1 to 25 of 66 Permanent Incident Response Jobs in the South East

how it's done. At Maersk, one of the world's largest and most respected logistics and shipping companies, our Cyber team is pioneering a whole new approach to incident response. This isn't your typical SOC/CERT role: our combined fire team approach team is built on cutting-edge research and designed to drive change, resilience, and … seen before. Here, you'll be part of a dynamic team that works together to defend, adapt, and innovate with freedom and purpose. You won't just work on Incident Management; you'll help improve how it's done. Dive into purple teaming, create and refine world-class detections, shape change projects, and push the boundaries of what's … in innovative projects that allow you to bring your ideas to life, help shape the future of cybersecurity while developing new capabilities that enhance our operations. About the role: Incident Response and Leadership Lead incident management activities in response to all high priority cyber-security incidents, with the ability to remain calm and focused during crisis More ❯

will focus on creating a business strategy, gap analysis and implementation, for securing their Azure-based infrastructure, integrating security automation, ensuring PCI DSS compliance, vulnerability and penetration testing and incident response. This role will focus on developing and maintaining secure, scalable Azure DevOps pipelines and Infrastructure as Code (IaC) using Terraform. Their ideal candidate will have a strong background … every stage. Cloud Security Implementation: Leverage Azure Security Centre, Microsoft Defender for Cloud, and Microsoft Sentinel for advanced security monitoring. Threat Detection & SOAR Automation: Oversee Security Orchestration, Automation, and Response (SOAR) solutions including SOC Prime. Network & Application Security: Manage Web Application Firewalls (WAF) and Intrusion Prevention Systems (IPS). Vulnerability & Penetration Testing: Review Penetration Testing, vulnerability assessments, and security … proactively identify and remediate risks. PCI DSS Compliance: Conduct security audits, risk assessments, and ensure regulatory compliance. DNS Security: Implement and monitor DNS security solutions to prevent cyber threats. Incident Response: Formulating and documenting a solid process utilising a 3rd party support partner Security Monitoring & Logging: Develop SIEM solutions, logging strategies, and real-time threat intelligence. Monitor, audit More ❯

Ensure cybersecurity practices and security by design are integrated into business unit initiatives, motivating business units to adopt efficient security controls throughout their lifecycle. Oversight of R&B’s response to Incident, integrating cyber incident response policies with business operations to improve agility and effectiveness in cyber incident management. Work with R&B leaders to … team exercises Foster relationships with internal business units to enhance cyber security communication, including knowledge of threats, vulnerabilities, and mitigation strategies. Provide strategic insights to senior management on cyber incident response readiness and effectiveness. Collaborate with security leadership to enforce cyber security policies and practices, addressing operations and incident response. Provide expertise and knowledge to the business … and technology governance forums. The Requirements Technical skills: A comprehensive understanding of information security services (security operations and offensive security testing) Experience of strategic planning and oversight of cyber incident response and crisis management Strong understanding of cybersecurity standards and frameworks (e.g. ISO27001, NIST, CIS) and their application in strategic planning and policy development Ability to collaborate business More ❯

ISO 42001, GDPR, and DORA. This role focuses on internal audits, regulatory compliance, and readiness for external audits while also contributing to Cybersecurity Operations Center (CSOC) activities, including incident monitoring and response. How will you make an impact? Internal Audit Execution: Conduct internal audits to evaluate and enhance IT controls, compliance with standards, and risk management processes. Audit Preparation … audit teams to streamline processes and provide requested documentation and evidence. Security Monitoring: Use tools such as Rapid7 InsightIDR or other SIEM solutions to assist with security monitoring and incident detection. Incident Response Support: Participate in incident response efforts, documenting security incidents and assisting in containment and recovery actions. Threat Identification: Contribute to analyzing cybersecurity … Plus. Familiarity with CSOC tools such as Rapid7 InsightIDR or other SIEM solutions. Hands-on experience in internal and external audits, compliance assessments, and process improvement. Basic understanding of incident response frameworks and cybersecurity best practices. Exceptional analytical, organizational, and communication skills. Commitment to continuous learning and professional development in audit, compliance, and security. You will have an More ❯

Incident Responder/IR Consultant Hybrid - LondonUp to £65k + Bonus + Good bens. I'm currently working with an established cyber security business that's looking for an Incident Responder (IR/DFIR Consultant) to join their team. As an Incident Responder, you'll take the lead on active engagements involving real-world attacks such as … ransomware, data breaches, insider threats, and more. You'll conduct forensic investigations, advise clients on containment and recovery strategies, work on delivery and implementation, and produce detailed post-incident reports. This is a hands-on, client-facing role that requires a calm head, deep technical knowledge, and the ability to own high-impact situations from start to finish. You … will be working on back-to-back incidents (occasionally concurrent) so this role would suit someone who enjoys the high-pressure environment of incident response and enjoys being busy. Responsibilities: Co-ordinate and manage cyber security incident response for a diverse client base, ensuring effective containment, investigation, and recovery. Conduct in-depth digital forensic analysis of More ❯

as the monitoring and deployment services that enable the rest of engineering to develop, deliver and maintain our platform services. You will also be instrumental in both monitoring and incident response, playing a key role in ensuring maximum reliability and minimal downtime. You will collaborate with teams across the company, including developers, customer support, product owners and sales … to track the health, performance, and availability of infrastructure components and applications. Configure alerting mechanisms to notify teams of potential issues and proactively address them before they impact users. Incident Response and Root Cause Analysis: Participate in incident response activities to identify, troubleshoot, and resolve incidents. Communicate incident status and updates to ensure both internal More ❯

automation, cloud technology, and fast-paced problem-solving—and want your work to have a real impact—this could be the perfect role for you. Key Responsibilities Lead security incident response and threat detection efforts, prioritising the protection of customer data and experience Build automated detection and remediation workflows using SOAR, SIEM, and scripting (Python, SQL) Apply deep … facing and payment systems into the security monitoring platform Perform threat hunting and detection engineering to identify and address emerging risks Support security audits, compliance (PCI-DSS), and post-incident reviews Mentor junior team members and contribute to a culture of continuous improvement Participate in the on-call rotation to ensure fast, effective incident response during critical … events Key requirements: Proven Experience: 4+ years in Security Operations or Incident Response, ideally in ecommerce, retail, or fintech environments Technical Depth: Hands-on expertise with SIEM, SOAR, EDR, automation tools, Python, SQL, and cloud-native security tooling Cloud Security: Strong knowledge of AWS and Azure, especially services like WAF, Shield, IAM, and API Gateway Forensic Skills: Experience More ❯

Firm - London Are you a security professional looking to step into a high-profile, enterprise environment? One of the world’s most prestigious law firms is seeking a Senior Incident Response & SOC Engineer to join its global Information Security team, based in London . This is a rare opportunity to play a key role in the operation and … enhancement of a 24/7 SOC , handling incident response and contributing to the development of detection, automation, and reporting tools. Key Responsibilities: Lead and support incident response (IR) and investigation of security threats across a complex enterprise estate. Manage, tune, and develop SIEM and EDR technologies to enhance threat detection and response capabilities. Implement … Proven experience working in or alongside a 24/7 Security Operations Centre . Strong technical exposure to SIEM (ideally Splunk), EDR (CrowdStrike preferred), and SOAR tools. Expertise in incident handling , threat analysis , and digital forensics . Scripting or automation experience (Python, PowerShell, etc.) is highly beneficial. Knowledge of MITRE ATT&CK , NIST CSF , and related security frameworks. Legal More ❯

is a pivotal opportunity for an experienced Senior Consultant to lead large-scale cybersecurity projects across a diverse client base. The role focuses on cyber resilience, including threat intelligence, incident response, risk management, compliance, and security architecture. You will act as a trusted advisor, delivering tailored solutions that help clients enhance their cyber posture and protect their critical … the end-to-end delivery of cyber resilience projects, ensuring solutions are scalable, secure, and aligned with client goals Design and implement advanced cyber resilience solutions and frameworks Manage incident response, guiding teams through breach containment and recovery Engage directly with clients to identify requirements, provide expertise, and drive successful outcomes Facilitate Agile ceremonies to support efficient project … members, encouraging skill development and knowledge sharing Contribute to business development by producing high-quality proposals and identifying growth opportunities Skills & Experience ? Extensive expertise in threat intelligence, risk management, incident response, compliance (e.g. GDPR, ISO 27001), and security architecture ? Proficiency with tools such as Rapid7 InsightIDR/InsightVM, SentinelOne, Fortinet, Netskope, SOAR automation (Rapid7 InsightConnect), and cloud security More ❯

and lead the global cyber security strategy. This is a high-impact, senior leadership role ideal for someone who combines strategic oversight with hands-on expertise across security operations, incident response, and governance. As the business continues to modernise its technology infrastructure, this role will be central to protecting digital assets and ensuring compliance with global security and … privacy standards. What You’ll Be Doing: Define and implement the cyber security strategy, policies, and controls across a multi-regional environment. Lead global security operations, including threat detection, incident response, and risk mitigation. Manage compliance with standards such as ISO27001, NIST, Cyber Essentials+, and GDPR. Build and develop a high-performing cyber team spanning multiple international offices. … Collaborate with senior leadership, risk committees, and external vendors to ensure alignment on cyber risk and mitigation. Own the incident response function, including planning, testing, and leading responses when required. Drive security awareness across the organisation with a measurable, well-governed training programme. What We’re Looking For: Minimum 5 years’ experience in a senior cyber security role More ❯

a leading organisation based in Croydon, who are looking to employ an experienced Cyber Security Manager with an in-depth knowledge of Cybersecurity frameworks, tools, and technologies, ISO27001 adoption, Incident management and Change management. This role involves the development and implementation of security strategies, policies, and procedures to protect against cybersecurity threats, as well as actively monitoring and responding … per week Some of the main duties of the Cyber Security Manager will include: * Security Strategy & Implementation: Design, implement, and maintain comprehensive cybersecurity policies, procedures, and controls* Threat Detection & Response: Continuously monitor the digital environment for potential vulnerabilities and security breaches* Incident Management : Lead incident response activities, coordinating with IT teams to mitigate risks and minimise … damage. Responsible for writing incident reports, gathering input across the technical and business teams to then share the report and project management of any improvement change actions* Security Integration & System Management: Collaborate with IT and development teams to ensure security is embedded in all new and existing applications, systems, and network infrastructure* Risk Management & Compliance: Ensure compliance with industry More ❯

responsible for implementing and managing security infrastructure, responding to threats, and ensuring compliance across systems. You'll work with various cyber security solutions while driving security best practices and incident response. If you have experience in cybersecurity tools, governance, and access management-and want to use your skills to support a mission that changes lives-this is your chance … Operations Specialist you will play a critical role in protecting our digital infrastructure. You'll lead the implementation and management of SIEM systems, Fortinet security tools, and endpoint detection & response (EDR) while conducting vulnerability assessments and penetration testing to stay ahead of cyber threats. You'll enhance identity and access management (IAM) by maintaining Active Directory, Entra ID, MFA … and Zero Trust security principles. Your expertise in network security, VPNs, SD-WAN, and Microsoft Defender solutions will help safeguard our systems, while your contributions to incident response, governance, and security strategy will shape the future of our cybersecurity posture. If you're passionate about cybersecurity and want to make a meaningful impact, then this role is for More ❯

incidents and escalate as appropriate Collaborate with the SOC and internal teams to respond to and resolve security events Drive vulnerability remediation across infrastructure and cloud environments Participate in incident response activities, forensic investigations, and risk mitigation Participate in an on-call rota for out-of-hours cyber incident response What We're Looking For Experience More ❯

incidents and escalate as appropriate Collaborate with the SOC and internal teams to respond to and resolve security events Drive vulnerability remediation across infrastructure and cloud environments Participate in incident response activities, forensic investigations, and risk mitigation Participate in an on-call rota for out-of-hours cyber incident response What We're Looking For Experience More ❯

and experience: An experienced threat intelligence lead (or similar). Expert in cybersecurity, with a focus on threat management and defensive security in regulated environments. Proficient in threat management, incident response and remediation tools. Strategic development in cyber threat intelligence research, process automation, knowledge sharing and team training. Skilled in using threat frameworks (e.g. MITRE ATT&CK, Cyber … Kill chain). Experienced in using OSINT and security analysis tools (e.g. Shodan, Censys, Qualys, Virus Total, EDR, AV). Experience supporting incident response or vulnerability management programs. Professional certifications in Cyber and Information Security (e.g. OCSP, GREM, CEH). Strong analytical and problem-solving abilities, translating complex technical issues into actionable recommendations. An excellent communicator with the More ❯

incidents using SIEM tools (Splunk) to create detection use cases, analyse security event data for proactive threat hunting and conduct research on the latest threats and vulnerabilities to enhance incident response readiness and capabilities. Location/WFH: You'll join the team in the Frankfurt office three days a week with flexibility to work from home the other … two days. About you: You are degree educated in Cyber Security or Computer Science You have strong experience in Security Operations and Incident Response You have experience of performing analysis with SIEM technologies, Splunk preferred You have experience with proactive threat hunting using MITRE ATT&CK or similar frameworks You have a deep understanding of security appliances/ More ❯

the organization's digital assets. They work closely with the CISO,Legal, Compliance, technical and business teams to ensure proactive protection against cyber threats, regulatory compliance,risk management and response to security incidents. The role will build relationships with departments to ensure identification and continuous progression of security threats in ourfast-paced SaaS technology business. This role blends operational … threats. • Deliver Information Security and Cybersecurity project management. • Monitor and manage digital access controls across cloud platforms, internal systems, and third-party tools. • Assist in the detection, investigation, and response to security incidents, including unauthorized access, phishingattempts, and data anomalies. • Collaborate with cybersecurity teams and other third parties to analyse threat intelligence feeds and proactively identifyemerging risks. • Participate in … and continuous improvement of security operations. Cybersecurity Management: • Supervise technological security measures including SIEM, DLP, IDS/IPS, Firewall, WAF, cryptological mechanisms, EDR • Analyse security alerts and conduct technical incident investigations. • Run and monitor vulnerability tests and periodic scans of key assets • Collaborate on managing security patches and updates with Internal IT, CloudOps and Engineering teams • Document technical findings More ❯

cutting-edge innovation. As part of our team, you'll have the opportunity to work on impactful projects that drive the future of intelligent transportation systems. Responsibilities: Participate in incident prevention, response, and remediation efforts, learning and applying best practices. Design, build, and maintain scalable cloud services that support device observability, OTA updates, and fleet operations. Lead efforts … CI/CD pipelines for cloud services, enabling efficient, secure, and automated delivery processes. Set and uphold high standards for software engineering and DevOps practices across the team, including incident response, monitoring, and postmortems. Collaborate with cross-functional teams-including hardware, product, and other engineering teams-to define system requirements and deliver robust end-to-end solutions. Drive More ❯

doing: Monitor, triage, and investigate security incidents on critical client infrastructure. In-depth analysis of network traffic, logs, and system events to identify potential security threats and vulnerabilities. Provide Incident Response support. Maintain, improve and develop team knowledge of SOC tools, security operations and triage. Prepare reports for managed clients to both technical and non-technical audiences and … continuously improve their content and presentation. Maintain and update security incident documentation, including incident reports, analysis findings, and recommended mitigation strategies. What you will bring : Experience in Security Operations Centre. Demonstrable experience of Managing Microsoft Sentinel or Splunk implementations. Knowledge and experience with Mitre Att&ck Framework. Solid grasp of client-server applications, multi-tier web applications, relational More ❯

CD pipelines Identify and remediate vulnerabilities in applications and cloud environments Collaborate with development teams to improve secure coding practices Contribute to and maintain security documentation and processes Support incident response activities and post-incident analysis Automate security testing, monitoring, and alerting mechanisms Provide clear and actionable security guidance to technical stakeholders Design pragmatic security solutions aligned More ❯

operational processes. You will work alongside the Client Services and Support Team Manager-who handles frontline support-focusing on the end-to-end service lifecycle, including service design, transition, incident management, change coordination, and operational governance. Key Responsibilities Leadership & Strategy Collaborate with the Head of Operations to develop and implement strategic plans that enhance operational efficiency, service reliability, and … innovation, and continuous improvement. Mentor and develop team members, encouraging professional growth and performance excellence. Operational Management Own and manage daily service operations (excluding frontline support), including change enablement, incident coordination, major incident response, service reviews, and reporting. Oversee resource allocation across projects and functions, ensuring optimal use of team capabilities, staffing, and budget. Monitor and analyse … Governance Drive governance and best practices across the service lifecycle-covering service design, transition, operation, and continual improvement. Act as a coordination lead for high-impact incidents, manage post-incident reviews (RCAs), and implement corrective actions. Continuously evaluate and refine operational processes (e.g., change management, environment readiness, incident/problem workflows). Cross-functional Collaboration Partner with Development More ❯

with internal policies, external regulations and industry good practice. (e.g., GDPR, ISO27001, CIS, ISF, NIST). Provide expert guidance on security best practices, threat modelling, and mitigation strategies. Support incident response and post-incident reviews from an architectural perspective. Skills and experience you need asInformation Security & Assurance Specialist: Strong understanding of all security principles and underlying technologies More ❯

across technical and operational teams to ensure robust security controls and compliance with industry standards. Key Responsibilities: Conducting assurance reviews and risk assessments Embedding security into solution designs Supporting incident response and post-incident analysis Ensuring compliance with GDPR, ISO27001, NIST, and other frameworks Advising on threat modelling and mitigation strategies What We're Looking For: Strong More ❯

that enable consistent environment provisioning, application deployment, and system observability. Ensure that automated solutions improve speed, reliability, and operational visibility across the full software delivery lifecycle. Take ownership of incident management, leading the coordination of response activities to restore service quickly. Facilitate post-incident reviews to identify root causes, document learnings, and drive corrective actions that prevent … Ensure documentation is accessible, accurate, and kept up-to-date to support transparency and knowledge sharing. Establish meaningful operational and delivery metrics such as deployment frequency, system reliability, and incident response times. Provide regular reporting to stakeholders to inform decision-making and continuous improvement priorities. Provide technical mentorship and support to DevOps Engineers, helping them develop their technical More ❯

Conditional Access, within Azure AD and Microsoft 365. Collaborate with Risk and Compliance teams to ensure infrastructure aligns with enterprise security frameworks (e.g. ISO 27001, NIST, CIS). Support incident response, vulnerability remediation, and disaster recovery planning. Promote a culture of continuous improvement and secure-by-design principles across the technology team. Provide technical leadership and mentoring to More ❯