1 to 25 of 95 Incident Response Jobs in Central London

Cyber Security Analyst - Incident Response London - Hybrid | Up to £65,000 + benefits A global specialist insurer is building out its internal cyber defence capability and is seeking an experienced analyst to strengthen its Security Operations Centre. You'll join a collaborative team focused on both proactive threat hunting and live incident response, protecting a complex … international estate. This position suits someone who has started their career in a SOC environment and now works primarily in incident and threat response. The role Lead investigations into live security incidents including malware, phishing, and endpoint compromise Perform root cause analysis, containment, and recovery actions Tune detection rules and develop new use cases to improve response times … Utilise Microsoft Defender, Sentinel, and Azure Security tools to detect and respond to threats Conduct post-incident reviews and recommend long-term prevention strategies Collaborate with infrastructure and security teams to harden systems and processes Experience required Minimum 2 years in a SOC environment followed by recent hands-on incident response experience Strong working knowledge of SIEM More ❯

Head of Security to join them on a permanent basis. You will help to establish and lead local security operations capability across European offices, providing strategic technical leadership in incident response, cyber threat visibility, and security resilience. This role will bridge the gap between our centralized corporate security services and regional business needs. Key Responsibilities Incident Response & Security Operations Lead and mature security incident response capabilities across the organisation Oversee incident investigations, alert triage, and threat hunting activities Develop and execute tabletop exercises and incident response playbooks Provide expert technical guidance during security incidents and recovery efforts Build real-time visibility into organisational cyber telemetry and security posture Leadership & Team Management … tools, processes, and procedures Ensure appropriate balance between local autonomy and corporate alignment Contribute to broader security strategy and roadmap development Essential Requirements Technical Expertise Demonstrable expertise in security incident investigation, detection, response, and recovery (NIST/NIS2 frameworks) Strong foundation in security operations, but with strategic vision beyond SOC alert handling Experience with security telemetry, SIEM platforms More ❯

role, you will: Act as the primary escalation point for complex IT and cybersecurity incidents. Manage and secure core client infrastructure and cloud environments. Ensure centralised security, monitoring, and incident response platforms operate effectively. You will collaborate closely with our Service Desk, Projects and Account Management teams to maintain high standards of service, document solutions and mentor junior … and maintain security hardening across infrastructure, cloud services, endpoints, and networks, in alignment with best practices and frameworks such as ISO27001, NIST, and Cyber Essentials Plus. Lead and coordinate incident response efforts, including root cause analysis, threat containment and post-incident reporting for clients. Collaborate with the Project and Service Desk teams to embed security into deployments … upgrades, and automation workflows, ensuring systems remain secure by design. Maintain and improve Standard Operating Procedures (SOPs) for security operations, ensuring knowledge is shared across the team for rapid incident handling. Provide mentorship and cybersecurity guidance to junior engineers and Service Desk staff, fostering a culture of security awareness and proactive threat management. Perform ongoing threat intelligence monitoring and More ❯

Senior Incident Responder (DFIR) 🚨 Location: Hybrid (UK-based) Job Type: Full-time Salary: Competitive + up to 20% annual bonus Are you a seasoned DFIR professional with a passion for digital forensics and incident response? Do you thrive in high-pressure environments and want to make a real impact in protecting one of the UK’s largest … retailers? If so, Tesco Technology wants you on our team. We’re looking for a Senior Incident Responder to join our cutting-edge Digital Forensics and Incident Response (DFIR) team. You’ll play a pivotal role in investigating and responding to complex security threats across our global estate, working alongside our security operations, threat intelligence, and engineering … teams. What You’ll Be Doing 🕵️ Lead Investigations : Conduct host, network, and cloud-based forensic analysis to uncover the full scope of security incidents. 🛡️ Incident Handling : Support incident managers with root cause analysis and recommend detection and prevention strategies. ⚙️ Drive Innovation : Improve and automate DFIR workflows, collaborating across teams to enhance our security capabilities. 🔍 Threat Hunting : Lead intelligence More ❯

days in London office The Role As SecOps Lead , you will act as the main liaison between internal security, engineering, and IT teams, and an external Managed Detection and Response (MDR) partner. You’ll oversee incident management, enhance detection and response processes, and strengthen the company’s overall security posture. Key Responsibilities Serve as the primary contact … for the MDR partner, managing the relationship, conducting service reviews, and ensuring SLAs are consistently met. Lead incident response efforts during security events — coordinating across teams to achieve fast containment and recovery. Review and fine-tune security alerts with the MDR provider, reducing false positives and improving detection accuracy. Develop and monitor MDR performance metrics (KPIs) , presenting insights … and trends to senior leadership. Maintain and evolve the security incident response plan (IRP) and playbooks in collaboration with the MDR provider. Translate technical security risks into actionable business recommendations for stakeholders at all levels. Contribute to broader cybersecurity initiatives , including vulnerability management, cloud security, data protection, and governance, risk & compliance (GRC). Requirements In-depth understanding of More ❯

highly visible security operations function with global impact upon Colt, business units, partners, and customers. While working as part of this team, the successful individual will provide world class incident response functions to detect, protect, respond, and sustain operations within cyberspace. Job description: Support SOC Manager to deliver the followingSIEM, IR tools platform management including all design, implementation … health checks Responsible for operational activities, Technology escalation support, Security Solution assessment, build activities , existing Service maturing and Build activities assist Analyse potential infrastructure security incidents to determine if incident qualifies as a legitimate security breach Establishing and governing the security incident response processes, investigations and security operational processes. Maintenance and enhancement of formal service catalogue, service … agreed action plan and outcomes Understands cultural differences and utilises this understanding to build rapport across different teams in order to obtain the necessary cooperation. Required profile: Information Security Incident Response experience with a focus on detection and response to malicious activity using log data from various sources preferred. Strong Networking and Systems experience, preferably in an More ❯

well as improving our security posture through continuous monitoring and analysis. Key Responsibilities Investigate and respond to cyber security incidents, including malware outbreaks, phishing attempts, and insider threats. Lead incident response efforts and conduct digital forensics. Enhance detection and response capabilities through process improvements and automation. Monitor alerts from SOC tools and perform root cause analysis. Collaborate … with IT and security teams to remediate vulnerabilities. Gather and analyse threat intelligence to inform detection strategies. Maintain detailed incident records and conduct post-incident reviews. Technical Skills Hands-on experience with SIEM, EDR, IDS/IPS, and SOAR platforms. Strong knowledge of operating systems (Windows, Linux), network protocols, and packet analysis tools. Familiarity with scripting languages (Python … GCP). Knowledge of frameworks such as NIST and MITRE ATT&CK. Qualifications Bachelor’s degree in Cyber Security, IT, or related field. 3–5 years in SOC operations, incident response, or threat intelligence. Practical experience with forensic investigations and security monitoring tools. Excellent written and verbal communication skills. Preferred Certifications such as CISSP, GIAC (GCIH, GCIA, GCTI More ❯

well as improving our security posture through continuous monitoring and analysis. Key Responsibilities Investigate and respond to cyber security incidents, including malware outbreaks, phishing attempts, and insider threats. Lead incident response efforts and conduct digital forensics. Enhance detection and response capabilities through process improvements and automation. Monitor alerts from SOC tools and perform root cause analysis. Collaborate … with IT and security teams to remediate vulnerabilities. Gather and analyse threat intelligence to inform detection strategies. Maintain detailed incident records and conduct post-incident reviews. Technical Skills Hands-on experience with SIEM, EDR, IDS/IPS, and SOAR platforms. Strong knowledge of operating systems (Windows, Linux), network protocols, and packet analysis tools. Familiarity with scripting languages (Python … GCP). Knowledge of frameworks such as NIST and MITRE ATT&CK. Qualifications Bachelor’s degree in Cyber Security, IT, or related field. 3–5 years in SOC operations, incident response, or threat intelligence. Practical experience with forensic investigations and security monitoring tools. Excellent written and verbal communication skills. Preferred Certifications such as CISSP, GIAC (GCIH, GCIA, GCTI More ❯

across CI/CD pipelines using tools like GitHub Actions , Terraform , and Argo CD for seamless and secure deployments. Enhance observability using Prometheus , Grafana , Datadog , and CloudWatch , enabling proactive incident prevention. Own incident management and post-mortem practices — guiding the team through challenges calmly and driving meaningful improvement. Collaborate with global engineering and product teams to align architectural … standards and deliver strategic initiatives. Embed regulatory and operational resilience requirements (GDPR, PCI-DSS, Outsourcing, Incident Response) into every layer of delivery. Mentor and coach engineers to build a strong, reliable, and forward-looking backend function. What You’ll Bring 10+ years of experience in software engineering , SRE , or cloud platform design , ideally within banking, fintech, or e … and CI/CD automation (GitHub Actions, Jenkins, Harness). Familiarity with messaging, caching, and database systems — Kafka, Redis, MongoDB, Cassandra, PostgreSQL. Hands-on experience in monitoring, observability, and incident response frameworks using modern tooling. Strong leadership, mentoring, and stakeholder management skills — able to scale teams, set OKRs, and foster engineering excellence. An ability to remain composed, analytical More ❯

secure network architecture and enforce segmentation and least-privilege access controls. Support secure cloud environments across Azure, AWS, or GCP (e.g., IAM, security groups, encryption, KMS). Threat Detection & Incident Response Monitor and analyze security alerts and network traffic for threats or suspicious activity. Lead or support incident response activities: investigation, containment, eradication, recovery, and reporting. More ❯

Security Orchestration, Automation & Response (SOAR) Engineer | Palo Alto Cortex XSOAR, Python, Rest API's, Linux & Windows | Up to £1000 Inside | 2 Days p/week in London We are seeking an experienced Security Orchestration, Automation & Response (SOAR) Engineer to strengthen cyber threat detection and automation capabilities within a leading financial organisation. This role combines hands-on technical expertise … with strategic security automation and orchestration across modern platforms. You will work closely with detection, response, and engineering teams to design, build, and optimise security workflows — enabling faster, more effective incident response and reducing manual effort through automation. Key Responsibilities: Develop and enhance security detections and automations across SOAR platforms (ideally Palo Alto Cortex XSOAR) Create and … maintain playbooks and integrations to improve incident response and operational efficiency Collaborate across teams to improve detection coverage and response workflows Monitor emerging threats and translate attacker TTPs into actionable detections and automated mitigations Key Skills & Experience: Hands-on experience with Palo Alto Cortex XSOAR or other SOAR platforms Strong knowledge of threat detection and response More ❯

tailored to SMB/MSP needs. Service delivery leadership: Define and enforce service delivery frameworks, SLAs, and operational playbooks; ensure seamless transition from presales to delivery; oversee service continuity, incident management, change control, and problem management. Platform and technology scope: Digital workplace services (end-user devices, collaboration tools, unified communications, remote/mobile workforce enablement); infrastructure and network (LAN … WAN, data-center design, virtualization, storage, backup); cloud and datacenter (IaaS/PaaS, public, private, hybrid architectures; migration and modernization); cybersecurity (identity, endpoints, network, identity & access management, threat detection, incident response); application support and managed services for critical business applications. Security and compliance: Build security-by-design into solution proposals; incorporate best practices for data protection, vulnerability management … WAN, SD-WAN), cloud connectivity. Cloud and Datacenter: IaaS/PaaS migrations, cloud governance, hybrid architectures, cloud security. Cybersecurity: threat prevention/detection, IAM, endpoint protection, SOC-oriented operations, incident response planning. Solution architecture and proposal skills: ability to translate business needs into standardized reference architectures, bill of materials, and delivery plans; fluent in cost models and ROI More ❯

CIS and ISO 27001 frameworks • Advising clients on identity, access management, encryption, monitoring and network security • Leading workshops to define cloud security strategy, governance models and control frameworks • Supporting incident response and remediation activities related to cloud environments • Collaborating with SOC and Engineering teams to strengthen detection, telemetry and visibility • Providing compliance guidance aligned to ISO 27001, NIST … of Azure and AWS security services, controls and architecture design • Proven experience delivering cloud security assessments and secure cloud solution design • Strong knowledge of IAM, networking, encryption, monitoring and incident response in cloud environments • Familiarity with Microsoft Defender for Cloud, AWS Security Hub, GuardDuty and other native tools • Experience applying frameworks such as NIST, CIS Benchmarks, ISO More ❯

inclusive employers in the UK. The Head of Information and Cyber Security will design, develop, and coordinate all aspects of the Information Security strategy, encompassing governance and risk management, incident response, and disaster recovery. The Head of Information and Cyber Security will manage a multitude of third-party partnerships from the SOC, to vulnerability management, to patching, and … NIST. Oversee a small internal team (2 privacy/GDPR specialists). Manage all external 3rd party security contracts/relationships -SOC, vulnerability management, patching, and firewall operations. Oversee incident response, risk mitigation, and disaster recovery planning. Support delivery of Cyber Essentials Plus accreditation. Present cyber and data risks at risk, audit, and board level. Champion security awareness More ❯

SDLC Perform threat modeling and risk assessments to proactively identify potential risks and develop mitigation strategies Track, analyse, and manage vulnerabilities in applications, providing guidance for remediation efforts Support incident response by investigating and analyzing security incidents related to applications Stay current on the latest security threats, vulnerabilities, and technologies to enhance our security posture Your background looks … something like: Extensive experience in application security, cybersecurity, or related fields Strong understanding of secure coding practices, threat modelilng, risk assessments, and incident response Proficiency in programming languages such as TypeScript, Python, or similar Experience with security tools, security protocols, encryption methods, and application security frameworks Experience with cloud security (we use AWS) Strong communication skills with the More ❯

detecting, analyzing, and mitigating malware threats to safeguard organisational systems and data. By conducting advanced static and dynamic malware analysis, the role provides critical insights into emerging threats, supports incident response activities, and enhances detection capabilities through tool and signature development. Together with colleagues spanning almost all time zones, you will help to make our clients safer and … support to the wider organisation will be critical in the development of NCC Group’s Threat Intelligence capabilities and the broader service we offer. Key Accountabilities: Malware Analysis and Response: Conduct in-depth static and dynamic analysis of new and emerging malware threats, identifying potential risks and novel attack vectors. Provide detailed analysis of malware samples as part of … Digital Forensics and Incident Response (DFIR) investigations. Respond to Requests for Information (RFIs) related to malware and binary analysis from internal and external teams. Stay up-to-date with ongoing malware campaigns and techniques, providing insight into emerging or high-impact threats. Documentation and Reporting: Document and report on the behaviour, techniques, tactics, and procedures (TTPs) used by More ❯

Ability to demonstrate any IRM solution and SecOps solutions as and when needed. Knowledge of various modules like Policy Mgmt. Compliance & Audit Mgmt., Vendor Mgmt., Business Continuity Management, Vulnerability Response, Incident Response, Security Dashboard on ServiceNow IRM platform Assess as-is IRM processes for maturity and automation on ServiceNow platform Knowledge of Advance risk management and continuous More ❯

maintain automated tools to support system deployments, monitoring, alerting, and operational workflows. Monitor health of trading systems with a goal of proactive failure prevention. Take ownership of, and improve incident response, root cause analysis, and blameless post-mortems. Partner with developers to build scalable, testable, and efficient deployment pipelines. Collaborate with trading, operations, and quant teams, as well … Experience Required: 3+ years’ experience in a production-facing engineering or reliability role within financial services or another high-availability technology environment. Strong track record in automation, monitoring, and incident response for distributed or mission-critical systems. Proficiency in scripting and systems programming. Hands-on experience with configuration management, containerisation, and orchestration tools. Tech Stack + Tools: Programming More ❯

Data Protection Impact Assessments (DPIAs) for high-risk processing activities. Managing third-party vendor data protection risk, from initial due diligence through to ongoing monitoring. Overseeing personal data breach incident response, ensuring timely containment, investigation, and reporting. Monitoring and maintaining data retention processes, ensuring compliance with legal, regulatory, and business requirements. This role offers the opportunity to work … in data protection and privacy compliance (e.g. GDPR or equivalent frameworks). Strong understanding of data protection risk assessment and mitigation processes. Proven experience in data breach management and incident response coordination. Desirable Skills and Attributes Collaboratively curious — keen to engage with colleagues to find pragmatic, compliant solutions. Trustworthy and ethically minded, with a strong sense of responsibility. More ❯

/Scaleup in London who are challenging the status quo when it comes to traditional insurance broking are looking to grow their team with Senior Consultants that have impressive Incident Response experience. The founders have the proven ability of growing start ups and seeing them through to IPO, and are using their capital from their last exit to More ❯

RCA sessions Maintain the Known Error Database and implement preventative measures Drive continual service improvement based on insights and trends Act as primary coordinator for major incidents and lead incident response Facilitate incident bridges, ensuring timely resolution and effective communication Conduct Post-Incident Reviews and ensure follow-up actions are tracked Monitor incident trends and … to services Key Experience & Skills Required Proven experience in IT Service Management, ideally within legal or large enterprise Strong knowledge of ITIL v4 (Foundation certificate essential) Familiarity with Problem, Incident & Change Management best practices Hands-on experience using ITSM tools (e.g. ServiceNow, BMC Remedy, Cherwell) Excellent analytical, communication, and stakeholder engagement skills Calm under pressure, highly organised, and confident More ❯

RCA sessions Maintain the Known Error Database and implement preventative measures Drive continual service improvement based on insights and trends Act as primary coordinator for major incidents and lead incident response Facilitate incident bridges, ensuring timely resolution and effective communication Conduct Post-Incident Reviews and ensure follow-up actions are tracked Monitor incident trends and … to services Key Experience & Skills Required Proven experience in IT Service Management, ideally within legal or large enterprise Strong knowledge of ITIL v4 (Foundation certificate essential) Familiarity with Problem, Incident & Change Management best practices Hands-on experience using ITSM tools (e.g. ServiceNow, BMC Remedy, Cherwell) Excellent analytical, communication, and stakeholder engagement skills Calm under pressure, highly organised, and confident More ❯

Company description: As the Lead - SOC Incident Manager, your role will encompass communicating cybersecurity incidents to key partners across the enterprise as well as being the main interface between the Colt business units and the cybersecurity groups. You will be the subject matter expert responsible for coordinating cyber security incidents across the enterprise. Job description: You will play a … key role within the SOC to manage incidents: Coordinate response efforts to cyber security incidents caused by internal and external threats to reduce the impact of these incidents to Colt and its customers. Act as the bridge between the SOC incident responders, IT support teams and business groups to ensure a consistently execution of incident triage and … remediation. Build and manage cyber incident tabletop exercises to ensure Colt is prepared to deal with cybersecurity incidents. Perform post incident analysis, identifying lessons learned throughout Fidelity with applicable teams for tactical and strategic remediation. Required profile: Bachelors degree (or foreign education equivalent) in Computer Science, Engineering, Information Technology, Information Systems, Mathematics, Physics, Business Administration, or a closely More ❯

broad range of ServiceNow modules, including but not limited to: Integrated Risk Management (IRM): Policy Management, Compliance & Audit Management, Vendor Risk Management, Business Continuity Management. Security Operations (SecOps): Vulnerability Response, Security Incident Response, Security Dashboards. IT Service Management (ITSM). IT Operations Management (ITOM). Customer Service Management (CSM). Integration Design: Design and oversee the implementation More ❯

broad range of ServiceNow modules, including but not limited to: Integrated Risk Management (IRM): Policy Management, Compliance & Audit Management, Vendor Risk Management, Business Continuity Management. Security Operations (SecOps): Vulnerability Response, Security Incident Response, Security Dashboards. IT Service Management (ITSM). IT Operations Management (ITOM). Customer Service Management (CSM). Integration Design: Design and oversee the implementation More ❯