1 to 25 of 342 Permanent Incident Response Jobs in the UK excluding London

global basis, the resilience of operations has become a board level issue. Responsibilities You will provide our clients with a full spectrum of services, covering proactive and reactive Cyber Incident Response (CIR) Services. The proactive arm of our business covers a breadth of propositions, including playbook development, wargaming, readiness assessments, post-breach assessments, managed threat hunting as well … as implementing response automation technologies. Our specialists work with clients to uplift their maturity and fundamentally enhance their preparedness to respond, via targeted capability uplift, C-Suite awareness campaigns and training. Our technical response team support our clients in live incident responses by working to identify root causes and evict threats. Our professionals apply their experience and … award-winning vendor relationships, we can do whatever it takes - from improving the security of a single component to delivering a holistic security and privacy program. As a Cyber Incident Response Advisory and Incident Management Senior Manager or Associate Director, you will focus on developing our business across both proactive and reactive services, whilst leading our advisory More ❯

global basis, the resilience of operations has become a board level issue. Responsibilities You will provide our clients with a full spectrum of services, covering proactive and reactive Cyber Incident Response (CIR) Services. The proactive arm of our business covers a breadth of propositions, including playbook development, wargaming, readiness assessments, post-breach assessments, managed threat hunting as well … as implementing response automation technologies. Our specialists work with clients to uplift their maturity and fundamentally enhance their preparedness to respond, via targeted capability uplift, C-Suite awareness campaigns and training. Our technical response team support our clients in live incident responses by working to identify root causes and evict threats. Our professionals apply their experience and … award-winning vendor relationships, we can do whatever it takes - from improving the security of a single component to delivering a holistic security and privacy program. As a Cyber Incident Response Advisory and Incident Management Senior Manager or Associate Director, you will focus on developing our business across both proactive and reactive services, whilst leading our advisory More ❯

Cyber Incident Response Lead £60,000 - £70,000 + bonus + extensive benefits Full Time/Permanent Hybrid/West Midlands - 1 day a month in the office The Role and Company: I am looking for a driven Cyber Incident Response Lead to join a large nationally recognised brand head quartered in the West Midlands. As … the Cyber Incident Response Lead you will be responsible for protection of system assets and people from Cyber Security threats. You will work as part of a world class Cyber Security Incident Response Team ensuring that the business is prepared to respond in a coordinated manner to any Cyber Security incidents the organisation may face. We … looking for someone Midlands based who can be on site in Warwickshire 1 day a month on average. Key Responsibilities: Lead and mentor a small but growing team of Incident Responders. Lead the coordination of incident response efforts related to Cyber Security incidents. Plan and deliver incident readiness activities such as exercises. Facilitate and manage relationships More ❯

to lead and produce deliverables based on reactive services client engagements. The Principal Consultant will work directly with multiple customers and key stakeholders (Admins, C-Suite, etc) to manage incident response engagements and provide guidance on longer term remediation. Your Impact Weekend Work Schedule is Friday-Monday (10 hr work day/40 hr work week) Perform reactive … incident response functions including but not limited to - host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs) Examine firewall, web, database, and other log sources to identify evidence of malicious activity Investigate data breaches leveraging forensics tools including Encase, FTK, X-Ways, SIFT, Splunk, and custom Crypsis investigation … tools to determine source of compromises and malicious activity that occurred in client environments Manage incident response engagements to scope work, guide clients through forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations Ability to perform travel requirements as needed to meet business demands (on average 20%) Mentorship of team members in incident More ❯

to lead and produce deliverables based on reactive services client engagements. The Principal Consultant will work directly with multiple customers and key stakeholders (Admins, C-Suite, etc) to manage incident response engagements and provide guidance on longer term remediation. Your Impact Weekend Work Schedule is Friday-Monday (10 hr work day/40 hr work week) Perform reactive … incident response functions including but not limited to - host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs) Examine firewall, web, database, and other log sources to identify evidence of malicious activity Investigate data breaches leveraging forensics tools including Encase, FTK, X-Ways, SIFT, Splunk, and custom Crypsis investigation … tools to determine source of compromises and malicious activity that occurred in client environments Manage incident response engagements to scope work, guide clients through forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations Ability to perform travel requirements as needed to meet business demands (on average 20%) Mentorship of team members in incident More ❯

engagements. The Principal Consultant will work directly with multiple customers and key stakeholders (security teams, system and network administrators and owners, C-Suite, etc.) to manage and deliver proactive incident preparedness engagements, as well as wider proactive assessments and services. Your Impact Lead proactive incident preparedness projects, including but not limited to TableTop Exercises (TTX), Incident Response Plans and Response Maturity Assessments Review Crisis Management, Incident Response, Business Continuity and Disaster Recovery Plans, and other relevant documents that support holistic business resilience Plan and deliver a range of TTXs, including writing post exercise reports that provide detailed analysis and recommendations on areas for improvement Manage and contribute incident preparedness and other cyber … security engagements from initial scoping through to delivery Ability to perform travel requirements as needed to meet business demands (on average 20%) Qualifications Your Experience 8+ years of incident preparedness and/or incident response related consulting experience with a passion for cyber security Experience with leading and delivering complicated engagements including scoping, interfacing with the client More ❯

engagements. The Principal Consultant will work directly with multiple customers and key stakeholders (security teams, system and network administrators and owners, C-Suite, etc.) to manage and deliver proactive incident preparedness engagements, as well as wider proactive assessments and services. Your Impact Lead proactive incident preparedness projects, including but not limited to TableTop Exercises (TTX), Incident Response Plans and Response Maturity Assessments Review Crisis Management, Incident Response, Business Continuity and Disaster Recovery Plans, and other relevant documents that support holistic business resilience Plan and deliver a range of TTXs, including writing post exercise reports that provide detailed analysis and recommendations on areas for improvement Manage and contribute incident preparedness and other cyber … security engagements from initial scoping through to delivery Ability to perform travel requirements as needed to meet business demands (on average 20%) Qualifications Your Experience 8+ years of incident preparedness and/or incident response related consulting experience with a passion for cyber security Experience with leading and delivering complicated engagements including scoping, interfacing with the client More ❯

Principal Cyber Security Incident Response Analyst £60,000 - £70,000 Full Time/Permanent West Midlands/Hybrid (1-2 days a month in the office ideally) The Role I am looking for a driven and experienced Principal Cyber Security Incident Response Analyst to join a large nationally recognised brand head quartered in the West Midlands. … As a Principal Cyber Security Incident Response Analyst, you will play a pivotal role in protecting critical systems, assets, and people from cyber security threats. You'll be part of a world-class team, working at the forefront of threat detection and response. We are ideally looking for someone Midlands based who can be on site in Warwickshire … on average. Responsibilities: Provide leadership and mentorship to Analysts and Senior Analysts, fostering a culture of excellence and continuous development. Drive the evolution and enhancement of the Cyber Security Incident Response function, ensuring the team consistently meets and exceeds key performance indicators. Lead investigations and remediation efforts for cyber security incidents and alerts across diverse sources, including network More ❯

Cyber Incident Manager £60,000 - £70,000 + bonus + extensive benefits Full Time/Permanent Hybrid/West Midlands - 1 day a month in the office The Role and Company: I am looking for a driven Cyber Incident Manager to join a large nationally recognised brand head quartered in the West Midlands. As the Cyber Incident Manager you will be responsible for protection of system assets and people from Cyber Security threats. You will work as part of a world class Cyber Security Incident Response Team ensuring that the business is prepared to respond in a coordinated manner to any Cyber Security incidents the organisation may face. We are ideally looking for someone … Midlands based who can be on site in Warwickshire 1 day a month on average. Key Responsibilities: Lead and mentor a small but growing team of Incident Responders. Lead the coordination of incident response efforts related to Cyber Security incidents. Plan and deliver incident readiness activities such as exercises. Facilitate and manage relationships with required stakeholders. More ❯

lawyer to advise on and coordinate data protection matters, in particular, to oversee and run the Global Record of Processing Activities (RoPA) Inventory as well as coordinate the Global Incident Response (IR) Process. This involves overseeing a team who are responsible for completing and maintaining EY's Global RoPA and integration of Privacy Impact Assessment (PIA) records and … Third Party Vendor Due Diligence (VDD) data as well as coordinating the work of other resources and EY's Global Delivery Service ("GDS") involved in the Global Incident Response Process. The global data protection team is responsible for the implementation and transformation of EY's privacy compliance program, which include Binding Corporate Rules. The team works closely with … on data protection matters, including both personal data privacy and the protection of client and EY confidential information. The opportunity As the Global Legal Counsel - Data Protection RoPA and Incident Response, you will be responsible for overseeing the Records of Processing Activity (RoPA) process and inventory as well as the management of the Global Incident Response More ❯

Senior Cyber Incident Response InvestigatorFully UK RemoteDV Clearance or eligibility essential£80,000 + OT and On-Call earning £100,000+ Excellent opportunity for a candidate with Incident Response experience, DV Clearance or the ability to obtain it, and extensive experience with cyber forensic tools to join a business offering an entirely remote working position, the … key stakeholders within your client. This is a highly autonomous environment and you'll even set your own hours of work.The ideal candidate will have good experience within Cyber Response and have a wide range of experience with different cyber forensic tools. Candidates must be happy to travel to customer sites a few times a year, must be eligible … a wide and varied client base, remote working opportunities, and the chance to make a real difference to businesses across the UK and Europe! The Role: *Senior-Level Cyber Incident Response Investigator*Fully Remote*Helping businesses deal with real-time cyber-attacks remotely*Occasionally travelling to customer sites*£80,000 base + OT and On-all bumping total More ❯

a Senior SOC Analyst to join a growing Security Operations Centre team. This is a hybrid role based in Glasgow, offering the opportunity to take a leading role in incident response and advanced security monitoring within a dynamic environment. As a Senior SOC Analyst, you will take ownership of escalated incidents from L1 and L2 analysts, leading investigations … performing root cause analysis, and guiding appropriate remediation actions. You will play a key role in developing SOC use cases, enhancing monitoring capabilities, and ensuring incident response follows best practice standards. This role combines technical depth, client interaction, and leadership, requiring someone who thrives in a fast-moving environment and is comfortable working with both technical and non … and root cause identification. Monitor and optimise SIEM tools (Splunk, QRadar, or similar), ensuring accurate detection and effective alerting. Perform malware analysis, reverse engineering, and develop detection signatures. Provide incident response leadership, from containment and eradication to recovery. Collaborate with cross-functional teams and external parties (forensics, law enforcement, clients). Stay current on threat intelligence and integrate More ❯

a Senior SOC Analyst to join a growing Security Operations Centre team. This is a hybrid role based in Glasgow, offering the opportunity to take a leading role in incident response and advanced security monitoring within a dynamic environment. As a Senior SOC Analyst, you will take ownership of escalated incidents from L1 and L2 analysts, leading investigations … performing root cause analysis, and guiding appropriate remediation actions. You will play a key role in developing SOC use cases, enhancing monitoring capabilities, and ensuring incident response follows best practice standards. This role combines technical depth, client interaction, and leadership, requiring someone who thrives in a fast-moving environment and is comfortable working with both technical and non … and root cause identification. Monitor and optimise SIEM tools (Splunk, QRadar, or similar), ensuring accurate detection and effective alerting. Perform malware analysis, reverse engineering, and develop detection signatures. Provide incident response leadership, from containment and eradication to recovery. Collaborate with cross-functional teams and external parties (forensics, law enforcement, clients). Stay current on threat intelligence and integrate More ❯

a Senior SOC Analyst to join a growing Security Operations Centre team. This is a hybrid role based in Glasgow, offering the opportunity to take a leading role in incident response and advanced security monitoring within a dynamic environment. As a Senior SOC Analyst, you will take ownership of escalated incidents from L1 and L2 analysts, leading investigations … performing root cause analysis, and guiding appropriate remediation actions. You will play a key role in developing SOC use cases, enhancing monitoring capabilities, and ensuring incident response follows best practice standards. This role combines technical depth, client interaction, and leadership, requiring someone who thrives in a fast-moving environment and is comfortable working with both technical and non … and root cause identification. Monitor and optimise SIEM tools (Splunk, QRadar, or similar), ensuring accurate detection and effective alerting. Perform malware analysis, reverse engineering, and develop detection signatures. Provide incident response leadership, from containment and eradication to recovery. Collaborate with cross-functional teams and external parties (forensics, law enforcement, clients). Stay current on threat intelligence and integrate More ❯

a Senior SOC Analyst to join a growing Security Operations Centre team. This is a hybrid role based in Glasgow, offering the opportunity to take a leading role in incident response and advanced security monitoring within a dynamic environment. As a Senior SOC Analyst, you will take ownership of escalated incidents from L1 and L2 analysts, leading investigations … performing root cause analysis, and guiding appropriate remediation actions. You will play a key role in developing SOC use cases, enhancing monitoring capabilities, and ensuring incident response follows best practice standards. This role combines technical depth, client interaction, and leadership, requiring someone who thrives in a fast-moving environment and is comfortable working with both technical and non … and root cause identification. Monitor and optimise SIEM tools (Splunk, QRadar, or similar), ensuring accurate detection and effective alerting. Perform malware analysis, reverse engineering, and develop detection signatures. Provide incident response leadership, from containment and eradication to recovery. Collaborate with cross-functional teams and external parties (forensics, law enforcement, clients). Stay current on threat intelligence and integrate More ❯

We are representing a consultancy that are a leader in the Cyber Security and Incident response space. If you have experience leading the legal aspects of Data Breach case this could be the role for you. This role is open to any of the multiple offices my client has across the UK. The client is looking for a … Principal Associate to support and shape the delivery of expert incident response, digital risk, and cyber advisory services for a broad portfolio of global clients, from tech innovators and major insurers to public sector bodies and emergency services. This award-winning cyber group is uniquely positioned at the intersection of law, digital forensics, and strategic response. With capabilities … that span incident response, regulatory strategy, privacy law, threat intelligence, security controls, and tech litigation, they’re rewriting how legal support is delivered in high-pressure digital environments. What You’ll Be Doing You’ll play a critical role across matters ranging from real-time cyber incidents to regulatory investigations, and ongoing advisory support. Key responsibilities include: Leading More ❯

We are representing a consultancy that are a leader in the Cyber Security and Incident response space. If you have experience leading the legal aspects of Data Breach case this could be the role for you. This role is open to any of the multiple offices my client has across the UK. The client is looking for a … Principal Associate to support and shape the delivery of expert incident response, digital risk, and cyber advisory services for a broad portfolio of global clients, from tech innovators and major insurers to public sector bodies and emergency services. This award-winning cyber group is uniquely positioned at the intersection of law, digital forensics, and strategic response. With capabilities … that span incident response, regulatory strategy, privacy law, threat intelligence, security controls, and tech litigation, they’re rewriting how legal support is delivered in high-pressure digital environments. What You’ll Be Doing You’ll play a critical role across matters ranging from real-time cyber incidents to regulatory investigations, and ongoing advisory support. Key responsibilities include: Leading More ❯

We are representing a consultancy that are a leader in the Cyber Security and Incident response space. If you have experience leading the legal aspects of Data Breach case this could be the role for you. This role is open to any of the multiple offices my client has across the UK. The client is looking for a … Principal Associate to support and shape the delivery of expert incident response, digital risk, and cyber advisory services for a broad portfolio of global clients, from tech innovators and major insurers to public sector bodies and emergency services. This award-winning cyber group is uniquely positioned at the intersection of law, digital forensics, and strategic response. With capabilities … that span incident response, regulatory strategy, privacy law, threat intelligence, security controls, and tech litigation, they’re rewriting how legal support is delivered in high-pressure digital environments. What You’ll Be Doing You’ll play a critical role across matters ranging from real-time cyber incidents to regulatory investigations, and ongoing advisory support. Key responsibilities include: Leading More ❯

Incident Response Analyst Permanent - 52k - 57k + strong benefits Location: Hybrid - South Wales Your new company I am looking to recruit an Incident Response Analyst to join a leader in the utilities space. The business have been investing in their cyber security and IT estate and are continuing to grow and enhance their security posture. The … mitigating threats, at a good time when the company is expanding and investing in its IT and cyber security estate. Working alongside the SOC, the primary responsibility of an incident responder is to rapidly investigate and document cybersecurity incidents within the organisation. Key parts of the role: Monitor and analyse network traffic, system logs, and other data sources to … identify potential security incidents. Investigate alerts and suspicious activity to determine if an incident has occurred. Contain affected systems and networks to prevent the incident from spreading. Implement temporary measures to mitigate the impact of the incident. Work with other teams, such as IT and security operations, to develop and implement a containment strategy. Analyse incident data More ❯

Incident Response Analyst Permanent - £52k - £57k + strong benefits Location: Hybrid - South Wales Your new company I am looking to recruit an Incident Response Analyst to join a leader in the utilities space. The business have been investing in their cyber security and IT estate and are continuing to grow and enhance their security posture. The … mitigating threats, at a good time when the company is expanding and investing in its IT and cyber security estate. Working alongside the SOC, the primary responsibility of an incident responder is to rapidly investigate and document cybersecurity incidents within the organisation. Key parts of the role: Monitor and analyse network traffic, system logs, and other data sources to … identify potential security incidents. Investigate alerts and suspicious activity to determine if an incident has occurred. Contain affected systems and networks to prevent the incident from spreading. Implement temporary measures to mitigate the impact of the incident. Work with other teams, such as IT and security operations, to develop and implement a containment strategy. Analyse incident data More ❯

focused on SIEM development, playbook automation, and threat modelling-delivering proactive defence across cloud and on-prem environments. You'll be instrumental in designing and implementing advanced detection and response strategies, working closely with cross-functional teams and contributing to continual service improvement. Key Responsibilities SIEM Engineering & Management Deploy, configure, and maintain IBM QRadar SIEM platform Onboard and normalize … diverse log sources across hybrid environments Develop and tune analytical rules for threat detection and behavioural analysis Playbook Development & Automation Design incident response playbooks for scenarios including phishing, lateral movement, and data exfiltration Integrate playbooks with SOAR platforms (e.g., Microsoft Logic Apps, XSOAR) Continuously refine automation based on threat intelligence and incident feedback Threat Detection & Response Monitor and investigate security alerts and anomalies Lead incident response activities and collaborate with threat intelligence teams Enrich detection logic with contextual threat data Threat Modelling & Use Case Development Conduct threat modelling using MITRE ATT&CK, STRIDE, or Kill Chain frameworks Translate models into actionable SIEM use cases and detection rules Prioritize engineering efforts based on risk More ❯

Scotland - United Kingdom Type: Permanent Senior SOC Engineer A leading organisation is seeking a Senior SOC Engineer to strengthen its security operations capability and drive continuous improvement across detection, response, and automation. This pivotal role requires deep expertise in IBM QRadar, with a strong focus on playbook development, analytical rule creation, and threat modelling. The Senior SOC Engineer will … play a key role in building and optimising detection and response strategies, ensuring robust protection against evolving threats. Key Responsibilities SIEM Engineering & Management Deploy, configure, and maintain the QRadar SIEM platform. Onboard and normalise log sources across on-premises and cloud environments. Develop and optimise analytical rules for threat detection, anomaly detection, and behavioural analysis. Playbook Development & Automation Design … and implement incident response playbooks for scenarios such as phishing, lateral movement, and data exfiltration. Integrate playbooks with SOAR platforms (e.g., Microsoft Logic Apps, XSOAR) to streamline triage and automate response. Refine playbooks based on threat intelligence and incident insights. Threat Detection & Response Monitor and analyse security alerts and events to identify potential threats. Conduct investigations More ❯

the identification, assessment, mitigation, and monitoring of risks across all systems and operations. Policy and Governance: Support and oversee the creation and enforcement of security policies, standards, and procedures. Incident Response: Develop, implement, and manage the security incident response plan. Leadership: Provide strong leadership and mentorship to the governance, risk, and compliance team. Essential Requirements: Extensive … processes, along with secure system architecture principles. Risk management: Demonstrated expertise in developing, implementing, and managing information security risk management frameworks, including risk assessment methodologies (eg OCTAVE, FAIR). Incident response: Proven track record in developing, leading, and managing security incident response plans, including experience with major incident handling and communication with regulatory bodies (eg More ❯

the identification, assessment, mitigation, and monitoring of risks across all systems and operations. Policy and Governance: Support and oversee the creation and enforcement of security policies, standards, and procedures. Incident Response: Develop, implement, and manage the security incident response plan. Leadership: Provide strong leadership and mentorship to the governance, risk, and compliance team. Essential Requirements: Extensive … processes, along with secure system architecture principles. Risk management: Demonstrated expertise in developing, implementing, and managing information security risk management frameworks, including risk assessment methodologies (eg OCTAVE, FAIR). Incident response: Proven track record in developing, leading, and managing security incident response plans, including experience with major incident handling and communication with regulatory bodies (eg More ❯

About the Role: We are seeking an experienced Incident Response Analyst for an established utilities business in Newport. This position plays a crucial part in enhancing the cyber resilience of the business by providing actionable insights, informing decision-making, and proactively contributing to mitigating potential threats. The success candidate will collaborate with various teams, both internal and external … to ensure a comprehensive understanding of the threat landscape and response to any incidents. Working within the security operations centre (SOC), the primary responsibility is to rapidly investigate and document cybersecurity incidents within the organisation. Key Responsibilities: (not limited to) Monitor and analyse network traffic, system logs, and other data sources to identify potential security incidents. Investigate alerts and … suspicious activity to determine if an incident has occurred. Contain affected systems and networks to prevent the incident from spreading. Implement temporary measures to mitigate the impact of the incident. Work with other teams, such as IT and security operations, to develop and implement a containment strategy. Analyse incident data to determine the root cause of the More ❯