1 to 25 of 803 Incident Response Jobs in England

professional management services to the firm, including the central operations of finance, information technology, marketing, risk, legal, operations and human resources. What You'll Do As a Cyber Security Incident Response Manager at BCG, you will be a key member of our Cyber Security Incident Response Team (CSIRT), responsible for identifying, analyzing, and mitigating cyber threats. … This role requires a proactive approach to threat hunting, cyber threat intelligence, and incident response, ensuring the protection of BCG's global network. You will work closely with the Security Operations Center (SOC), Security Information and Event Management (SIEM), and Managed Security Service Provider (MSSP) to enhance detection and response capabilities. Your expertise will contribute to strengthening … our security posture and minimizing business risks associated with cyber threats. Act as a Tier 3 Incident Responder, supporting complex investigations into cyber security incidents. Conduct proactive threat hunting to detect and neutralize emerging threats. Monitor and analyze logs via SIEM, EDR, and network traffic analysis tools for potential attack indicators. Investigate security incidents, including malware infections, phishing attacks More ❯

ideal candidate will have advanced expertise in monitoring, analyzing, and mitigating cybersecurity threats, as well as managing security tools and mentoring junior analysts. This role involves proactive threat hunting, incident response, and collaboration with cross-functional teams to enhance the organization s security posture. Key responsibilities: Incident Detection and Response: Lead investigations and remediation of complex … and other security technologies to analyze and correlate security alerts. Take ownership of Tier 3-level escalations from Tier 1 and Tier 2 analysts and guide them through complex incident response procedures. Threat Hunting & Analysis: Proactively search for threats across the environment using behavioral analysis and threat intelligence data. Analyze data from logs, network traffic, endpoint activities, and … threat intelligence feeds to detect unusual or malicious activity. Collaborate with other security teams to uncover hidden threats and vulnerabilities. Incident Forensics: Perform in-depth forensic analysis to determine the scope, impact, and root cause of security incidents. Collect, preserve, and analyze evidence related to breaches, intrusions, or malware infections while adhering to legal and regulatory requirements. Prepare reports More ❯

will focus on creating a business strategy, gap analysis and implementation, for securing their Azure-based infrastructure, integrating security automation, ensuring PCI DSS compliance, vulnerability and penetration testing and incident response. This role will focus on developing and maintaining secure, scalable Azure DevOps pipelines and Infrastructure as Code (IaC) using Terraform. Their ideal candidate will have a strong background … every stage. Cloud Security Implementation: Leverage Azure Security Centre, Microsoft Defender for Cloud, and Microsoft Sentinel for advanced security monitoring. Threat Detection & SOAR Automation: Oversee Security Orchestration, Automation, and Response (SOAR) solutions including SOC Prime. Network & Application Security: Manage Web Application Firewalls (WAF) and Intrusion Prevention Systems (IPS). Vulnerability & Penetration Testing: Review Penetration Testing, vulnerability assessments, and security … proactively identify and remediate risks. PCI DSS Compliance: Conduct security audits, risk assessments, and ensure regulatory compliance. DNS Security: Implement and monitor DNS security solutions to prevent cyber threats. Incident Response: Formulating and documenting a solid process utilising a 3rd party support partner Security Monitoring & Logging: Develop SIEM solutions, logging strategies, and real-time threat intelligence. Monitor, audit More ❯

will focus on creating a business strategy, gap analysis and implementation, for securing their Azure-based infrastructure, integrating security automation, ensuring PCI DSS compliance, vulnerability and penetration testing and incident response. This role will focus on developing and maintaining secure, scalable Azure DevOps pipelines and Infrastructure as Code (IaC) using Terraform. Their ideal candidate will have a strong background … every stage. Cloud Security Implementation: Leverage Azure Security Centre, Microsoft Defender for Cloud, and Microsoft Sentinel for advanced security monitoring. Threat Detection & SOAR Automation: Oversee Security Orchestration, Automation, and Response (SOAR) solutions including SOC Prime. Network & Application Security: Manage Web Application Firewalls (WAF) and Intrusion Prevention Systems (IPS). Vulnerability & Penetration Testing: Review Penetration Testing, vulnerability assessments, and security … proactively identify and remediate risks. PCI DSS Compliance: Conduct security audits, risk assessments, and ensure regulatory compliance. DNS Security: Implement and monitor DNS security solutions to prevent cyber threats. Incident Response: Formulating and documenting a solid process utilising a 3rd party support partner Security Monitoring & Logging: Develop SIEM solutions, logging strategies, and real-time threat intelligence. Monitor, audit More ❯

We are seeking an experienced and highly capable SOC Tier 3 Analyst to serve as a senior member of our Security Operations Center (SOC). You will lead advanced incident response efforts, conduct proactive threat hunting, perform digital forensics, and collaborate cross-functionally to safeguard our digital assets and infrastructure. This is a pivotal role for those passionate … about cybersecurity, threat detection, and investigative analysis. Key Responsibilities 🔍 Advanced Incident Detection & Response Lead the investigation and resolution of complex cyber incidents, including APTs, malware outbreaks, and data breaches. Take charge of escalated alerts from Tier 1 and 2 analysts and guide them through advanced response protocols. Utilize SIEM, EDR, and threat intelligence platforms to perform deep … to uncover hidden anomalies or malicious behavior. Partner with security engineering teams to build detection capabilities based on evolving threats. 🔬 Digital Forensics & Investigation Conduct detailed forensic investigations to determine incident scope, root cause, and impact. Collect and preserve digital evidence in accordance with legal and regulatory standards. Deliver comprehensive findings, timelines, and impact reports. 🛠 Remediation & Recovery Advise on containment More ❯

a “cloud-first” Cyber Defense, Business Continuity and Risk Management programs to support our business goals. This includes, but is not limited to security operations, vulnerability and patch management, incident response, disaster recovery, business continuity, risk identification and mitigation planning/implementation, identity management, network security, privacy, and compliance. In the Cyber Defense Security Analyst role, you will … alerts generated by various security technologies, including SIEM, IDS/IPS, firewalls, and endpoint protection systems. Conduct host forensics, network forensics, log analysis, and malware triage in support of incident response investigations. Identify, analyze, and assess potential insider threats through behavioral analytics, log review, and threat intelligence. Maintain and improve SOC processes and procedures, staying current with the … up to date. Develop and implement automated processes for monitoring and enforcing insider risk policies. Participation in security root cause analysis and forensics as part of NorthMark Strategies’ Cyber Incident Response Plan. Develop comprehensive and accurate reports and presentations for both technical and executive audiences. Stay up to date with relevant vulnerabilities, threat actors, indicators of compromise (IOCs More ❯

a “cloud-first” Cyber Defense, Business Continuity and Risk Management programs to support our business goals. This includes, but is not limited to security operations, vulnerability and patch management, incident response, disaster recovery, business continuity, risk identification and mitigation planning/implementation, identity management, network security, privacy, and compliance. In the Cyber Defense Security Analyst role, you will … alerts generated by various security technologies, including SIEM, IDS/IPS, firewalls, and endpoint protection systems. Conduct host forensics, network forensics, log analysis, and malware triage in support of incident response investigations. Identify, analyze, and assess potential insider threats through behavioral analytics, log review, and threat intelligence. Maintain and improve SOC processes and procedures, staying current with the … up to date. Develop and implement automated processes for monitoring and enforcing insider risk policies. Participation in security root cause analysis and forensics as part of NorthMark Strategies’ Cyber Incident Response Plan. Develop comprehensive and accurate reports and presentations for both technical and executive audiences. Stay up to date with relevant vulnerabilities, threat actors, indicators of compromise (IOCs More ❯

a “cloud-first” Cyber Defense, Business Continuity and Risk Management programs to support our business goals. This includes, but is not limited to security operations, vulnerability and patch management, incident response, disaster recovery, business continuity, risk identification and mitigation planning/implementation, identity management, network security, privacy, and compliance. In the Cyber Defense Security Analyst role, you will … alerts generated by various security technologies, including SIEM, IDS/IPS, firewalls, and endpoint protection systems. Conduct host forensics, network forensics, log analysis, and malware triage in support of incident response investigations. Identify, analyze, and assess potential insider threats through behavioral analytics, log review, and threat intelligence. Maintain and improve SOC processes and procedures, staying current with the … up to date. Develop and implement automated processes for monitoring and enforcing insider risk policies. Participation in security root cause analysis and forensics as part of NorthMark Strategies’ Cyber Incident Response Plan. Develop comprehensive and accurate reports and presentations for both technical and executive audiences. Stay up to date with relevant vulnerabilities, threat actors, indicators of compromise (IOCs More ❯

high a level of security operations delivery function Oversee and enhance security monitoring systems to detect and analyse potential security incidents. Conduct real-time analysis of security events and incident and escalate as necessary Support other teams on investigations into incidents, determining the root cause and impact. Document findings and lessons learned to improve incident response procedures. … Ensure runbooks are followed and are fit for purpose Incident Response: Lead and coordinate incident response activities to effectively contain, eradicate, and recover from security incidents. Develop and maintain incident response plans, ensuring they align with industry best practices. Escalation management in the event of a security incident Follow major incident process … to other analysts. Working with the Technical Teams to ensure all new and changed services are monitored accordingly Documentation: Maintain accurate and up-to-date documentation of security procedures, incident response plans, and analysis reports. Create post-incident reports for management and stakeholders. Support the creation of monthly reporting packs as per contractual requirements. Create and document More ❯

security solutions (firewalls, SIEM, IDS/IPS, endpoint protection, cloud security). Shape strategic security recommendations and collaborate on technical win plans. Maintain and update security policies, procedures, and incident response plans. Deliver security awareness training and advise clients on best practices. Support audits and compliance initiatives (ISO 27001, NIST, GDPR, etc.). Work cross-functionally with internal … with SIEM, EDR, VPNs, firewalls, and cloud platforms (AWS, Azure, GCP). Expertise in Microsoft Sentinel, Cisco Splunk or Palo Alto QRadar, and KQL. Proven skills in threat detection, incident response, and forensic analysis. Knowledge of SOAR tools (especially Palo Alto XSOAR or similar). Familiarity with compliance standards: ISO 27001, NIST, CIS, GDPR, HIPAA. Bonus: scripting/ More ❯

security solutions (firewalls, SIEM, IDS/IPS, endpoint protection, cloud security). Shape strategic security recommendations and collaborate on technical win plans. Maintain and update security policies, procedures, and incident response plans. Deliver security awareness training and advise clients on best practices. Support audits and compliance initiatives (ISO 27001, NIST, GDPR, etc.). Work cross-functionally with internal … with SIEM, EDR, VPNs, firewalls, and cloud platforms (AWS, Azure, GCP). Expertise in Microsoft Sentinel, Cisco Splunk or Palo Alto QRadar, and KQL. Proven skills in threat detection, incident response, and forensic analysis. Knowledge of SOAR tools (especially Palo Alto XSOAR or similar). Familiarity with compliance standards: ISO 27001, NIST, CIS, GDPR, HIPAA. Bonus: scripting/ More ❯

security solutions (firewalls, SIEM, IDS/IPS, endpoint protection, cloud security). Shape strategic security recommendations and collaborate on technical win plans. Maintain and update security policies, procedures, and incident response plans. Deliver security awareness training and advise clients on best practices. Support audits and compliance initiatives (ISO 27001, NIST, GDPR, etc.). Work cross-functionally with internal … with SIEM, EDR, VPNs, firewalls, and cloud platforms (AWS, Azure, GCP). Expertise in Microsoft Sentinel, Cisco Splunk or Palo Alto QRadar, and KQL. Proven skills in threat detection, incident response, and forensic analysis. Knowledge of SOAR tools (especially Palo Alto XSOAR or similar). Familiarity with compliance standards: ISO 27001, NIST, CIS, GDPR, HIPAA. Bonus: scripting/ More ❯

headquarters are in Dublin, Ireland. Learn more at experianplc.com. Job Description As a Cyber Defence Analyst, you will join the Cyber Fusion Center, performing in-depth analysis, assessment, and response to security threats by following documented policies to meet Service Level Goals. The team provides global 24x7 security operations and monitoring for cybersecurity events affecting Experian. You will be … a part of the first line of defence in Experian's broader incident response and incident management departments, responsible for receiving and prioritizing cybersecurity alerts, including being the dedicated contact for potential security incidents reported by users (e.g., Experian employees). Depending on the results of assessment, this team is then responsible for investigating, containing, eradicating, and … recovering from events falling in its scope or escalating higher-risk events to dedicated incident response and management teams in the CFC. This role is critical in ensuring the handling of potential threats and plays a part in improving security operations. This is a home based role reporting to the Director of Security Operations for SecOps & Threat Detection. More ❯

ISO 42001, GDPR, and DORA. This role focuses on internal audits, regulatory compliance, and readiness for external audits while also contributing to Cybersecurity Operations Center (CSOC) activities, including incident monitoring and response. How will you make an impact? Internal Audit Execution: Conduct internal audits to evaluate and enhance IT controls, compliance with standards, and risk management processes. Audit Preparation … audit teams to streamline processes and provide requested documentation and evidence. Security Monitoring: Use tools such as Rapid7 InsightIDR or other SIEM solutions to assist with security monitoring and incident detection. Incident Response Support: Participate in incident response efforts, documenting security incidents and assisting in containment and recovery actions. Threat Identification: Contribute to analyzing cybersecurity … Plus. Familiarity with CSOC tools such as Rapid7 InsightIDR or other SIEM solutions. Hands-on experience in internal and external audits, compliance assessments, and process improvement. Basic understanding of incident response frameworks and cybersecurity best practices. Exceptional analytical, organizational, and communication skills. Commitment to continuous learning and professional development in audit, compliance, and security. You will have an More ❯

engaged in risk management, including evaluating vendor risk, examining vendor contracts, understanding third-party risk, and data privacy issues. This individual serves as an expert on cybersecurity protection, detection, response, and recovery, coordinating penetration testing and managing cybersecurity analysts to detect, mitigate, and analyze threats. Works closely with other teams to develop controls such as firewalls, data leakage prevention … activities to meet regulatory requirements. Evaluate and implement cybersecurity solutions to maintain confidentiality, integrity, and availability. Participate in proofs-of-concept for new security technologies. Develop and test security incident response plans, acting as incident response leader. Develop security, risk, and compliance reports and alerts. Review policies and procedures annually for security compliance. Develop, test, and More ❯

assessment of Clarks' security posture Support business continuity and disaster recovery processes and assist in the development and implementation of activities to improve Clarks' cyber resilience Support of security incident response activities, including providing expertise in triaging and resolving key issues, engaging with outsourced security operations and internal SecOps teams to ensure standards and policies are appropriately applied … and assisting in the creation and updating of relevant run books to help ensure effective incident management planning and execution Support for compliance and audit activities, working with internal and external stakeholders to understand requirements, identify remedial activity, and monitor progress Analysing emerging and developing threats and working with stakeholders to validate the potential impact on Clarks - and recommend … security controls and best practices across a number of the following areas/domains: Network and infrastructure (networking protocol knowledge is an advantage Endpoint (e.g. DLP, Endpoint Detection and Response, File Integrity, SIEM) Database technologies (SQL, Oracle) General cryptography practices (e.g. PKI) Cloud environments (Azure, AWS) Fundamental understanding of privacy and data protection laws and regulations and how they More ❯

and endpoint protection. Perform regular vulnerability assessments, penetration testing, and risk analysis. Collaborate with IT and development teams to ensure secure system architecture and application development. Maintain and enhance incident response procedures and disaster recovery plans. Investigate and document security breaches, providing root cause analysis and remediation plans. Conduct security awareness training for staff and ensure compliance with More ❯

NIST, MITRE ATT&CK, OWASP Top 10). Preferred Qualifications Google Professional Cloud Security Engineer certification or equivalent (e.g., CISSP, CISM, AWS/Azure Security Certs). Experience with incident response, threat intelligence integration, and advanced detection strategies. Knowledge of DevSecOps practices and security integration into CI/CD pipelines. Strong communication and stakeholder engagement skills with experience More ❯

NIST, MITRE ATT&CK, OWASP Top 10). Preferred Qualifications Google Professional Cloud Security Engineer certification or equivalent (e.g., CISSP, CISM, AWS/Azure Security Certs). Experience with incident response, threat intelligence integration, and advanced detection strategies. Knowledge of DevSecOps practices and security integration into CI/CD pipelines. Strong communication and stakeholder engagement skills with experience More ❯

NIST, MITRE ATT&CK, OWASP Top 10). Preferred Qualifications Google Professional Cloud Security Engineer certification or equivalent (e.g., CISSP, CISM, AWS/Azure Security Certs). Experience with incident response, threat intelligence integration, and advanced detection strategies. Knowledge of DevSecOps practices and security integration into CI/CD pipelines. Strong communication and stakeholder engagement skills with experience More ❯

for Office 365, Defender for Endpoint, Defender for Cloud Apps) for advanced threat protection. Strengthen cloud security posture by managing security configurations across Microsoft Azure environments. 3. Security Automation & Incident Response Automate security workflows with Power Automate, Power Apps, and Microsoft Defender XDR. Deploy Microsoft Sentinel (SIEM) for threat detection, log analysis, and incident response. Establish incident response playbooks and conduct forensic investigations when needed. 4. Compliance & Risk Management Ensure adherence to ISO 27001, NIST, GDPR, and CIS Benchmarks. Conduct risk assessments, vulnerability scans, and security audits. Define data protection, backup, and retention policies aligned with Microsoft 365 compliance tools. 5. Network Security & Infrastructure Protection (Plus Skills) Experience with Layer 7 firewalls (Cisco, Fortinet, Palo More ❯

Virtual GP access for you and your household Onsite perks including free parking, tea and coffee stations, and a subsidized café with free breakfast toast Responsibilities Security Monitoring & Incident Response: Use SIEM tools like Exabeam, LogRhythm, Splunk, or Arcsight to monitor security events, detect threats, and analyze data to address incidents swiftly. Vulnerability Management Tools: Conduct regular vulnerability More ❯

management Cloud posture management and threat protection Security automation and DevSecOps integration Security Operations SOC transformation and cloud-native security ops Threat detection with XDR, NDR, and SOAR platforms Incident response planning and threat intelligence integration Regulatory alignment for DORA, NIS2, and UK-specific mandates Risk frameworks tailored by industry (FS, critical infrastructure) Compliance automation and continuous control More ❯

Hands-on expertise with troubleshooting hardware, software, and SaaS issues. Security Knowledge: Familiarity with security frameworks and standards such as SOC 2, ISO 27001, GDPR, or NIST. Experience with incident response and risk management. Knowledge of Zero Trust architectures and security-first IT practices. Soft Skills: Excellent problem-solving and communication skills. Ability to collaborate effectively with external More ❯

and containerization security. Data Security: Skilled in implementing information protection tools, key and secrets management, data loss prevention, and protective marking and classification capabilities. Cyber Security Operations: Proficient in incident response, vulnerability management, SIEM, SOAR, threat modeling, threat hunting, intelligence, data analytics, and anti-phishing methodologies. Infrastructure and Endpoint Security: Experience with endpoint security control technologies (EDR, EPP More ❯