and hands ...

work will include proactive security monitoring across our hybrid cloud and on premises environment, triaging and investigating alerts, and supporting coordinated incident response activities. You will operate our vulnerability management processes, translate threat intelligence into actionable defences, and contribute to the improvement of detection content and security controls. … contribute to several high impact initiatives including: Establishing a more mature, risk based vulnerability management lifecycle and reducing exposure windows across critical systems Enhancing incident response readiness through improved playbooks, scenario testing, and lessons learned processes Uplifting monitoring coverage and the effectiveness of SIEM/EDR/ ...

targeting. Drawing on deep experience in how datadriven products work, you'll guide teams through complex devicelevel data flows, assess realworld impacts, and lead incident response when risks surface. Alongside this, you'll help build and evolve a practical privacy toolkit-patterns, guardrails, and automated checks-that teams … with delivery teams - review technical designs, implementations, and onboarding of new tools, SDKs, vendors, and platforms, challenging approaches where privacy risks emerge. Lead privacy incident response - act as the onpoint SME during incidents, supporting rootcause analysis, impact assessment, and remediation. Raise capability across teams - coach engineers and product ...

endpoint, email, identity, network, cloud and application layers. Manage and integrate a broad ecosystem of third-party cyber security platforms, including managed detection and response services, email security gateways, vulnerability management tools, privileged access management and threat intelligence services. Lead and support cyber security incident response activities … including investigation, containment, remediation and post incident review. Oversee security monitoring, alerting and response processes, working closely with managed service providers where applicable. Conduct and coordinate vulnerability assessment and remediation activities across infrastructure, endpoints, applications and cloud services. Support regulatory, client and internal audits (e.g. ISO 27001), including ...

Vitality BournemouthOffice.Full time, 35 hours per week. We are happy to discuss flexible working! Top 3 skills needed for this role: Security Operations Leadership & Incident Response Risk, Governance & Regulatory Compliance Technical Depth in Monitoring & Security Engineering What this role is all about: Join our dynamic, values-led organisation … CISO in delivering our security strategy, lead a team of analysts, and oversee key controls that protect member data. The role includes security monitoring, incident response, developing playbooks, and managing the CSIRT function. Key Actions Leadership and management of the Cyber Security Operations team Conducting cyber security maturity ...

GDPR and guidance from the National Cyber Security Centre. Work with internal teams and suppliers to implement proportionate and effective security controls. Security Operations & Incident Management Act as the primary point of contact for security incidents, leading or coordinating response activities. Take a hands-on role in incident investigation, root cause analysis, and remediation. Ensure that incident response processes are aligned to the operational needs of emergency service environments, including timely escalation and communication. Oversee vulnerability management, security testing, and remediation activities, engaging third parties where required (e.g., CHECK providers). Service Resilience & Operational Security ...

dashboards, alerts, and log data to identify suspicious or malicious activity. Alert Triage: Perform initial investigation and prioritisation of security alerts, escalating where necessary. Incident Response (L1): Assist in incident investigation, gather relevant evidence, and support escalation to senior analysts or IR teams. Threat Detection: Support detection … Exposure to SIEM tools (e.g., Sumo Logic, Microsoft Sentinel) Familiarity with EDR/XDR tools (e.g., CrowdStrike, Microsoft Defender) Basic understanding of: Security operations Incident response lifecycle Networking fundamentals (TCP/IP, DNS, etc.) Strong analytical and problem-solving skills Good communication skills (written and verbal) Ability ...

built for you.We’re hiring a hands-on Senior Security Analyst/Security Engineer to strengthen a Microsoft-centric security posture across detection, response, tooling, and infrastructure hardening. Not a one-lane SOC role. Not governance-heavy. This role blends incident response with security engineering and hardening … Cyber Essentials, NIST, SOC2) Contribute to threat hunting, threat intelligence application and proactive monitoring Support operational resilience: scenario testing, DR exercises, post-incident reviews Assist with security tooling assessments (including AD hardening tools ) Essential Experience (Must Haves) Candidates must have: Security Engineering & Hardening IAM, PIM/PAM , identity lifecycle ...

automated deployment processes across environments. Monitoring & Observability: Implement and maintain monitoring solutions for infrastructure and applications. Develop dashboards and alerting systems to ensure proactive incident and security event management. Evaluate and integrate new observability tools as needed. Automation & Tooling: Automate repetitive tasks to improve efficiency and reduce human error. … Azure environments. Ensure scalability, resilience, and security of service-based architectures. Implement cost management strategies to optimise cloud spend without compromising performance or security. Incident Response & Root Cause Analysis: Lead incident response efforts, including security incidents, and conduct post-mortem reviews. Drive continuous improvement through lessons ...

Disaster Recovery (DR) frameworks Technology resilience planning across infrastructure, cloud, networks, applications, and data Organisation-wide Business Continuity Plan ownership and governance Major incident and crisis response coordination DR and continuity testing — scenario, tabletop, live and technology-led Cyber-resilience integration with security and incident response … Operational Resilience, Business Continuity, Disaster Recovery or Technology Risk Strong awareness of IT architecture, cloud services, infrastructure, and tech-led recovery processes Confidence leading incident response and crisis coordination Experience with resilience exercises, DR walkthroughs, failover testing, and scenario simulations Ability to work cross-functionally with Technology, Cyber ...

strong observability and auditability, including logging, monitoring, alerting, and security events. ·Design systems assuming attack, failure, and misuse as default scenarios. ·Lead cloud-level incident response and post-incident reviews. ·Ensure the platform meets expectations for a trading/regulated environment. Reliability, DR & Resilience ·Design, implement … trading, or other security-sensitive environments. ·Experience with containerised and event-driven systems. ·Experience inheriting, hardening, or cleaning up existing cloud environments. ·Familiarity with incident response and DR testing in cloud platforms. Working Style ·Proactive and self-directed; sees gaps and addresses them without prompting. ·Detail-oriented ...

Join our leading consulting firm's Technology & Transformation practice as a Technical Incident Responder (permanent or FTC, hybrid working). Help clients manage cyber risks through proactive and reactive incident response, network forensics, and threat eviction within a UK Cyber team delivering cutting-edge resilience services. What … Lead cyber incident response engagements, supervising technical/non-technical teams and managing incidents. Perform network forensics to detect malicious activity using traffic analysis. Conduct forensic/memory analysis on Windows/Unix/Linux for host-based threats. Deliver proactive IR advisory, including response process creation ...

Security Operations Manager/SOC Lead to lead and develop their cyber security operations capability. The role will oversee SOC operations, threat detection, and incident response, while driving improvements across security monitoring, automation, and response processes. Key experience required: Strong experience in cyber security operations Strong experience … leading or mentoring SOC teams Strong knowledge of incident response and threat detection Experience with SIEM platforms such as LogRhythm, Splunk, or Microsoft Sentinel Familiarity with SOAR platforms, EDR/XDR tools (eg CrowdStrike, Defender, SentinelOne) and cloud security monitoring across Azure, AWS, or GCP Understanding of frameworks ...

Security Operations Manager/SOC Lead to lead and develop their cyber security operations capability. The role will oversee SOC operations, threat detection, and incident response, while driving improvements across security monitoring, automation, and response processes. Key experience required: Strong experience in cyber security operations Strong experience … leading or mentoring SOC teams Strong knowledge of incident response and threat detection Experience with SIEM platforms such as LogRhythm, Splunk, or Microsoft Sentinel Familiarity with SOAR platforms, EDR/XDR tools (eg CrowdStrike, Defender, SentinelOne) and cloud security monitoring across Azure, AWS, or GCP Understanding of frameworks ...