176 to 200 of 363 Incident Response Jobs in England

high-pressure environment with geographically dispersed teams across different time-zones. The Role To detect and investigate all cyber security related incidents across WTW and escalate cases to relevant Incident Response teams Manage a geographically dispersed team supporting SOC based detection services on a 24/7/365 basis around the globe. Ensure shift coverage is adequate … playbooks and operating procedures within the SOC are adequate and effectively identify, triage and investigate cyber threats and attacks in a timely manner Integrate the detection services with the response teams and threat teams to ensure an efficient incident life cycle is maintained Implement KPI and SLA's and monitor adherence to targets Maintain a membership list and … call out details of the Cyber Security Incident Group ensuing incidents are raised to the correct resolver groups when appropriate Implement regular Table Top Exercises to test SOC processes and procedures Conduct Quality Assurance reviews of SOC services and incidents ensuring lessons learned and improvements are implemented The Requirements Experience in SOC Management for Enterprise Organisations (Essential) Strong experience More ❯

people and processes forward * Must have the ability to obtain Security Clearance (SC). Duties include: Lead a shift-based SOC team delivering 24/7 security operations and incident response. Act as a senior technical escalation point for complex or high-impact incidents. Be front of house to customers for SOC technical matters and supporting within customer DDQs. … Configure, tune, and support core SOC technologies across detection, response, and monitoring. Oversee alert triage, playbook execution, and incident coordination. Drive continuous improvement in alert quality, detection logic, and automation. Collaborate with cyber engineering teams to onboard and integrate new log sources. Take ownership of team documentation, shift handover processes, and playbook quality. Required experience: Proven experience in … a leadership or senior role within a Security Operations Centre. Strong technical skills in areas such as alerting, incident response, and log analysis. Comfortable working hands-on with detection and monitoring technologies such as Microsoft Sentinel. Strong understanding of log pipelines, event correlation, and alert tuning. Familiarity with TCP/IP networking, proxies, DNS, endpoint telemetry, and OS More ❯

people and processes forward * Must have the ability to obtain Security Clearance (SC). Duties include: Lead a shift-based SOC team delivering 24/7 security operations and incident response. Act as a senior technical escalation point for complex or high-impact incidents. Be front of house to customers for SOC technical matters and supporting within customer DDQs. … Configure, tune, and support core SOC technologies across detection, response, and monitoring. Oversee alert triage, playbook execution, and incident coordination. Drive continuous improvement in alert quality, detection logic, and automation. Collaborate with cyber engineering teams to onboard and integrate new log sources. Take ownership of team documentation, shift handover processes, and playbook quality. Required experience: Proven experience in … a leadership or senior role within a Security Operations Centre. Strong technical skills in areas such as alerting, incident response, and log analysis. Comfortable working hands-on with detection and monitoring technologies such as Microsoft Sentinel. Strong understanding of log pipelines, event correlation, and alert tuning. Familiarity with TCP/IP networking, proxies, DNS, endpoint telemetry, and OS More ❯

real-time support, training needs identification, and briefings on emerging threats and tooling updates. Act as key escalation point within the shift, liaising with the SOC Manager, CTI, and Incident Response leads to align on priorities and response strategies. Drive continuous improvement by flagging workflow issues, recommending SOP/playbook updates, and tracking performance metrics. Requirements Established More ❯

incidents, vulnerability management programmes, and client relationships across enterprise environments. What you'll be doing: Acting as the key liaison between the client and operational delivery teams Leading on incident escalation and coordination with SOC and IR teams Managing post-incident investigations and reporting Supporting and driving improvements to vulnerability management workflows Overseeing IDS/IPS updates, firewall … on best practice and optimisation What we're looking for: 10+ years of experience in a SOC or technical security operations environment Proven track record in vulnerability management and incident response Strong understanding of IDS, IPS, and endpoint protection technologies Excellent stakeholder management and communication skills Ability to lead and coordinate teams through critical incidents UK SC clearance More ❯

. Solid understanding of security frameworks and standards: NIST, CIS Controls, ISO 27001 , and compliance mandates relevant to banking. Familiarity with secure coding practices and DevSecOps pipelines. Experience with incident response, security monitoring, and digital forensics. More ❯

for role fulfilment Experience working with SIEM technologies and security tooling An understanding of IT Infrastructure and Networking An understanding of vulnerability and threat management An understanding of the incident response lifecycle T he ability to work in a close team and independently The ability to be adaptable to a high pace changeable workload An interest in security … for the day to day monitoring using various SIEM Tools (Qradar, Sentinel & LogRhythm). Some of the responsibilities that come along with this role include the following: Security Analytics Incident investigation, triage and escalation Threat monitoring and response Trend reporting Rule tuning and continual service improvement The role involves working alongside other team members including SOC engineers and More ❯

with day-to-day operations Managing Microsoft 365 security tools, firewalls, networks, Wi-Fi, and email security platforms Acting as the main contact for our outsourced SOC and overseeing incident response Running pen tests, vulnerability scans, and regular security assessments Owning governance, risk, and compliance activities (ISO 27001, Cyber Essentials) Delivering supplier risk assessments and secure onboarding processes More ❯

Splunk, or QRadar. DR deployment, configuration & management - experience with tools like Tanium, Trellix, FireEye, Defender, Elastic EDR Threat Detection & Analysis - Monitor security logs, detect anomalies, and investigate potential threats. Incident Response - Assist analysts to analyze and mitigate security incidents & have a good understanding of SOC function OOTB & Custom log ingestion Creation - Deploy OOTB integrations as well as develop More ❯

strong focus on application security, web application firewalls, and secure DevOps pipelines. Provide security leadership and mentoring , supporting colleagues and enhancing security awareness across the business. Actively contribute to incident response, security training, supplier reviews, and client security assurance Stay ahead of evolving threats, and help shape our strategy using frameworks such as OWASP, SASE, and Zero Trust. More ❯

as NIST, ISO 27001, and CIS Controls . Contribute to audit preparation and provide evidence for external and internal reviews. Apply your background in penetration testing, vulnerability management, or incident response to enrich risk findings. Partner closely with CISOs and senior leaders to influence security posture and decision-making. Your Background Strong experience as a Risk Analyst, Application More ❯

years of experience in Threat Intelligence, Vulnerability Management, or cyber research. Strong understanding of adversary TTPs and the threat landscape, especially in CNI/Gov environments. Experience in technical incident response and cloud-based security operations. Proficiency in open-source intelligence (OSINT) and deep technical analysis. Knowledge of Windows/Linux internals, networking, and cloud platforms (e.g. Azure More ❯

activities to proactively discover potential compromises, work with external teams on penetration tests and red team engagements and manage SIEM and XDR tooling, establish processes and workflows to support incident response SOC. Location/WFH: You'll join colleagues in the Central London office for two days a week with flexibility to work from home the other three More ❯

activities to proactively discover potential compromises, work with external teams on penetration tests and red team engagements and manage SIEM and XDR tooling, establish processes and workflows to support incident response SOC. Location/WFH: You'll join colleagues in the Central London office for two days a week with flexibility to work from home the other three More ❯

develop a career in Cyber Security in an exciting, fast-moving industry. Key Deliverables: SIEM Management and Optimisation Lead the management, administration and support of our SIEM platform and incident response environment, including general infrastructure and system administration. On-board, maintain and manage security log sources for our SIEM platform, including agent and policy deployment and creating ingest More ❯

data extraction. Excellent written and verbal communication skills Strong customer advocacy skills and experience, ability to work in difficult customer situations Knowledge of Cloud infrastructure a plus Experience in incident response a plus Experience with scripting a plus Experience with MS Server solutions (SCCM, GPO, AD, MSSQL, IIS, Exchange) is a plus. Additional Information The Team Our technical More ❯

impacts of IT operational and control activity impacting the risk register as well as related stakeholders including Compliance, Internal Audit and SOX (carriers) Taking the lead on IT Risk Incident responses Developing a working understanding of new IT-related risks or controls Keep the risk register (Decision Focus) current for IT-related risks, controls and accountability The IT Risk More ❯

written and verbal communication skills Strong customer advocacy skills and proven experience navigating challenging customer situations effectively Highly Valued Skills (Bonus Points For): Knowledge of Cloud infrastructure. Experience in incident response. Proficiency with scripting. Experience with MS Server solutions (SCCM, GPO, AD, MSSQL, IIS, Exchange). Additional Information The Team Our technical support team is critical to our success More ❯

written and verbal communication skills Strong customer advocacy skills and proven experience navigating challenging customer situations effectively Highly Valued Skills (Bonus Points For): Knowledge of Cloud infrastructure. Experience in incident response. Proficiency with scripting. Experience with MS Server solutions (SCCM, GPO, AD, MSSQL, IIS, Exchange). Additional Information The Team Our technical support team is critical to our success More ❯

written and verbal communication skills Strong customer advocacy skills and proven experience navigating challenging customer situations effectively Highly Valued Skills (Bonus Points For): Knowledge of Cloud infrastructure. Experience in incident response. Proficiency with scripting. Experience with MS Server solutions (SCCM, GPO, AD, MSSQL, IIS, Exchange). Additional Information The Team Our technical support team is critical to our success More ❯

for an experienced SOC Shift Lead to join our expanding Cyber Security Operations Centre (SOC) team. This is a leadership role with responsibility for SOC operations, threat detection, and incident response within a high-profile Defence and National Security environment. You will oversee shift operations, lead a team of SOC analysts, and play a key role in safeguarding … critical infrastructure.As the SOC Shift Leader you will: Lead and manage SOC operations across shift patterns, ensuring effective threat detection and incident response. Monitor network traffic, logs, and system events to identify, investigate, and respond to cyber threats. Mentor, coach, and develop SOC analysts, supporting their growth within the Cyber Defence team. Enhance detection rules, optimise SOC tools (including More ❯

our forward thinking team as a Network Security Engineer, where you will play a key role in safeguarding our organisations' network infrastructure as part of the 24x7 Internal Security Response (ISR) team. When not involved in incident response and triage activity with the SOC team, you will be responsible for designing, implementing and maintaining robust security solutions More ❯

compliance teams to embed security best practices. Define and enforce security policies, standards, and governance frameworks. Evaluate and integrate security tools (e.g., Microsoft Defender, Sentinel, Entra ID). Support incident response and vulnerability management processes. Essential Skills Minimum 5 years’ experience as a Security Architect, with a strong focus on Azure environments. Deep understanding of cloud security frameworks More ❯

/summary SIEM Deployment & Management - Set up, configure, and maintain SIEM tools like ArcSight, Splunk, or QRadar. Threat Detection & Analysis - Monitor security logs, detect anomalies, and investigate potential threats. Incident Response - Work with security teams to analyze and mitigate security incidents. Custom Rule Creation - Develop and fine-tune detection rules and alerts to identify malicious activities. Security Reporting More ❯

issues Essential Skills & Experience: Strong background in Security Engineering or SecOps (non-cloud) Windows infrastructure experience Proficient in Microsoft Defender - implementation, tuning, and usage Experience with SIEM tools and incident response Security certifications such as CISSP, Security+, or Ethical Hacking Confident communicator with sharp analytical thinking This is a permanent role and will be based in the office More ❯