1 to 25 of 516 Permanent Incident Response Jobs in the UK

global basis, the resilience of operations has become a board level issue. Responsibilities You will provide our clients with a full spectrum of services, covering proactive and reactive Cyber Incident Response (CIR) Services. The proactive arm of our business covers a breadth of propositions, including playbook development, wargaming, readiness assessments, post-breach assessments, managed threat hunting as well … as implementing response automation technologies. Our specialists work with clients to uplift their maturity and fundamentally enhance their preparedness to respond, via targeted capability uplift, C-Suite awareness campaigns and training. Our technical response team support our clients in live incident responses by working to identify root causes and evict threats. Our professionals apply their experience and … award-winning vendor relationships, we can do whatever it takes - from improving the security of a single component to delivering a holistic security and privacy program. As a Cyber Incident Response Advisory and Incident Management Senior Manager or Associate Director, you will focus on developing our business across both proactive and reactive services, whilst leading our advisory More ❯

global basis, the resilience of operations has become a board level issue. Responsibilities You will provide our clients with a full spectrum of services, covering proactive and reactive Cyber Incident Response (CIR) Services. The proactive arm of our business covers a breadth of propositions, including playbook development, wargaming, readiness assessments, post-breach assessments, managed threat hunting as well … as implementing response automation technologies. Our specialists work with clients to uplift their maturity and fundamentally enhance their preparedness to respond, via targeted capability uplift, C-Suite awareness campaigns and training. Our technical response team support our clients in live incident responses by working to identify root causes and evict threats. Our professionals apply their experience and … award-winning vendor relationships, we can do whatever it takes - from improving the security of a single component to delivering a holistic security and privacy program. As a Cyber Incident Response Advisory and Incident Management Senior Manager or Associate Director, you will focus on developing our business across both proactive and reactive services, whilst leading our advisory More ❯

global basis, the resilience of operations has become a board level issue. Responsibilities You will provide our clients with a full spectrum of services, covering proactive and reactive Cyber Incident Response (CIR) Services. The proactive arm of our business covers a breadth of propositions, including playbook development, wargaming, readiness assessments, post-breach assessments, managed threat hunting as well … as implementing response automation technologies. Our specialists work with clients to uplift their maturity and fundamentally enhance their preparedness to respond, via targeted capability uplift, C-Suite awareness campaigns and training. Our technical response team support our clients in live incident responses by working to identify root causes and evict threats. Our professionals apply their experience and … award-winning vendor relationships, we can do whatever it takes - from improving the security of a single component to delivering a holistic security and privacy program. As a Cyber Incident Response Advisory and Incident Management Senior Manager or Associate Director, you will focus on developing our business across both proactive and reactive services, whilst leading our advisory More ❯

Cyber Incident Response Lead £60,000 - £70,000 + bonus + extensive benefits Full Time/Permanent Hybrid/West Midlands - 1 day a month in the office The Role and Company: I am looking for a driven Cyber Incident Response Lead to join a large nationally recognised brand head quartered in the West Midlands. As … the Cyber Incident Response Lead you will be responsible for protection of system assets and people from Cyber Security threats. You will work as part of a world class Cyber Security Incident Response Team ensuring that the business is prepared to respond in a coordinated manner to any Cyber Security incidents the organisation may face. We … looking for someone Midlands based who can be on site in Warwickshire 1 day a month on average. Key Responsibilities: Lead and mentor a small but growing team of Incident Responders. Lead the coordination of incident response efforts related to Cyber Security incidents. Plan and deliver incident readiness activities such as exercises. Facilitate and manage relationships More ❯

Principal Incident Response Consultant – MOD DV Location: UK wide – Remote Salary - £85,000 - £110,000 + excellent benefits Clearance - DV clearance required We're seeking a Principal Incident Response Consultant to join our client's elite cybersecurity and digital forensics team. This is a client-facing role where you'll lead DFIR (Digital Forensics & Incident Response) investigations, guide executives through cyber incidents, and help organisations strengthen their threat detection, response, and resilience. If you're an expert in incident response, threat hunting, and forensic analysis and thrive under pressure, this is your opportunity to work on some of the UK's most significant cyber cases. Key Responsibilities Incident Response … intelligence and MITRE ATT&CK to attribute attacks and inform proactive defences. Crisis Management: Lead coordination between internal stakeholders, third parties, and law enforcement. Cybersecurity Advisory: Help clients improve incident readiness, detection engineering, and response capabilities. Innovation: Contribute to new playbooks, tools, and methodologies to evolve our DFIR practice. Mentorship: Train and coach junior consultants in incident More ❯

Principal Incident Response Consultant – Cybersecurity/DFIR/Threat Hunting Location: UK wide – Remote Salary - £85,000 - £110,000 + excellent benefits Clearance - DV clearance required We’re seeking a Principal Incident Response Consultant to join our client’s elite cybersecurity and digital forensics team. This is a client-facing role where you’ll lead DFIR … Digital Forensics & Incident Response) investigations, guide executives through cyber incidents, and help organisations strengthen their threat detection, response, and resilience. If you’re an expert in incident response, threat hunting, and forensic analysis and thrive under pressure, this is your opportunity to work on some of the UK’s most significant cyber cases. Key Responsibilities … Incident Response Leadership: Take charge of high-profile cyber incidents, from breach triage and containment to full recovery. Client Engagement: Act as a trusted advisor to CISOs, boards, and regulators, providing executive-level briefings during and after incidents. Forensics & Threat Hunting: Conduct advanced forensic investigations across endpoints, servers, networks, cloud platforms, and SaaS. Adversary Analysis: Use threat intelligence More ❯

to lead and produce deliverables based on reactive services client engagements. The Principal Consultant will work directly with multiple customers and key stakeholders (Admins, C-Suite, etc) to manage incident response engagements and provide guidance on longer term remediation. Your Impact Weekend Work Schedule is Friday-Monday (10 hr work day/40 hr work week) Perform reactive … incident response functions including but not limited to - host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs) Examine firewall, web, database, and other log sources to identify evidence of malicious activity Investigate data breaches leveraging forensics tools including Encase, FTK, X-Ways, SIFT, Splunk, and custom Crypsis investigation … tools to determine source of compromises and malicious activity that occurred in client environments Manage incident response engagements to scope work, guide clients through forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations Ability to perform travel requirements as needed to meet business demands (on average 20%) Mentorship of team members in incident More ❯

to lead and produce deliverables based on reactive services client engagements. The Principal Consultant will work directly with multiple customers and key stakeholders (Admins, C-Suite, etc) to manage incident response engagements and provide guidance on longer term remediation. Your Impact Weekend Work Schedule is Friday-Monday (10 hr work day/40 hr work week) Perform reactive … incident response functions including but not limited to - host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs) Examine firewall, web, database, and other log sources to identify evidence of malicious activity Investigate data breaches leveraging forensics tools including Encase, FTK, X-Ways, SIFT, Splunk, and custom Crypsis investigation … tools to determine source of compromises and malicious activity that occurred in client environments Manage incident response engagements to scope work, guide clients through forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations Ability to perform travel requirements as needed to meet business demands (on average 20%) Mentorship of team members in incident More ❯

to lead and produce deliverables based on reactive services client engagements. The Principal Consultant will work directly with multiple customers and key stakeholders (Admins, C-Suite, etc) to manage incident response engagements and provide guidance on longer term remediation. Your Impact Weekend Work Schedule is Friday-Monday (10 hr work day/40 hr work week) Perform reactive … incident response functions including but not limited to - host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs) Examine firewall, web, database, and other log sources to identify evidence of malicious activity Investigate data breaches leveraging forensics tools including Encase, FTK, X-Ways, SIFT, Splunk, and custom Crypsis investigation … tools to determine source of compromises and malicious activity that occurred in client environments Manage incident response engagements to scope work, guide clients through forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations Ability to perform travel requirements as needed to meet business demands (on average 20%) Mentorship of team members in incident More ❯

engagements. The Principal Consultant will work directly with multiple customers and key stakeholders (security teams, system and network administrators and owners, C-Suite, etc.) to manage and deliver proactive incident preparedness engagements, as well as wider proactive assessments and services. Your Impact Lead proactive incident preparedness projects, including but not limited to TableTop Exercises (TTX), Incident Response Plans and Response Maturity Assessments Review Crisis Management, Incident Response, Business Continuity and Disaster Recovery Plans, and other relevant documents that support holistic business resilience Plan and deliver a range of TTXs, including writing post exercise reports that provide detailed analysis and recommendations on areas for improvement Manage and contribute incident preparedness and other cyber … security engagements from initial scoping through to delivery Ability to perform travel requirements as needed to meet business demands (on average 20%) Qualifications Your Experience 8+ years of incident preparedness and/or incident response related consulting experience with a passion for cyber security Experience with leading and delivering complicated engagements including scoping, interfacing with the client More ❯

engagements. The Principal Consultant will work directly with multiple customers and key stakeholders (security teams, system and network administrators and owners, C-Suite, etc.) to manage and deliver proactive incident preparedness engagements, as well as wider proactive assessments and services. Your Impact Lead proactive incident preparedness projects, including but not limited to TableTop Exercises (TTX), Incident Response Plans and Response Maturity Assessments Review Crisis Management, Incident Response, Business Continuity and Disaster Recovery Plans, and other relevant documents that support holistic business resilience Plan and deliver a range of TTXs, including writing post exercise reports that provide detailed analysis and recommendations on areas for improvement Manage and contribute incident preparedness and other cyber … security engagements from initial scoping through to delivery Ability to perform travel requirements as needed to meet business demands (on average 20%) Qualifications Your Experience 8+ years of incident preparedness and/or incident response related consulting experience with a passion for cyber security Experience with leading and delivering complicated engagements including scoping, interfacing with the client More ❯

engagements. The Principal Consultant will work directly with multiple customers and key stakeholders (security teams, system and network administrators and owners, C-Suite, etc.) to manage and deliver proactive incident preparedness engagements, as well as wider proactive assessments and services. Your Impact Lead proactive incident preparedness projects, including but not limited to TableTop Exercises (TTX), Incident Response Plans and Response Maturity Assessments Review Crisis Management, Incident Response, Business Continuity and Disaster Recovery Plans, and other relevant documents that support holistic business resilience Plan and deliver a range of TTXs, including writing post exercise reports that provide detailed analysis and recommendations on areas for improvement Manage and contribute incident preparedness and other cyber … security engagements from initial scoping through to delivery Ability to perform travel requirements as needed to meet business demands (on average 20%) Qualifications Your Experience 8+ years of incident preparedness and/or incident response related consulting experience with a passion for cyber security Experience with leading and delivering complicated engagements including scoping, interfacing with the client More ❯

We're Hiring: Principal Incident Response Investigator/Consultant - Remote - £85k 📍 UK-based | DV Clearance Required (or ability to attain) 💼 Consulting | Cyber Security | Digital Forensics | Incident Response Are you ready to lead the front line in cyber defence? We’re looking for a Principal Incident Response Investigator/Consultant to take the lead in … a seasoned professional who thrives under pressure, communicates with confidence, and brings deep technical expertise to the table. 💥 What You’ll Do Lead Complex Investigations : Own end-to-end incident response engagements — from triage and containment through to forensic analysis, recovery, and reporting. Take Command in Crisis : Act as incident commander for major breaches, guiding clients, coordinating … of the moment. Apply Deep Forensics : Investigate across Windows, Linux, macOS, cloud, SaaS, and hybrid environments. Grow Our Capabilities : Develop playbooks, tools, and methodologies that raise the bar for incident response delivery. Mentor & Inspire : Coach junior investigators and contribute to internal knowledge sharing and external thought leadership. 🔐 What We're Looking For DV clearance (or the ability to More ❯

Principal Cyber Security Incident Response Analyst 60,000 - 70,000 Full Time/Permanent West Midlands/Hybrid (1-2 days a month in the office ideally) The Role I am looking for a driven and experienced Principal Cyber Security Incident Response Analyst to join a large nationally recognised brand head quartered in the West Midlands. … As a Principal Cyber Security Incident Response Analyst, you will play a pivotal role in protecting critical systems, assets, and people from cyber security threats. You'll be part of a world-class team, working at the forefront of threat detection and response. We are ideally looking for someone Midlands based who can be on site in Warwickshire … on average. Responsibilities: Provide leadership and mentorship to Analysts and Senior Analysts, fostering a culture of excellence and continuous development. Drive the evolution and enhancement of the Cyber Security Incident Response function, ensuring the team consistently meets and exceeds key performance indicators. Lead investigations and remediation efforts for cyber security incidents and alerts across diverse sources, including network More ❯

Principal Cyber Security Incident Response Analyst £60,000 - £70,000 Full Time/Permanent West Midlands/Hybrid (1-2 days a month in the office ideally) The Role I am looking for a driven and experienced Principal Cyber Security Incident Response Analyst to join a large nationally recognised brand head quartered in the West Midlands. … As a Principal Cyber Security Incident Response Analyst, you will play a pivotal role in protecting critical systems, assets, and people from cyber security threats. You'll be part of a world-class team, working at the forefront of threat detection and response. We are ideally looking for someone Midlands based who can be on site in Warwickshire … on average. Responsibilities: Provide leadership and mentorship to Analysts and Senior Analysts, fostering a culture of excellence and continuous development. Drive the evolution and enhancement of the Cyber Security Incident Response function, ensuring the team consistently meets and exceeds key performance indicators. Lead investigations and remediation efforts for cyber security incidents and alerts across diverse sources, including network More ❯

Cyber Incident Manager 60,000 - 70,000 + bonus + extensive benefits Full Time/Permanent Hybrid/West Midlands - 1 day a month in the office The Role and Company: I am looking for a driven Cyber Incident Manager to join a large nationally recognised brand head quartered in the West Midlands. As the Cyber Incident Manager you will be responsible for protection of system assets and people from Cyber Security threats. You will work as part of a world class Cyber Security Incident Response Team ensuring that the business is prepared to respond in a coordinated manner to any Cyber Security incidents the organisation may face. We are ideally looking for someone … Midlands based who can be on site in Warwickshire 1 day a month on average. Key Responsibilities: Lead and mentor a small but growing team of Incident Responders. Lead the coordination of incident response efforts related to Cyber Security incidents. Plan and deliver incident readiness activities such as exercises. Facilitate and manage relationships with required stakeholders. More ❯

Cyber Incident Manager £60,000 - £70,000 + bonus + extensive benefits Full Time/Permanent Hybrid/West Midlands - 1 day a month in the office The Role and Company: I am looking for a driven Cyber Incident Manager to join a large nationally recognised brand head quartered in the West Midlands. As the Cyber Incident Manager you will be responsible for protection of system assets and people from Cyber Security threats. You will work as part of a world class Cyber Security Incident Response Team ensuring that the business is prepared to respond in a coordinated manner to any Cyber Security incidents the organisation may face. We are ideally looking for someone … Midlands based who can be on site in Warwickshire 1 day a month on average. Key Responsibilities: Lead and mentor a small but growing team of Incident Responders. Lead the coordination of incident response efforts related to Cyber Security incidents. Plan and deliver incident readiness activities such as exercises. Facilitate and manage relationships with required stakeholders. More ❯

lawyer to advise on and coordinate data protection matters, in particular, to oversee and run the Global Record of Processing Activities (RoPA) Inventory as well as coordinate the Global Incident Response (IR) Process. This involves overseeing a team who are responsible for completing and maintaining EY's Global RoPA and integration of Privacy Impact Assessment (PIA) records and … Third Party Vendor Due Diligence (VDD) data as well as coordinating the work of other resources and EY's Global Delivery Service ("GDS") involved in the Global Incident Response Process. The global data protection team is responsible for the implementation and transformation of EY's privacy compliance program, which include Binding Corporate Rules. The team works closely with … on data protection matters, including both personal data privacy and the protection of client and EY confidential information. The opportunity As the Global Legal Counsel - Data Protection RoPA and Incident Response, you will be responsible for overseeing the Records of Processing Activity (RoPA) process and inventory as well as the management of the Global Incident Response More ❯

Digital Forensics and Incident Response Engineer Location: UK (Multiple locations considered) Permanent A leading cyber response organisation that are recognised as one of the UK's nine Tier 1 incident responders are looking for a Digital Forensics and Incident Response Engineer to join its Cyber Response Services team. This role offers the opportunity … support clients in managing and recovering from cyber security incidents. The role combines strategic coordination with hands-on technical investigation, with a strong emphasis on both digital forensics and incident response. Key Responsibilities Coordinate and lead cyber incident response activities, including participation in an on-call rota. Conduct forensic analysis of digital evidence (eg, disk images, memory … attack methodologies. Support client engagements through reporting, implementation, and issue resolution. Contribute to structured responses for proposals and bids. Required Experience & Skills Demonstrable experience in both digital forensics and incident response . Strong technical background in computing, networking, and Scripting/programming. Broad understanding of cyber threats, attack vectors, and mitigation strategies. Familiarity with forensic and security tools. More ❯

Job Overview: We are seeking a DFIR Analyst to join our team, leveraging their technical expertise and investigative mindset to support forensic investigations and incident response engagements. The ideal candidate will have a methodical approach to problem-solving, ensuring investigations are thoroughly documented and findings are communicated effectively to both technical and non-technical stakeholders. This role requires … EZTools and parsers, and AWS, along with strong technical foundation skills in systems administration and networking. The successful candidate should be comfortable translating forensic requirements and guiding clients through incident triage and response strategies. Key Responsibilities: Conduct digital forensic investigations across endpoint, network, and cloud environments. Perform incident response investigations, working across multiple environments, including on … Azure). Utilise CrowdStrike, Magnet Axiom, X-Ways, and SIFT Workstations to collect and analyse forensic evidence. Develop and script tooling for the task at hand. Support forensic and incident response engagements by documenting findings, writing detailed reports, and delivering presentations to both technical and non-technical stakeholders. Work closely with clients to understand their forensic and security More ❯

Senior Cyber Incident Response InvestigatorFully UK RemoteDV Clearance or eligibility essential£80,000 + OT and On-Call earning £100,000+ Excellent opportunity for a candidate with Incident Response experience, DV Clearance or the ability to obtain it, and extensive experience with cyber forensic tools to join a business offering an entirely remote working position, the … key stakeholders within your client. This is a highly autonomous environment and you'll even set your own hours of work.The ideal candidate will have good experience within Cyber Response and have a wide range of experience with different cyber forensic tools. Candidates must be happy to travel to customer sites a few times a year, must be eligible … a wide and varied client base, remote working opportunities, and the chance to make a real difference to businesses across the UK and Europe! The Role: *Senior-Level Cyber Incident Response Investigator*Fully Remote*Helping businesses deal with real-time cyber-attacks remotely*Occasionally travelling to customer sites*£80,000 base + OT and On-all bumping total More ❯

Senior Cyber Incident Response Investigator Fully UK Remote DV Clearance or eligibility essential £80,000 + OT and On-Call earning £100,000+ Excellent opportunity for a candidate with Incident Response experience, DV Clearance or the ability to obtain it, and extensive experience with cyber forensic tools to join a business offering an entirely remote working … stakeholders within your client. This is a highly autonomous environment and you'll even set your own hours of work. The ideal candidate will have good experience within Cyber Response and have a wide range of experience with different cyber forensic tools. Candidates must be happy to travel to customer sites a few times a year, must be eligible … a wide and varied client base, remote working opportunities, and the chance to make a real difference to businesses across the UK and Europe! The Role: *Senior-Level Cyber Incident Response Investigator *Fully Remote *Helping businesses deal with real-time cyber-attacks remotely *Occasionally travelling to customer sites *£80,000 base + OT and On-all bumping total More ❯

a Senior SOC Analyst to join a growing Security Operations Centre team. This is a hybrid role based in Glasgow, offering the opportunity to take a leading role in incident response and advanced security monitoring within a dynamic environment. As a Senior SOC Analyst, you will take ownership of escalated incidents from L1 and L2 analysts, leading investigations … performing root cause analysis, and guiding appropriate remediation actions. You will play a key role in developing SOC use cases, enhancing monitoring capabilities, and ensuring incident response follows best practice standards. This role combines technical depth, client interaction, and leadership, requiring someone who thrives in a fast-moving environment and is comfortable working with both technical and non … and root cause identification. Monitor and optimise SIEM tools (Splunk, QRadar, or similar), ensuring accurate detection and effective alerting. Perform malware analysis, reverse engineering, and develop detection signatures. Provide incident response leadership, from containment and eradication to recovery. Collaborate with cross-functional teams and external parties (forensics, law enforcement, clients). Stay current on threat intelligence and integrate More ❯

a Senior SOC Analyst to join a growing Security Operations Centre team. This is a hybrid role based in Glasgow, offering the opportunity to take a leading role in incident response and advanced security monitoring within a dynamic environment. As a Senior SOC Analyst, you will take ownership of escalated incidents from L1 and L2 analysts, leading investigations … performing root cause analysis, and guiding appropriate remediation actions. You will play a key role in developing SOC use cases, enhancing monitoring capabilities, and ensuring incident response follows best practice standards. This role combines technical depth, client interaction, and leadership, requiring someone who thrives in a fast-moving environment and is comfortable working with both technical and non … and root cause identification. Monitor and optimise SIEM tools (Splunk, QRadar, or similar), ensuring accurate detection and effective alerting. Perform malware analysis, reverse engineering, and develop detection signatures. Provide incident response leadership, from containment and eradication to recovery. Collaborate with cross-functional teams and external parties (forensics, law enforcement, clients). Stay current on threat intelligence and integrate More ❯

a Senior SOC Analyst to join a growing Security Operations Centre team. This is a hybrid role based in Glasgow, offering the opportunity to take a leading role in incident response and advanced security monitoring within a dynamic environment. As a Senior SOC Analyst, you will take ownership of escalated incidents from L1 and L2 analysts, leading investigations … performing root cause analysis, and guiding appropriate remediation actions. You will play a key role in developing SOC use cases, enhancing monitoring capabilities, and ensuring incident response follows best practice standards. This role combines technical depth, client interaction, and leadership, requiring someone who thrives in a fast-moving environment and is comfortable working with both technical and non … and root cause identification. Monitor and optimise SIEM tools (Splunk, QRadar, or similar), ensuring accurate detection and effective alerting. Perform malware analysis, reverse engineering, and develop detection signatures. Provide incident response leadership, from containment and eradication to recovery. Collaborate with cross-functional teams and external parties (forensics, law enforcement, clients). Stay current on threat intelligence and integrate More ❯