1 to 25 of 99 Incident Response Jobs in Central London

Head of Security to join them on a permanent basis. You will help to establish and lead local security operations capability across European offices, providing strategic technical leadership in incident response, cyber threat visibility, and security resilience. This role will bridge the gap between our centralized corporate security services and regional business needs. Key Responsibilities Incident Response & Security Operations Lead and mature security incident response capabilities across the organisation Oversee incident investigations, alert triage, and threat hunting activities Develop and execute tabletop exercises and incident response playbooks Provide expert technical guidance during security incidents and recovery efforts Build real-time visibility into organisational cyber telemetry and security posture Leadership & Team Management … tools, processes, and procedures Ensure appropriate balance between local autonomy and corporate alignment Contribute to broader security strategy and roadmap development Essential Requirements Technical Expertise Demonstrable expertise in security incident investigation, detection, response, and recovery (NIST/NIS2 frameworks) Strong foundation in security operations, but with strategic vision beyond SOC alert handling Experience with security telemetry, SIEM platforms More ❯

role, you will: Act as the primary escalation point for complex IT and cybersecurity incidents. Manage and secure core client infrastructure and cloud environments. Ensure centralised security, monitoring, and incident response platforms operate effectively. You will collaborate closely with our Service Desk, Projects and Account Management teams to maintain high standards of service, document solutions and mentor junior … and maintain security hardening across infrastructure, cloud services, endpoints, and networks, in alignment with best practices and frameworks such as ISO27001, NIST, and Cyber Essentials Plus. Lead and coordinate incident response efforts, including root cause analysis, threat containment and post-incident reporting for clients. Collaborate with the Project and Service Desk teams to embed security into deployments … upgrades, and automation workflows, ensuring systems remain secure by design. Maintain and improve Standard Operating Procedures (SOPs) for security operations, ensuring knowledge is shared across the team for rapid incident handling. Provide mentorship and cybersecurity guidance to junior engineers and Service Desk staff, fostering a culture of security awareness and proactive threat management. Perform ongoing threat intelligence monitoring and More ❯

Senior Incident Responder (DFIR) 🚨 Location: Hybrid (UK-based) Job Type: Full-time Salary: Competitive + up to 20% annual bonus Are you a seasoned DFIR professional with a passion for digital forensics and incident response? Do you thrive in high-pressure environments and want to make a real impact in protecting one of the UK’s largest … retailers? If so, Tesco Technology wants you on our team. We’re looking for a Senior Incident Responder to join our cutting-edge Digital Forensics and Incident Response (DFIR) team. You’ll play a pivotal role in investigating and responding to complex security threats across our global estate, working alongside our security operations, threat intelligence, and engineering … teams. What You’ll Be Doing 🕵️ Lead Investigations : Conduct host, network, and cloud-based forensic analysis to uncover the full scope of security incidents. 🛡️ Incident Handling : Support incident managers with root cause analysis and recommend detection and prevention strategies. ⚙️ Drive Innovation : Improve and automate DFIR workflows, collaborating across teams to enhance our security capabilities. 🔍 Threat Hunting : Lead intelligence More ❯

days in London office The Role As SecOps Lead , you will act as the main liaison between internal security, engineering, and IT teams, and an external Managed Detection and Response (MDR) partner. You’ll oversee incident management, enhance detection and response processes, and strengthen the company’s overall security posture. Key Responsibilities Serve as the primary contact … for the MDR partner, managing the relationship, conducting service reviews, and ensuring SLAs are consistently met. Lead incident response efforts during security events — coordinating across teams to achieve fast containment and recovery. Review and fine-tune security alerts with the MDR provider, reducing false positives and improving detection accuracy. Develop and monitor MDR performance metrics (KPIs) , presenting insights … and trends to senior leadership. Maintain and evolve the security incident response plan (IRP) and playbooks in collaboration with the MDR provider. Translate technical security risks into actionable business recommendations for stakeholders at all levels. Contribute to broader cybersecurity initiatives , including vulnerability management, cloud security, data protection, and governance, risk & compliance (GRC). Requirements In-depth understanding of More ❯

Responsibilities will include: Monitor, analyze, and respond to security events and incidents using SIEM and other security tools. Develop and maintain detection rules, playbooks, and automation scripts to improve incident response efficiency. Perform threat hunting and forensic investigations across IT environment. Collaborate with infrastructure and application teams to ensure secure configurations and compliance. Maintain and improve endpoint protection … intrusion detection/prevention systems. Document incident response procedures and contribute to post-incident reviews. Create network diagrams and as-built documents. Develop and maintain a strong partnership with relevant global businesses and technical leaders and teams, including 3rd parties and affiliate businesses. Stay current with emerging threats, vulnerabilities, and security technologies. Qualifications and Skills: Education Bachelor More ❯

across CI/CD pipelines using tools like GitHub Actions , Terraform , and Argo CD for seamless and secure deployments. Enhance observability using Prometheus , Grafana , Datadog , and CloudWatch , enabling proactive incident prevention. Own incident management and post-mortem practices — guiding the team through challenges calmly and driving meaningful improvement. Collaborate with global engineering and product teams to align architectural … standards and deliver strategic initiatives. Embed regulatory and operational resilience requirements (GDPR, PCI-DSS, Outsourcing, Incident Response) into every layer of delivery. Mentor and coach engineers to build a strong, reliable, and forward-looking backend function. What You’ll Bring 10+ years of experience in software engineering , SRE , or cloud platform design , ideally within banking, fintech, or e … and CI/CD automation (GitHub Actions, Jenkins, Harness). Familiarity with messaging, caching, and database systems — Kafka, Redis, MongoDB, Cassandra, PostgreSQL. Hands-on experience in monitoring, observability, and incident response frameworks using modern tooling. Strong leadership, mentoring, and stakeholder management skills — able to scale teams, set OKRs, and foster engineering excellence. An ability to remain composed, analytical More ❯

identity governance and access controls. Define and enforce security and identity policies across cloud platforms. (AWS, Azure, GCP) Document system configurations, standards, and procedures in a centralized location. Support Incident Response on security incidents globally, including contributing to table-top security incident exercises. Advise project teams, application owners, infrastructure services, and other digital Information Technology teams on … including 3rd parties and affiliate businesses. Monitoring, collecting, analyzing and reporting of security metrics and indicators to ensure the proper operations of our regional systems and services. Regional security incident response and management point of contact and drive incident postmortems to find the root cause and track action items to completion. Experience working with Service Management, Incident More ❯

secure network architecture and enforce segmentation and least-privilege access controls. Support secure cloud environments across Azure, AWS, or GCP (e.g., IAM, security groups, encryption, KMS). Threat Detection & Incident Response Monitor and analyze security alerts and network traffic for threats or suspicious activity. Lead or support incident response activities: investigation, containment, eradication, recovery, and reporting. More ❯

Security Orchestration, Automation & Response (SOAR) Engineer | Palo Alto Cortex XSOAR, Python, Rest API's, Linux & Windows | Up to £1000 Inside | 2 Days p/week in London We are seeking an experienced Security Orchestration, Automation & Response (SOAR) Engineer to strengthen cyber threat detection and automation capabilities within a leading financial organisation. This role combines hands-on technical expertise … with strategic security automation and orchestration across modern platforms. You will work closely with detection, response, and engineering teams to design, build, and optimise security workflows — enabling faster, more effective incident response and reducing manual effort through automation. Key Responsibilities: Develop and enhance security detections and automations across SOAR platforms (ideally Palo Alto Cortex XSOAR) Create and … maintain playbooks and integrations to improve incident response and operational efficiency Collaborate across teams to improve detection coverage and response workflows Monitor emerging threats and translate attacker TTPs into actionable detections and automated mitigations Key Skills & Experience: Hands-on experience with Palo Alto Cortex XSOAR or other SOAR platforms Strong knowledge of threat detection and response More ❯

Analysis of data collected from established Data Loss Prevention system(s) and methods to ensure compliance with Firm policies * Manages DLP systems and processes as required * Maintains and coordinates incident response planning, assisting in execution of the incident response plan as needed * Controls access to the Firm's Information Systems and related security configuration Key Skills … Excellent knowledge of a network/firewall security preferred * Good knowledge of Disaster Recovery preferred * Strong technical knowledge of cloud environments such as Azure/O365 * Familiarity with DLP incident handling, remediation, and reporting * Proficiency in Microsoft Office products * Experience in securing AI-driven systems and leveraging AI tools. * Familiar with Microsoft Defender for Endpoint, Thales, CrowdStrike Falcon and More ❯

security posture , addressing vulnerabilities and implementing intrusion detection/prevention systems. Ensure ongoing compliance with ISO 27001, PCI-DSS , and other relevant regulatory standards. Drive a proactive approach to incident response, monitoring, and continuous threat detection . Oversee audit readiness and maintain comprehensive network documentation and asset inventories. People & Stakeholder Leadership Build, develop, and mentor a high-performing … WAN, firewalls, and network segmentation. Experience managing Cisco and Juniper network technologies, including Cisco IOS/NX-OS and JunOS platforms. Strong background in network monitoring, capacity management, and incident response . Hands-on experience with network security frameworks , firewall configuration (Cisco ASA, Palo Alto, Fortinet, etc.) , and telephony (SIP/VoIP) systems. Familiarity with cloud and hybrid More ❯

tailored to SMB/MSP needs. Service delivery leadership: Define and enforce service delivery frameworks, SLAs, and operational playbooks; ensure seamless transition from presales to delivery; oversee service continuity, incident management, change control, and problem management. Platform and technology scope: Digital workplace services (end-user devices, collaboration tools, unified communications, remote/mobile workforce enablement); infrastructure and network (LAN … WAN, data-center design, virtualization, storage, backup); cloud and datacenter (IaaS/PaaS, public, private, hybrid architectures; migration and modernization); cybersecurity (identity, endpoints, network, identity & access management, threat detection, incident response); application support and managed services for critical business applications. Security and compliance: Build security-by-design into solution proposals; incorporate best practices for data protection, vulnerability management … WAN, SD-WAN), cloud connectivity. Cloud and Datacenter: IaaS/PaaS migrations, cloud governance, hybrid architectures, cloud security. Cybersecurity: threat prevention/detection, IAM, endpoint protection, SOC-oriented operations, incident response planning. Solution architecture and proposal skills: ability to translate business needs into standardized reference architectures, bill of materials, and delivery plans; fluent in cost models and ROI More ❯

CIS and ISO 27001 frameworks • Advising clients on identity, access management, encryption, monitoring and network security • Leading workshops to define cloud security strategy, governance models and control frameworks • Supporting incident response and remediation activities related to cloud environments • Collaborating with SOC and Engineering teams to strengthen detection, telemetry and visibility • Providing compliance guidance aligned to ISO 27001, NIST … of Azure and AWS security services, controls and architecture design • Proven experience delivering cloud security assessments and secure cloud solution design • Strong knowledge of IAM, networking, encryption, monitoring and incident response in cloud environments • Familiarity with Microsoft Defender for Cloud, AWS Security Hub, GuardDuty and other native tools • Experience applying frameworks such as NIST, CIS Benchmarks, ISO More ❯

inclusive employers in the UK. The Head of Information and Cyber Security will design, develop, and coordinate all aspects of the Information Security strategy, encompassing governance and risk management, incident response, and disaster recovery. The Head of Information and Cyber Security will manage a multitude of third-party partnerships from the SOC, to vulnerability management, to patching, and … NIST. Oversee a small internal team (2 privacy/GDPR specialists). Manage all external 3rd party security contracts/relationships -SOC, vulnerability management, patching, and firewall operations. Oversee incident response, risk mitigation, and disaster recovery planning. Support delivery of Cyber Essentials Plus accreditation. Present cyber and data risks at risk, audit, and board level. Champion security awareness More ❯

Design and maintain secure authentication and authorization frameworks. Manage security risks, incidents, and DLP (Data Loss Prevention) processes. Implement and enhance cloud security (Azure, Microsoft 365, iManage). Lead incident response, risk assessments, and compliance reviews. Collaborate globally to embed security best practices. Support policy development, security awareness, and business continuity. Skills & Experience 5+ years' experience in Information … Security. Strong technical knowledge of networking, authentication, and cloud (Azure/O365). Experience with DLP, incident response, and ISO 27002 standards. Familiarity with tools such as Microsoft Defender, CrowdStrike, CyberArk, Rapid7, or Palo Alto. CISSP or CEH certification preferred. Excellent communication, problem-solving, and stakeholder management skills. Additional Details Standard hours: 9:00am-5:00pm with on More ❯

Overview You’ll be operating within a compact, high-performing capital markets environment , taking full ownership of the SOC function and acting as the internal escalation point for all incident response and forensic activity. Reporting to the Deputy CISO, this role is ideal for a hands-on SOC leader who can balance strategic oversight with day-to-day … technical execution. You’ll manage the external SOC supplier, maintain visibility across tooling and detections, and drive continual improvements in incident management, monitoring, and response. Key Skills & Experience Proven experience leading or managing a SOC function within capital markets, FinTech, or smaller financial services environments. Strong technical experience with CrowdStrike and Elastic SIEM . Skilled across the Microsoft … Security Stack (Defender, Sentinel, Entra). Hands-on capability in incident response, threat hunting, and digital forensics . Demonstrated experience managing outsourced SOC providers and maintaining performance SLAs. Strong communication and stakeholder management with senior technology and security leadership. All candidates must complete standard screening (Right to Work, DBS, credit/sanctions, employment verification). This is an More ❯

detecting, analyzing, and mitigating malware threats to safeguard organisational systems and data. By conducting advanced static and dynamic malware analysis, the role provides critical insights into emerging threats, supports incident response activities, and enhances detection capabilities through tool and signature development. Together with colleagues spanning almost all time zones, you will help to make our clients safer and … support to the wider organisation will be critical in the development of NCC Group’s Threat Intelligence capabilities and the broader service we offer. Key Accountabilities: Malware Analysis and Response: Conduct in-depth static and dynamic analysis of new and emerging malware threats, identifying potential risks and novel attack vectors. Provide detailed analysis of malware samples as part of … Digital Forensics and Incident Response (DFIR) investigations. Respond to Requests for Information (RFIs) related to malware and binary analysis from internal and external teams. Stay up-to-date with ongoing malware campaigns and techniques, providing insight into emerging or high-impact threats. Documentation and Reporting: Document and report on the behaviour, techniques, tactics, and procedures (TTPs) used by More ❯

Ability to demonstrate any IRM solution and SecOps solutions as and when needed. Knowledge of various modules like Policy Mgmt. Compliance & Audit Mgmt., Vendor Mgmt., Business Continuity Management, Vulnerability Response, Incident Response, Security Dashboard on ServiceNow IRM platform Assess as-is IRM processes for maturity and automation on ServiceNow platform Knowledge of Advance risk management and continuous More ❯

maintain automated tools to support system deployments, monitoring, alerting, and operational workflows. Monitor health of trading systems with a goal of proactive failure prevention. Take ownership of, and improve incident response, root cause analysis, and blameless post-mortems. Partner with developers to build scalable, testable, and efficient deployment pipelines. Collaborate with trading, operations, and quant teams, as well … Experience Required: 3+ years’ experience in a production-facing engineering or reliability role within financial services or another high-availability technology environment. Strong track record in automation, monitoring, and incident response for distributed or mission-critical systems. Proficiency in scripting and systems programming. Hands-on experience with configuration management, containerisation, and orchestration tools. Tech Stack + Tools: Programming More ❯

Data Protection Impact Assessments (DPIAs) for high-risk processing activities. Managing third-party vendor data protection risk, from initial due diligence through to ongoing monitoring. Overseeing personal data breach incident response, ensuring timely containment, investigation, and reporting. Monitoring and maintaining data retention processes, ensuring compliance with legal, regulatory, and business requirements. This role offers the opportunity to work … in data protection and privacy compliance (e.g. GDPR or equivalent frameworks). Strong understanding of data protection risk assessment and mitigation processes. Proven experience in data breach management and incident response coordination. Desirable Skills and Attributes Collaboratively curious — keen to engage with colleagues to find pragmatic, compliant solutions. Trustworthy and ethically minded, with a strong sense of responsibility. More ❯

/Scaleup in London who are challenging the status quo when it comes to traditional insurance broking are looking to grow their team with Senior Consultants that have impressive Incident Response experience. The founders have the proven ability of growing start ups and seeing them through to IPO, and are using their capital from their last exit to More ❯

RCA sessions Maintain the Known Error Database and implement preventative measures Drive continual service improvement based on insights and trends Act as primary coordinator for major incidents and lead incident response Facilitate incident bridges, ensuring timely resolution and effective communication Conduct Post-Incident Reviews and ensure follow-up actions are tracked Monitor incident trends and … to services Key Experience & Skills Required Proven experience in IT Service Management, ideally within legal or large enterprise Strong knowledge of ITIL v4 (Foundation certificate essential) Familiarity with Problem, Incident & Change Management best practices Hands-on experience using ITSM tools (e.g. ServiceNow, BMC Remedy, Cherwell) Excellent analytical, communication, and stakeholder engagement skills Calm under pressure, highly organised, and confident More ❯

broad range of ServiceNow modules, including but not limited to: Integrated Risk Management (IRM): Policy Management, Compliance & Audit Management, Vendor Risk Management, Business Continuity Management. Security Operations (SecOps): Vulnerability Response, Security Incident Response, Security Dashboards. IT Service Management (ITSM). IT Operations Management (ITOM). Customer Service Management (CSM). Integration Design: Design and oversee the implementation More ❯

broad range of ServiceNow modules, including but not limited to: Integrated Risk Management (IRM): Policy Management, Compliance & Audit Management, Vendor Risk Management, Business Continuity Management. Security Operations (SecOps): Vulnerability Response, Security Incident Response, Security Dashboards. IT Service Management (ITSM). IT Operations Management (ITOM). Customer Service Management (CSM). Integration Design: Design and oversee the implementation More ❯

reduce residual risk across diverse technical environments. Stay current with emerging threats, regulatory changes, and industry best practices in risk management, compensating controls, and evolving enterprise technologies. Assist with incident response planning and post-incident risk evaluation, leveraging broad technical knowledge to assess impacts and recommend improvements. Qualifications/Skills Required Demonstrated experience working with information technology More ❯