1 to 25 of 242 Permanent Incident Response Jobs in the UK excluding London

Cyber Services and Capabilities Employment Type: Full Time Location: GBR Manchester Hardman Boulevard Role Purpose: To manage and service NCC Group clients within the Incident Response space. The Managing Consultant plays a critical role within the DFIR team of experienced consultants, delivering high‐quality incident response and proactive services to clients. The role involves leading and contributing to detailed technical analysis, managing incident response activities, and ensuring effective communication and coordination throughout an engagement. With a strong focus on technically supporting clients during live incidents, the Managing Consultant is also expected to contribute ...

Security Incident Response Manager (Cyber Threat) - Global financial services company - Full time permanent role - Salary up to £110,000 plus bonus. Hybrid working (twice a week in the London office) A large global financial services firm is looking for an Incident Response Manager within its cyber … point once a month for weekends) - Deliver on information security projects - Ensuring services provided meet the business requirements To be considered suitable for this Incident Response Manager role you will need the following skills and experience: - Experience in a technical cyber/incident response role - Previous ...

play a critical role in strengthening and maturing Reapit’s cloud security posture. Your work will span hands on security engineering, deep incident response, proactive threat detection, and collaboration with global teams. Design, implement, and enhance secure Cloud infrastructure, services, and applications in collaboration with DevOps teams. Conduct … detail and high quality documentation. Work in a self managing, proactive manner — anticipating security needs, identifying gaps, and driving improvements without close supervision. Incident Response & Threat Detection Respond to SOC alerts. Working with our outsourced SOC, Lead and participate in global incident response activities, including investigation ...

Title Level 3 Security Analyst – Incident Response & Vulnerability Management Department Service Delivery/Security Reporting To Security Lead/Service Delivery Manager Operates under the direction of the Incident Manager during security incidents Location UK (Hybrid) Office in Cardiff 1-2 days per week, regular client site … travel. Working Pattern Monday to Friday with participation in the on-call Security and Major Incident rota as required Role Purpose The Level 3 Security Analyst is responsible for the technical investigation, containment, remediation, and resolution of IT security incidents and vulnerabilities across a complex, multi-site customer estate ...

energy operations within a Critical National Infrastructure (CNI) environment. This role is responsible for real-time security monitoring, alert triage, investigation, and early-stage incident response. You will work with industry-standard security monitoring and incident/event management platforms to identify suspicious activity, validate alerts, and escalate … helping tune detections, and strengthening operational procedures and documentation. Key Responsibilities Monitoring and Triage Monitor security events and alerts using industry-standard SIEM and incident/event management platforms (e.g., Elastic, Microsoft Sentinel, Splunk). Perform rapid triage to determine alert validity, severity, scope, and potential business or operational ...

supportive and collaborative environment with ongoing opportunities to develop your technical expertise and progress your career within cyber security. Key Responsibilities Security Monitoring & Incident Response Monitor alerts and telemetry across endpoints, identities, email, and cloud services using Rapid7 SIEM, Microsoft Defender, and Sophos Antivirus. Investigate cyber security incidents … including malware infections, phishing attacks, identity compromise, and unauthorised access attempts. Conduct incident triage, root cause analysis, containment, remediation, and recovery activities. Lead or support incident response activities in line with internal procedures and security standards. Escalate major incidents appropriately and provide timely updates to stakeholders. Threat ...

Department: Cyber Services and Capabilities Employment Type: Full Time Location: NLD Rijswijk To manage and service NCC Group clients within the Digital Forensics and Incident Response space. The Principal DFIR Consultant plays a pivotal role within the team of seasoned analysts, actively participating in the analysis and response … collaboration, clear communication, and efficient workflow throughout technical engagements. Responding to emergency incidents, including mitigation and remediation activities. Maintaining composure and effectiveness in client incident‐management scenarios. Providing clients with high‐quality technical investigations. Collaborating in the identification, resolution, and documentation of security incidents. Conducting intelligence‐driven investigative analysis. ...

environment and you will have on-going opportunities to develop your technical skills and grow within cyber security What you will do: Security Monitoring & Incident Response Actively monitor alerts and telemetry across endpoints, identities, email, and cloud services using Rapid7 SIEM, Microsoft Defender, and Sophos AV. Investigate suspected … malware infections, phishing campaigns, identity compromise, and unauthorised access attempts. Perform triage, root cause analysis, containment, and remediation of security incidents. Lead or support incident response activities in line with internal policies and procedures. Escalate significant incidents appropriately and provide clear, timely updates to stakeholders. Threat Detection & Prevention ...

high-security operational environment supporting mission-critical systems. This is an exciting opportunity for a skilled Tier 2/3 SOC professional with strong incident response and SIEM expertise to work within a fast-paced enterprise Security Operations Centre. The successful candidate will be responsible for monitoring … analysing security events in real time, investigating incidents, and supporting the continuous improvement of detection and response capabilities. Key Responsibilities Monitor and analyse security events within an enterprise SOC environment Perform real-time alert triage and incident investigation Determine incident scope, priority, impact, and remediation actions Manage ...

capability across a modern hybrid estate.This is a hands-on leadership role where you'll combine technical depth with stakeholder engagement, driving security operations, incident response, and continuous improvement across infrastructure, cloud, and workplace environments. The Role You'll take ownership of cybersecurity operations, leading a small engineering … team and working closely with an outsourced SOC/MSSP to ensure robust monitoring, response, and continuous improvement. Responsibilities Leading technical incident response (containment, eradication, recovery) and post-incident analysis Owning and improving security controls across endpoints, identity, networks, and cloud platforms Driving vulnerability management, patching ...

fully remote and allows you to work from anywhere within Northern Ireland. How you’ll make an impact Lead improvements in detection and response capabilities, continuously optimizing monitoring, alerting, and incident response processes. Mentor junior and mid‐level engineers, setting a high standard in security practices … decisions. Lead automation and process optimization efforts by developing scripts and tools to automate repetitive security tasks as well as to enhance detection and response capabilities through the use of automation and integration of security tools. What will set you up for success Bachelor's degree in Computer Science ...

incidents and mangment of the SOC Analysts. This is a critical leadership role, responsible for protecting the organisation against real-time cyber threats, driving incident response, and ensuring resilience across a complex technology estate. Our client is offering a 6 month rolling contract, paying … high-impact opportunity to shape cyber strategy at an enterprise level, working closely with senior stakeholders and external agencies to strengthen security posture and response capability. You will play a key role in building and evolving the CSOC capability, operating within a highly visible and business-critical function, with ...

threat landscape. This is a high-impact position where you'll lead the security operations function end-to-end, driving improvements across threat detection, incident response, and overall security posture within a complex, evolving environment. The Role You'll take ownership of security operations, ensuring the business … capability. Key responsibilities include: Leading the day-to-day operations of the Security Operations function, including oversight of any outsourced SOC Managing the full incident response lifecycle (detection through to recovery and post-incident review) Overseeing threat detection, vulnerability management, and cyber defence capabilities Driving improvements across ...

evolve the position based on their strengths and expertise. The successful candidate will play a key role in strengthening security posture through SIEM ownership, incident response, and system hardening, directly contributing to Europe's technological sovereignty. The Role The IT Security Specialist will: Design, build, and operate … centralised SIEM platform to aggregate and analyse security logs across infrastructure, networks, and applications Own security log analysis, vulnerability management, and incident investigation, including defining baselines and developing alerting rules for critical events Lead incident response efforts, using log correlation and analysis to investigate and resolve security ...

strengthening and evolving their cyber defence capability. This is a high-impact leadership role where you'll own security operations end-to-end , lead incident response, and work closely with the CISO to drive continuous improvement across a mature but evolving cyber function. What you'll be doing … Leading and developing a Cyber Security Operations team Acting as incident commander during cyber events and investigations Maturing SOC, CSIRT and incident response capabilities Driving threat hunting, detection and monitoring improvements Owning vulnerability management and pen test governance Ensuring alignment with ISO27001, NIST, GDPR and regulatory expectations ...

operations. This is a technical role suited to an experienced analyst with strong engineering instincts, hands-on coding capabilities, and a deep understanding of incident response, detection engineering, and adversary tradecraft. This position includes approximately one week per month of on-call availability for high-priority incident … ideal for someone who has likely grown from an engineering background and can write scripts (Python, Bash) to automate, enhance, and refine detection and response workflows. Experience with Splunk, SIEM operations, cloud endpoints, networks, and detection engineering will be highly advantageous. NOTE: Candidates for this role must be eligible ...

business performance. Based in Hertfordshire (hybrid), you'll lead end-to-end service management across IT, logistics, fulfilment, and customer operations - owning major incident response, service performance, and continuous improvement at scale. Key responsibilities Lead end-to-end IT service management (incident, problem, change, release, configuration) aligned … ITIL 4 Own major incident management (P1/P2), acting as the senior escalation point with clear executive communication Drive root cause analysis and continuous improvement using service metrics (MTTR, trends, backlog) Oversee IT service delivery, 24/7 support operations, and ITSM tooling Coordinate cyber incident response ...

devices. Provide hands-on technical leadership during rollout, configuration, and troubleshooting phases. Develop endpoint protection standards, policies, and security baselines. Collaborate with SOC, Incident Response, and IT Operations teams to enhance detection and response capabilities. Tune Falcon policies, detection rules, prevention strategies, and reporting dashboards. Provide technical … mentorship to engineering and security operations teams. Support threat hunting and incident investigations leveraging EDR telemetry. Ensure compliance with enterprise security policies and regulatory standards. Required Experience Strong background in Endpoint Security & Antimalware technologies . McAfee Endpoint Certified professional. Completed CrowdStrike Falcon training and pursuing Falcon certification. Proven experience ...

security operations tooling (SIEM, DLP, IAM, endpoint protection) to safeguard systems and data Develop, implement, and monitor KPIs and dashboards to measure detection effectiveness, incident response performance, data protection posture, and compliance Own and support Microsoft Purview capabilities including Information Protection, Data Loss Prevention, Data Lifecycle Management … risk, compliance, data governance, and IT teams to maintain robust security controls, support audit readiness, and strengthen operational resilience Support and participate in security incident response and investigations, ensuring rapid containment, remediation, and recovery. What we are looking for in our ideal Security Operations Engineer : Proven experience ...

security alerts, intrusions, and unauthorised activity Responding to incidents in line with defined SOC playbooks Escalating complex or high-risk incidents to Tier 2 Incident Response teams Reviewing vulnerability scan results and feeding findings back to technical teams Supporting secure configuration reviews and remediation activities Producing regular service … Junior SOC Analyst essential skills A qualification in Cyber Security, Computer Science, Networking, or a related technical discipline Strong interest in cyber security and incident response Understanding of core security concepts and common cyber threats Ability to follow processes, investigate alerts, and document findings clearly Willingness to work ...

Group plc is seeking a DFIR Managing Consultant to lead incident response engagements and manage a team of DFIR consultants. The role requires extensive experience in incident response and digital forensics, providing critical guidance during complex situations. Key responsibilities include coordinating teams, delivering thorough investigations ...

security alerts, intrusions, and unauthorised activity Responding to incidents in line with defined SOC playbooks Escalating complex or high-risk incidents to Tier 2 Incident Response teams Reviewing vulnerability scan results and feeding findings back to technical teams Supporting secure configuration reviews and remediation activities Producing regular service … Junior SOC Analyst essential skills A qualification in Cyber Security, Computer Science, Networking, or a related technical discipline Strong interest in cyber security and incident response Understanding of core security concepts and common cyber threats Ability to follow processes, investigate alerts, and document findings clearly Willingness to work ...

Group is seeking a DFIR Managing Consultant in Manchester to lead incident response engagements. The role involves managing a team of skilled consultants, providing hands-on support during cyber incidents, and ensuring effective communication. Candidates should have extensive experience in incident response and digital forensics, strong ...

control systems remain secure, compliant and operationally robust. You'll work closely with engineers, cybersecurity specialists, and external partners to monitor OT environments, support incident response, maintain asset and patch records, and contribute to risk, compliance and audit activities. The role also supports the ongoing improvement … safe, secure and continuous delivery of energy to millions. Location: UK-based hybrid role, Occasional travel to site. Day to day Support OT cybersecurity incident response, including investigation, evidence gathering, containment, remediation, and technical actions such as system isolation and patching, under CSIRT and GSOC guidance. Operate ...

Group plc is seeking an Executive Principal Consultant to manage and service clients within the Digital Forensics and Incident Response space. The role involves leading a team in analyzing and responding to security incidents, conducting high-quality investigations, and mentoring team members. Candidates should have strong technical expertise … incident response, several years' experience in Digital Forensics, and the ability to communicate technical findings to non-technical audiences. The position provides full-time employment based in the United Kingdom. #J-18808-Ljbffr ...