West Midlands, United Kingdom Hybrid / WFH Options
Infoplus Technologies UK Ltd
boards from below onwards The Role As SOC Manager: Establish goals and priorities by working closely with your team to identify the most critical focus areas. These include: Improving incidentresponse times Reducing false positives and other extraneous alerts Enhancing threat detection capabilities Oversee your staff's activities and ensure they focus on the right priorities Oversee SOC … activities by reviewing your team's performance metrics, incident reports and other key indicators Lead incidentresponse efforts when a security incident occurs, the SOC team has to respond as quickly as possible Lead these efforts by establishing clear incidentresponse procedures and protocols and conveying them to the team Analyse incident reports … to understand your organization's security posture by reviewing incident reports, SOC managers identify patterns and trends that may indicate weaknesses or vulnerabilities in their security defences Serve as the point of contact (POC) for security incidents within the company. You are the primary liaison between the SOC team, other internal stakeholders, and external parties such as vendors, clients More ❯
Crawley, Sussex, United Kingdom Hybrid / WFH Options
Morson Talent
IncidentResponse (CSIRT)/SOC Level 3 Analyst Location: Crawley (Hybrid) Department: Information Systems Type: Contract Full-time Outside IR35 About the Role My client is seeking an experienced IncidentResponse (CSIRT)/Security Operations Centre (SOC) Level 3 Analyst to join their Information Systems directorate, based in Crawley. In this critical role, you'll respond … s network systems, operational technology, and customer data from emerging and sophisticated cyber risks. Key Responsibilities As a senior member of the Security Operations team, you will: Lead the response to escalated and high-severity cyber incidents, ensuring rapid containment and recovery. Conduct advanced threat hunting across IT and OT environments to identify and eliminate hidden threats. Develop and … enhance SOC policies, playbooks, and incidentresponse processes to align with industry best practices. Collaborate with the Managed Security Service Provider (MSSP) and internal teams to ensure complete log source integration and effective alert correlation across cloud and on-prem environments. Support and develop the organisation's SOAR platform, creating automated workflows and improving response efficiency. Perform More ❯
Crawley, West Sussex, South East, United Kingdom Hybrid / WFH Options
Morson Talent
IncidentResponse (CSIRT)/SOC Level 3 Analyst Location: Crawley (Hybrid) Department: Information Systems Type: Contract | Full-time Outside IR35 About the Role My client is seeking an experienced IncidentResponse (CSIRT)/Security Operations Centre (SOC) Level 3 Analyst to join their Information Systems directorate, based in Crawley. In this critical role, you'll respond … s network systems, operational technology, and customer data from emerging and sophisticated cyber risks. Key Responsibilities As a senior member of the Security Operations team, you will: Lead the response to escalated and high-severity cyber incidents, ensuring rapid containment and recovery. Conduct advanced threat hunting across IT and OT environments to identify and eliminate hidden threats. Develop and … enhance SOC policies, playbooks, and incidentresponse processes to align with industry best practices. Collaborate with the Managed Security Service Provider (MSSP) and internal teams to ensure complete log source integration and effective alert correlation across cloud and on-prem environments. Support and develop the organisation's SOAR platform, creating automated workflows and improving response efficiency. Perform More ❯
London, South East, England, United Kingdom Hybrid / WFH Options
Rise Technical Recruitment Limited
Senior Cyber IncidentResponse InvestigatorFully UK RemoteDV Clearance or eligibility essential£80,000 + OT and On-Call earning £100,000+ Excellent opportunity for a candidate with IncidentResponse experience, DV Clearance or the ability to obtain it, and extensive experience with cyber forensic tools to join a business offering an entirely remote working position, the … key stakeholders within your client. This is a highly autonomous environment and you'll even set your own hours of work.The ideal candidate will have good experience within Cyber Response and have a wide range of experience with different cyber forensic tools. Candidates must be happy to travel to customer sites a few times a year, must be eligible … a wide and varied client base, remote working opportunities, and the chance to make a real difference to businesses across the UK and Europe! The Role: *Senior-Level Cyber IncidentResponse Investigator*Fully Remote*Helping businesses deal with real-time cyber-attacks remotely*Occasionally travelling to customer sites*£80,000 base + OT and On-all bumping total More ❯
Senior Cyber IncidentResponse Investigator Fully UK Remote DV Clearance or eligibility essential £80,000 + OT and On-Call earning £100,000+ Excellent opportunity for a candidate with IncidentResponse experience, DV Clearance or the ability to obtain it, and extensive experience with cyber forensic tools to join a business offering an entirely remote working … stakeholders within your client. This is a highly autonomous environment and you'll even set your own hours of work. The ideal candidate will have good experience within Cyber Response and have a wide range of experience with different cyber forensic tools. Candidates must be happy to travel to customer sites a few times a year, must be eligible … a wide and varied client base, remote working opportunities, and the chance to make a real difference to businesses across the UK and Europe! The Role: *Senior-Level Cyber IncidentResponse Investigator *Fully Remote *Helping businesses deal with real-time cyber-attacks remotely *Occasionally travelling to customer sites *£80,000 base + OT and On-all bumping total More ❯
leeds, west yorkshire, yorkshire and the humber, united kingdom Hybrid / WFH Options
HMRC
it's really like to work at HMRC. Visit our YouTube channel to watch the full series and come and discover your potential. Primarily working within the Investigation and Response element of Cyber Security Incident Management team, you'll get to investigate and respond to cyber security incidents across HMRC. This is varied, interesting and vital work so … experiences are critical to our success, and we welcome applications from all people from all backgrounds with the experience and skills needed to perform this role. Job description The Incident Management Team are the front-line operational arm of the HMRC Cyber Security Team, responsible for protecting the confidentiality, integrity and availability of HMRC online services and data assets. … The team and the successful individual undertake the following 3 core activities: Detect and Identify Prepare to Respond Response and Remediation The Detect and Identify function of the Incident Management Team consists of monitoring, analysis and triage activities. The successful candidate will use technical tools to check and maintain the health of the HMRC online services and user More ❯
build scalable, observable, and resilient platforms. We work closely with other Engineering, Data, Platform and Operations teams to help them build reliable, observable, and cost-effective systems. We lead incidentresponse, improve deployment safety, and guide teams toward sustainable service ownership. We process large volumes of telemetry data every day and are constantly evolving our approach to cost … understanding of modern observability practices. You will be confident working across infrastructure and application layers, and you will lead by example in everything from SLOs and SLIs to post-incident reviews. What You Will Be Doing: Observability and OpenTelemetry: Own and evolve our observability strategy across services. Lead how we collect, process, sample, and surface trace and metrics data … visibility across the stack. SLOs, SLIs, and Service Ownership: Help teams define and adopt meaningful SLIs and SLOs. Guide product teams in using observability data to make reliability measurable. IncidentResponse and Reliability Engineering: Lead on-call investigations when issues arise. Drive blameless post-incident reviews and help to recommend mitigating actions that stem any losses, but More ❯
London, England, United Kingdom Hybrid / WFH Options
Palo Alto Networks
Unit 42 Consulting Unit 42 Consulting is Palo Alto Networks' elite security advisory team. Our vision is to create a more secure digital world by delivering the highest quality incidentresponse, risk management, and digital forensic services to clients of all sizes. Our team comprises highly recognized experts and incident responders with deep technical expertise and extensive … experience in investigations, data breach response, digital forensics, and information security. With a proven track record of delivering mission-critical cybersecurity solutions, we work swiftly to provide effective incidentresponse, attack readiness, and remediation plans, focusing on long-term support to enhance our clients’ security posture. Job Description Your Career Unit 42 is a dynamic, energetic, and … dynamic environments. Deep Cybersecurity Domain Mastery: At least 10 years of experience selling complex Security solutions or services, including a profound understanding and proven success in: Offensive Security Services IncidentResponse Retainers Risk Management Services SOC Assessment Services Threat Intelligence Services Channel Ecosystem Acumen: A profound understanding of global channel partners and a proven ability to strategically leverage More ❯
Senior Incident Responder - SOC Analyst (L3) £71000 GBP Hybrid WORKING Location: Central London, Greater London - United Kingdom Type: Permanent Senior Incident Responder - SOC Analyst (L3) Location: UK-wide (hybrid/on-site as required) Salary: £71,000 + Bonus Clearance: Must be eligible for SC Clearance Our client is a global consulting and technology services firm, supporting public … and private sector organisations with complex digital and cyber transformation. They are building out their UK Security Practice and are seeking a Senior Incident Responder - SOC Analyst (L3) to lead investigations, manage escalations, and strengthen cyber resilience for mission-critical environments. The Role As a Senior Incident Responder, you'll be the escalation point for L1 and L2 … to containment and remediation. You'll drive root cause analysis, ensure runbooks and playbooks are followed, and directly engage with clients and delivery managers to provide expert guidance on incident handling. This is a hands-on technical leadership role that combines investigation, response, threat intelligence, and collaboration with stakeholders. You'll also support service improvement, tool optimisation, and More ❯
West Midlands, United Kingdom Hybrid / WFH Options
Stackstudio Digital Ltd
Days: As per business need Special Working Conditions: Occasional client site travel The Role As SOC Manager, you will: Establish goals and priorities with your team, focusing on: Improving incidentresponse times Reducing false positives and extraneous alerts Enhancing threat detection capabilities Oversee staff activities to ensure focus on the right priorities Review team performance metrics, incident reports, and other key indicators Lead incidentresponse efforts with clear procedures and protocols Analyse incident reports to understand the organization's security posture Serve as primary point of contact for security incidents, liaising with internal stakeholders and external parties Conduct information security investigations and manage end-to-end security incident resolution Report to the … identifying new use cases and automations Act as POC for SOC engineering, threat intelligence, and threat exposure management Provide guidance to Level-2 SOC security analysts during investigations and incident resolution Lead coordination of individual information security incidents Mentor security analysts on risk management, security controls, incident analysis, SIEM monitoring, and operational tasks Document incidents from detection to More ❯
london, south east england, united kingdom Hybrid / WFH Options
Anson McCade
GBP Hybrid WORKING Location: Central London, Greater London - United Kingdom Type: Permanent Senior Incident Responder - SOC Analyst (L3) Location: UK-wide (hybrid/on-site as required) Salary: £71,000 + Bonus Clearance: Must be eligible for SC Clearance Our client is a global consulting and technology services firm, supporting public and private sector organisations with complex digital and … cyber transformation. They are building out their UK Security Practice and are seeking a Senior Incident Responder - SOC Analyst (L3) to lead investigations, manage escalations, and strengthen cyber resilience for mission-critical environments. The Role As a Senior Incident Responder, you'll be the escalation point for L1 and L2 SOC Analysts, taking ownership of security incidents from … to containment and remediation. You'll drive root cause analysis, ensure runbooks and playbooks are followed, and directly engage with clients and delivery managers to provide expert guidance on incident handling. This is a hands-on technical leadership role that combines investigation, response, threat intelligence, and collaboration with stakeholders. You'll also support service improvement, tool optimisation, and More ❯
Farnborough, Hampshire, South East, United Kingdom Hybrid / WFH Options
Leidos Innovations UK Limited
variety of stakeholders to ensure, the Leidos CSOC, a Defensive Cyber Security capability, can support a customers Cyber Resilience, protecting them with a 24 x 7 Threat Detection and Response service, mitigating their risk of Cyber Attack. The successful candidate will be able to demonstrate experience from a CSOC background or be able to demonstrate sufficient transferable Cyber Security … reactive analysis, articulating emerging trends to leadership and staff. Use data collected from Cyber Defence tools firewalls, IDS, network traffic, UEBA (User Entity Behaviour Analysis), Security Orchestration and Automated Response (SOAR) etc. to analyse events that occur within the environments. Respond to and correlate alerts from various detective and preventative Cyber Security tools such as Security Information Event Monitoring … SIEM), End Point Protection (EPP), End Point Detection and Response (EDR), XDR (Extended DR), Web Application Firewall (WAF), and Firewalls. Proactively detect suspicious activity, vulnerabilities, and security misconfigurations before they can be exploited by adversaries impacting Confidentiality, Integrity and Availability which could lead to a Cyber Security Incident. Inspection and correlation of logs from multiple sources to identify repeating More ❯
Bristol, Gloucestershire, United Kingdom Hybrid / WFH Options
British Veterinary Association
IT projects and infrastructure. Operational Oversight: Define and deploy control baselines, templates, and standards. Tooling & Effectiveness: Manage and monitor security operations tools such as Defender, Sentinel, Tenable, and CASB. IncidentResponse: Lead triage, coordinate crisis responses, and oversee post-incident reviews. Documentation & Governance: Maintain hardening guides, architecture diagrams, and lead working groups. Cross-Regional Alignment: Foster collaboration … global cybersecurity efforts. What You Bring Essential: Degree or equivalent experience in Information Security. Certifications such as Security+, CEH, CySA+, or Cloud Security Engineer. Extensive experience in cybersecurity, especially incidentresponse and technical operations. Strong understanding of AWS and Azure cloud platforms. Familiarity with frameworks like NIST, ISO, COBIT, and OWASP. Proven success in leading and delivering security More ❯
Bristol, Avon, South West, United Kingdom Hybrid / WFH Options
Hargreaves Lansdown
with Key Vault, SBOM and image scanning, policy-as-code and least privilege IAM. Drive reliability using SRE practices: define SLIs/SLOs, error budgets, capacity planning, chaos testing, incidentresponse and blameless post-incident reviews. Partner with application squads to remove toil, improve developer experience (DX), and reduce lead time for changes through automation and platform … service catalog entries; contribute to onboarding guides and demo sessions for consumers of the platform. Participate in an on-call rota for critical platform services and lead/coordinate incidentresponse when required. About you Strong hands-on experience with Microsoft Azure core services (networking, compute, storage) and platform services (AKS, App Services, API Management, Event Hub/… GitOps, and container build pipelines (e.g., ACR, OPA policies, image scanning). Working knowledge of observability tooling (Azure Monitor, Log Analytics, Application Insights, Datadog/Grafana) and alerting/response workflows. Understanding of the Microsoft Cloud Adoption Framework, Azure Landing Zones and the Well-Architected Framework. Familiarity with DevSecOps practices: threat modelling, dependency and container scanning, SBOM management, and More ❯
Employment Type: Permanent, Part Time, Work From Home
cloud security architecture, SIEM/SOAR, compliance frameworks (e.g., ISO 27001, NIST, GDPR), and data protection. Familiarity with Azure, Microsoft 365, and hybrid cloud environments. Understanding of security operations, incidentresponse, and threat intelligence. CORE COMPETENCIES & SKILLS Proven experience with Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft Purview Understanding of security operations, incidentresponse, and More ❯
Manchester, Lancashire, England, United Kingdom Hybrid / WFH Options
Robert Walters
cases Triage of security events and third-party SOC management Monitor/Collate data from endpoints across estate OSINT experience for threat hunting, prepare reports Cyber Defence Manager - Experience Incidentresponse, security engineering, intrusion detection Experience of SOC or IncidentResponse Team Analyse End Point, Network, Application Logs Security frameworks/Standards (NIST, CIS, ISO27001) Scripting More ❯
Birmingham, West Midlands, England, United Kingdom Hybrid / WFH Options
Robert Walters
cases Triage of security events and third-party SOC management Monitor/Collate data from endpoints across estate OSINT experience for threat hunting, prepare reports Cyber Defence Manager - Experience Incidentresponse, security engineering, intrusion detection Experience of SOC or IncidentResponse Team Analyse End Point, Network, Application Logs Security frameworks/Standards (NIST, CIS, ISO27001) Scripting More ❯
assessments and coordinate penetration testing activities with external vendors and internal teams. Track and manage remediation efforts across infrastructure, applications, and cloud environments. Establish and maintain a Product Security IncidentResponse Team (PSIRT) process to handle reported vulnerabilities, disclosures, and security incidents related to Ipsotek products. Ensure timely triage, investigation, and resolution of product-related security issues. Security … Operations (SecOps) Oversee incidentresponse, monitoring, and reporting processes. Manage security tooling and automation for detection and prevention. Continuously improve threat detection and response capabilities. Cross-Functional Collaboration Work with development teams to embed secure coding practices and DevSecOps principles. Support project operations and presales with security input for bids, proposals, and delivery. Provide security guidance during More ❯
City of London, London, United Kingdom Hybrid / WFH Options
Ipsotek, an Eviden business
assessments and coordinate penetration testing activities with external vendors and internal teams. Track and manage remediation efforts across infrastructure, applications, and cloud environments. Establish and maintain a Product Security IncidentResponse Team (PSIRT) process to handle reported vulnerabilities, disclosures, and security incidents related to Ipsotek products. Ensure timely triage, investigation, and resolution of product-related security issues. Security … Operations (SecOps) Oversee incidentresponse, monitoring, and reporting processes. Manage security tooling and automation for detection and prevention. Continuously improve threat detection and response capabilities. Cross-Functional Collaboration Work with development teams to embed secure coding practices and DevSecOps principles. Support project operations and presales with security input for bids, proposals, and delivery. Provide security guidance during More ❯
Crawley, West Sussex, South East, United Kingdom Hybrid / WFH Options
Circle Group
cyber resilience initiatives, ensuring technical excellence and alignment with client goals. Design Secure Architectures: Shape robust, scalable, and secure solutions using industry best practices and advanced security frameworks. Drive IncidentResponse: Manage and coordinate responses to security incidents, ensuring swift resolution and minimal disruption. Engage Clients: Act as a trusted advisor, delivering tailored solutions and maintaining strong stakeholder … presentations, and service development efforts. Share Knowledge: Develop and distribute best practices to strengthen the cyber resilience function. What You'll Bring: Proven experience in threat intelligence, risk management, incidentresponse, compliance (e.g., GDPR, ISO 27001), and security architecture. Hands-on experience with: SIEM Rapid7, InsightIDR XDR (SentinelOne preferred) Firewalls (Fortinet preferred) PAM (Delinea preferred) SSE/ZTNA More ❯
Crawley, West Sussex, South East, United Kingdom Hybrid / WFH Options
Circle Group
cyber resilience initiatives, ensuring technical excellence and alignment with client goals. Design Secure Architectures: Shape robust, scalable, and secure solutions using industry best practices and advanced security frameworks. Drive IncidentResponse: Manage and coordinate responses to security incidents, ensuring swift resolution and minimal disruption. Engage Clients: Act as a trusted advisor, delivering tailored solutions and maintaining strong stakeholder … presentations, and service development efforts. Share Knowledge: Develop and distribute best practices to strengthen the cyber resilience function. What You'll Bring: Proven experience in threat intelligence, risk management, incidentresponse, compliance (e.g., GDPR, ISO 27001), and security architecture. Hands-on experience with: SIEM Rapid7, InsightIDR XDR (SentinelOne preferred) Firewalls (Fortinet preferred) PAM (Delinea preferred) SSE/ZTNA More ❯
chichester, south east england, united kingdom Hybrid / WFH Options
Circle Group
cyber resilience initiatives, ensuring technical excellence and alignment with client goals. Design Secure Architectures: Shape robust, scalable, and secure solutions using industry best practices and advanced security frameworks. Drive IncidentResponse: Manage and coordinate responses to security incidents, ensuring swift resolution and minimal disruption. Engage Clients: Act as a trusted advisor, delivering tailored solutions and maintaining strong stakeholder … presentations, and service development efforts. Share Knowledge: Develop and distribute best practices to strengthen the cyber resilience function. What You'll Bring: Proven experience in threat intelligence, risk management, incidentresponse, compliance (e.g., GDPR, ISO 27001), and security architecture. Hands-on experience with: SIEM Rapid7, InsightIDR XDR (SentinelOne preferred) Firewalls (Fortinet preferred) PAM (Delinea preferred) SSE/ZTNA More ❯
London, South East, England, United Kingdom Hybrid / WFH Options
Atrium Workforce Solutions Ltd
Cyber Security SOC Analyst – London/Remote Atrium EMEA is looking for an accomplished Cyber Security SOC Analyst to support the Security IncidentResponse Team. The team is growing, we require a strong individual contributor that will investigate, analyse, and contain security incidents. This is a fully remote role, with the occasional London office visit. You can be … based anywhere in the UK • Strong ability to collaborate, delegate tasks and drive deadline compliance in a highly regulated, time sensitive environment. Triage, escalation, and assisting the response of cybersecurity, policy and privacy related events and incidents. Manage containment and remediation efforts of affected assets, IOCs, and TTPs • Integrate and collaborate with other subject matter experts throughout the organization … e.g. Security+, CCNA Cyber Ops, BTL1 and/or BTL2, GCIH, CEH, CySA+, OSCP, CISSP, CCSP etc.) • IT Security or Cyber Security experience in any of the following areas: IncidentResponse & Digital Forensics. Cybersecurity Detection Engineering and Threat Hunting or Vulnerability Management • Experience analysing attack vectors, current threats, and security remediation strategies • Experience with SIEM technologies, EDR technologies More ❯
for executive decision-making. Collaborate with intelligence teams to develop threat modelling deliverables. Experience & Skills Required 8+ years of experience in information security, preferably in Investigations, Analysis, Security Operations, IncidentResponse, or Threat Intelligence. 3+ years' experience specifically in Insider Threat or equivalent roles. Proficiency with insider threat detection tools (UEBA, DLP, SIEM) and knowledge of advanced threat … intelligence techniques. Understanding of threat actor tactics, techniques, and procedures (TTPs) and the MITRE ATT&CK Framework. Familiarity with security frameworks, incidentresponse, and risk management practices. Knowledge of legal and regulatory considerations, including privacy and data protection laws. Excellent interpersonal, relationship management, and communication skills. Qualifications & Certifications Bachelor's degree in Cybersecurity, Information Systems, Computer Science, Business More ❯
a technical roadmap that you will shape. What you'll be doing Application Security (AppSec) : Driving secure development practices, code analysis, and threat modelling. Security Operations (SOC) : Overseeing monitoring, incidentresponse, vulnerability management, and operational resilience. Governance, Risk & Compliance (GRC) : Leading our efforts to achieve and maintain compliance with PCI, GDPR, SOC2, and ISO27001. Vendor Security : Spearheading due … and scaled a robust Application Security program, including secure development, code analysis, and threat modelling. Running Security Operations : You have deep experience overseeing a Security Operations function, managing monitoring, incidentresponse, and vulnerability management. Driving GRC : You're an expert in managing compliance frameworks such as PCI, GDPR, SOC2, and ISO 27001, and you're skilled at preparing More ❯