1 to 25 of 243 Incident Response Jobs in London

and Disaster Recovery : Contribute to the development and testing of business continuity and disaster recovery plans from an information security perspective, including considerations for application security. Security Monitoring and Incident Response : Establish and maintain processes for continuous security monitoring and detection of security events, including application-specific security events. Lead the investigation and resolution of security incidents, including More ❯

security solutions (firewalls, SIEM, IDS/IPS, endpoint protection, cloud security). Shape strategic security recommendations and collaborate on technical win plans. Maintain and update security policies, procedures, and incident response plans. Deliver security awareness training and advise clients on best practices. Support audits and compliance initiatives (ISO 27001, NIST, GDPR, etc.). Work cross-functionally with internal … with SIEM, EDR, VPNs, firewalls, and cloud platforms (AWS, Azure, GCP). Expertise in Microsoft Sentinel, Cisco Splunk or Palo Alto QRadar, and KQL. Proven skills in threat detection, incident response, and forensic analysis. Knowledge of SOAR tools (especially Palo Alto XSOAR or similar). Familiarity with compliance standards: ISO 27001, NIST, CIS, GDPR, HIPAA. Bonus: scripting/ More ❯

looking for a visible champion of information security with a proactive mindset, able to influence positive change at a senior level. Strong technical acumen and an ability to lead incident response and effectively manage risk is essential. Key Responsibilities Security Strategy & Governance Act as the company's lead advisor on cyber and information security, ensuring risks are identified … Operational Security & Risk Management Lead the design, implementation, and monitoring of controls across endpoint security, identity and access management, and cloud infrastructure (e.g., AWS). Own and improve the incident response framework, including active participation in investigations, post-incident reviews, and business continuity planning. Run regular tabletop exercises and scenario testing to ensure operational preparedness for cyber … AWS, Azure), endpoint protection, IAM, vulnerability management, and SIEM/logging tools. Strong understanding of cyber threats, insider risk, security engineering principles and network security. Demonstrated experience managing the response to cyber incidents. Familiar with automating tasks with Python or similar programming languages, as well as using SQL to query data at scale. Knowledge of security frameworks such as More ❯

engaged in risk management, including evaluating vendor risk, examining vendor contracts, understanding third-party risk, and data privacy issues. This individual serves as an expert on cybersecurity protection, detection, response, and recovery, coordinating penetration testing and managing cybersecurity analysts to detect, mitigate, and analyze threats. Works closely with other teams to develop controls such as firewalls, data leakage prevention … activities to meet regulatory requirements. Evaluate and implement cybersecurity solutions to maintain confidentiality, integrity, and availability. Participate in proofs-of-concept for new security technologies. Develop and test security incident response plans, acting as incident response leader. Develop security, risk, and compliance reports and alerts. Review policies and procedures annually for security compliance. Develop, test, and More ❯

and clarity. Drive Transformation: Lead security by design across cloud, data, AI, IoT, and operational technology landscapes-embedding security in every initiative. Stay Ahead of Threats: Oversee threat detection, incident response, and resilience programs with precision and global coordination. Shape Culture: Champion a cyber-aware culture across 100,000+ employees, embedding secure behaviours in the DNA of our … and prioritize information security risks to the organization, and develop strategies to mitigate these risks effectively. Security Assurance: Oversee the day-to-day assurance of information security activity, including incident response, threat detection, vulnerability management, and security monitoring. Day-to-day Security Operations are managed by Technology Operations so this role acts as a second line of defence. … training, education, and communication programs. Vendor Assurance: Review critical third-party vendors and service providers to ensure the security of outsourced systems and services and the data they contain. Incident Reviews: Lead the review of security incidents and breaches, coordinating with internal teams and external stakeholders to ensure any learnings are effectively applied. Budget Management: Develop and manage the More ❯

for completing the implementation of a number of strategic based security solutions for new security tooling or existing. The engineer will also participate in security related service management processes (incident, change and problem management) and will participate in the planning, design, enforcement and review of security controls which protect the integrity of the firm. Essential Duties and Responsibilities for … DLP. Standard, third party and privilege Identity Access Management Operate, manage and improve HSM key management infrastructure. Remediation of external, internal vulnerabilities, web application scanning and patch compliance. Cyber Incident Management and or Security Forensic experience. Documenting High Low and Detailed Level designs for review and presentation. Representing IT security at the Change Authority Board, Architecture Review Board Attend … years Cyber Security Engineer experience. Hands-on technical support experience in IT and Network Security Engineering and/or Systems Engineering roles. Substantial experience in Security Technology Management and Incident Response, including proficiency in SOC, Malware, Ransomware, Threat Analytics, Server and Endpoint security. Must be proficient in writing up documentation. Clear and concise presenting skills. Strong communication and More ❯

Manage identity and access management (IAM) in a cloud-first environment, including Azure AD, MFA, Conditional Access, SSO, and Privileged Access Management (PAM). • Lead threat monitoring, detection, and response using cloud-native security solutions such as Microsoft Defender, Sentinel, and SIEM platforms. • Ensure compliance with cloud security frameworks and regulatory requirements (ISO 27001, NIST, GDPR, SOC2, FCA). … SOC2), and risk management best practices. • Identity & Access Management (IAM): Expertise in Azure AD, MFA, Conditional Access, Single Sign-On (SSO), and Privileged Access Management (PAM). • Threat Management & Incident Response: Ability to detect, respond to, and mitigate cyber threats using SIEM, endpoint security, and vulnerability management tools. • Networking & Infrastructure Security: Understanding of firewalls, VPNs, SD-WAN, DNS More ❯

tests, identifying risks and driving remediation efforts. Monitor infrastructure for security incidents or unauthorised activity, responding swiftly to mitigate potential threats. Investigate security breaches and incidents, and develop robust incident response plans to ensure timely and effective resolution. Collaborate with cross-functional teams to design, implement, and manage security controls and configurations across a range of platforms and … . Relevant security certifications, such as Security+, IAT II/III level, or equivalent. Strong capability in risk assessment, vulnerability management, and data informed decision-making. Solid understanding of incident response procedures, including containment, eradication, and recovery from cybersecurity events. Advanced proficiency in AWS, with experience in multi-region and hybrid cloud architectures Strong grasp of networking protocols More ❯

providing detailed analysis and actionable recommendations. Advises clients on risk mitigation strategies and security best practices, and support the implementation of those strategies, contributing to measurable improvements. Support security incident response and investigations, contributing to thorough post-incident reviews and identifying areas for improvement. Stakeholder Engagement and Technical Leadership: Provide expert guidance to clients on secure architecture More ❯

Manage identity and access management (IAM) in a cloud-first environment, including Azure AD, MFA, Conditional Access, SSO, and Privileged Access Management (PAM). Lead threat monitoring, detection, and response using cloud-native security solutions such as Microsoft Defender, Sentinel, and SIEM platforms. Ensure compliance with cloud security frameworks and regulatory requirements (ISO 27001, NIST, GDPR, SOC2, FCA). … SOC2), and risk management best practices. Identity & Access Management (IAM): Expertise in Azure AD, MFA, Conditional Access, Single Sign-On (SSO), and Privileged Access Management (PAM). Threat Management & Incident Response: Ability to detect, respond to, and mitigate cyber threats using SIEM, endpoint security, and vulnerability management tools. Networking & Infrastructure Security: Understanding of firewalls, VPNs, SD-WAN, DNS More ❯

threat modelling exercises for internal systems and third-party services. Manage the deployment and maintenance of security solutions (SIEM, firewalls, endpoint protection, DLP, etc.). Oversee the organization's incident response and business continuity plans, including simulations and real-time responses. Conduct regular security audits and work with internal/external auditors to support compliance. Collaborate with IT More ❯

setups Implement Data Loss Prevention (DLP) and sensitivity labels Work with Azure Key Vault and manage encryption and certificate strategies Collaborate with our SOC and managed Sentinel provider on incident handling Compliance & Governance Help ensure compliance with ISO 27001, SOC 2, GDPR, and NIS2 Support configuration and monitoring in Microsoft Compliance Manager Maintain security documentation and assist in audit … preparation Configure insider risk management, audit, and eDiscovery capabilities Track Secure Score and recommend improvements Incident Response & Monitoring Configure monitoring and alerts using Microsoft tools (Sentinel, Defender) Participate in incident response and post-incident reviews Contribute to the development of business continuity and disaster recovery plans Track KPIs and generate reports using Microsoft compliance and More ❯

reduce residual risk across diverse technical environments. Stay current with emerging threats, regulatory changes, and industry best practices in risk management, compensating controls, and evolving enterprise technologies. Assist with incident response planning and post-incident risk evaluation, leveraging broad technical knowledge to assess impacts and recommend improvements. Qualifications/Skills Required Bachelor's degree in Cybersecurity, Information More ❯

Manage identity and access management (IAM) in a cloud-first environment, including Azure AD, MFA, Conditional Access, SSO, and Privileged Access Management (PAM). Lead threat monitoring, detection, and response using cloud-native security solutions such as Microsoft Defender, Sentinel, and SIEM platforms. Ensure compliance with cloud security frameworks and regulatory requirements (ISO 27001, NIST, GDPR, SOC2, FCA). … SOC2), and risk management best practices. Identity & Access Management (IAM): Expertise in Azure AD, MFA, Conditional Access, Single Sign-On (SSO), and Privileged Access Management (PAM). Threat Management & Incident Response: Ability to detect, respond to, and mitigate cyber threats using SIEM, endpoint security, and vulnerability management tools. Networking & Infrastructure Security: Understanding of firewalls, VPNs, SD-WAN, DNS More ❯

systems, Manage relationships and work closely with third-party cyber security service providers. Manage and optimize security tools, including endpoint protection, Microsoft Intune, Entra, Azure, and external detection and response tools. Conduct vulnerability assessments and coordinate patch management cycles. Collaborate with infrastructure and support teams to ensure secure configurations of networks, endpoints, applications, and services. Collaborate with non-technical … end-users on implementing best practices and organize training sessions. Lead or support investigations into security breaches and provide detailed incident reports. Develop and enforce security policies, procedures, and best practices. Provide cybersecurity awareness training and guidance to end users and internal teams. Participate in audits and ensure guidelines from industry standards (ISO 27001, NIST, SOC 2) are followed … internally and best practices regularly reviewed. Proactively assess recovery capabilities, with the aim of minimizing business impact in case of incidents. Plan and rehearse incident response procedures with wider IT and support team. Advise senior management on operational risks. Mentor and lead junior members of the team. Occasional on-call support for critical incidents. Requirements Proven experience in More ❯

systems, Manage relationships and work closely with third-party cyber security service providers. Manage and optimize security tools, including endpoint protection, Microsoft Intune, Entra, Azure, and external detection and response tools. Conduct vulnerability assessments and coordinate patch management cycles. Collaborate with infrastructure and support teams to ensure secure configurations of networks, endpoints, applications, and services. Collaborate with non-technical … end-users on implementing best practices and organize training sessions. Lead or support investigations into security breaches and provide detailed incident reports. Develop and enforce security policies, procedures, and best practices. Provide cybersecurity awareness training and guidance to end users and internal teams. Participate in audits and ensure guidelines from industry standards (ISO 27001, NIST, SOC 2) are followed … internally and best practices regularly reviewed. Proactively assess recovery capabilities, with the aim of minimizing business impact in case of incidents. Plan and rehearse incident response procedures with wider IT and support team. Advise senior management on operational risks. Mentor and lead junior members of the team. Occasional on-call support for critical incidents. Requirements Proven experience in More ❯

Manage identity and access management (IAM) in a cloud-first environment, including Azure AD, MFA, Conditional Access, SSO, and Privileged Access Management (PAM). Lead threat monitoring, detection, and response using cloud-native security solutions such as Microsoft Defender, Sentinel, and SIEM platforms. Ensure compliance with cloud security frameworks and regulatory requirements (ISO 27001, NIST, GDPR, SOC2, FCA). … SOC2), and risk management best practices. Identity & Access Management (IAM): Expertise in Azure AD, MFA, Conditional Access, Single Sign-On (SSO), and Privileged Access Management (PAM). Threat Management & Incident Response: Ability to detect, respond to, and mitigate cyber threats using SIEM, endpoint security, and vulnerability management tools. Networking & Infrastructure Security: Understanding of firewalls, VPNs, SD-WAN, DNS More ❯

on the latest security threats, technologies, and best practices. Lead, manage, and evaluate the security roadmap to assure timely and effective resolution of priority issues. Maintain a robust cyber incident response plan, including coordinating necessary responses to incidents and security investigations. Requirements Extensive practical experience implementing and maintaining an ISO 27001 compliant ISMS. Demonstrable experience with PCI DSS More ❯

Leverage automation frameworks and IaC to improve scalability and reduce manual intervention. Operational Security, SRE & Assurance: Ensure security platforms are resilient, continuously monitored, and designed for 24x7 support and incident response readiness. Embed security telemetry and observability to enable proactive threat detection and automated response. Apply SRE principles to improve reliability, performance, and maintainability of security services. Lead More ❯

and lead the global cyber security strategy. This is a high-impact, senior leadership role ideal for someone who combines strategic oversight with hands-on expertise across security operations, incident response, and governance. As the business continues to modernise its technology infrastructure, this role will be central to protecting digital assets and ensuring compliance with global security and … privacy standards. What You’ll Be Doing: Define and implement the cyber security strategy, policies, and controls across a multi-regional environment. Lead global security operations, including threat detection, incident response, and risk mitigation. Manage compliance with standards such as ISO27001, NIST, Cyber Essentials+, and GDPR. Build and develop a high-performing cyber team spanning multiple international offices. … Collaborate with senior leadership, risk committees, and external vendors to ensure alignment on cyber risk and mitigation. Own the incident response function, including planning, testing, and leading responses when required. Drive security awareness across the organisation with a measurable, well-governed training programme. What We’re Looking For: Minimum 5 years’ experience in a senior cyber security role More ❯

individuals looking to gain practical, job-ready skills in protecting digital assets and systems. The bootcamp aims to enhance participants' abilities in areas such as network security, ethical hacking, incident response, and security operations, enabling them to secure new or higher-value opportunities in the cybersecurity field. You will be responsible for delivering engaging and interactive sessions, guiding … support, feedback, and mentorship Collaborate with the Teaching Assistant and wider team to support learner development Lead or support additional activities such as webinars, hands-on labs, and simulated incident response exercises Contribute to the evaluation of the programme, offering feedback for continuous improvement Areas of Knowledge We are looking for people who have working experience or comfortable … e.g., Firewalls, IDS/IPS, VPNs) Operating System Security (e.g., Windows, Linux hardening) Ethical Hacking and Penetration Testing (e.g., reconnaissance, vulnerability scanning, exploitation) Security Operations (e.g., SIEM, SOC analysis) Incident Response and Digital Forensics Cryptography and Secure Communications Cloud Security (e.g., AWS, Azure, GCP security best practices) Application Security (e.g., OWASP Top 10) Compliance and Governance (e.g., GDPR More ❯

Job Summary: The Security Operations Lead is responsible for our security monitoring and incident response capabilities within the Square Enix Cyber Security team (covering Europe and North America). The primary goals of the role are the timely detection of security incidents, effective response and the continuous improvement of our preventative and detective controls. This role will … across Square Enix. Day to day you will be performing in-depth analysis and investigation of security alerts, game/brand related security events as well as leading the response to incidents. You will be responsible for maintaining and optimising our security operations tools and processes. Additionally you will be testing the effectiveness of our preventative and detective controls … platforms and the configuration of our wider security tools are key. We are also seeking candidates with experience leveraging AI to enhance productivity and effectiveness. Key Deliverables: Threat Detection & Incident Response Leading investigation and analysis of security alerts to identify and promptly respond to security events. Leading the response to major cyber security incidents, collaborating with key More ❯

The ideal candidate will have experience working in an existing cyber security operations role and be able to demonstrate working knowledge of IT security operations including security alert/incident response and investigation practices, threat intelligence and hunting, and cyber security tooling and reporting. This role also provides the opportunity to contribute to the ongoing improvement of our … be successful I this role, you should demonstrate that you have: Previous experience working in an in-house cyber security or SOC analyst role Experience working in IT security response and/or SOC functions Proficiency with security tooling, analytics tuning and reporting (e.g. Microsoft Sentinel SIEM, endpoint XDR, cloud & network) and confidence in writing SIEM queries. Experience in … endpoint and network-based security detection, prevention and investigations An interest in threat intelligence and knowledge of threat hunting techniques Experience supporting incident response engagements: containing threats, root cause analysis and restoring operations Demonstrable experience of working with information and cyber security standards and frameworks (such as ISO 27001, CAF and MITRE ATT&CK) Experience of writing policies More ❯

role in deploying Microsoft security solutions and supporting client audits, assessments, and vulnerability remediation efforts. Responsibilities include: Delivering Microsoft security technologies including Defender XDR, Sentinel, and Endpoint Detection andamp; Response Supporting Cyber Essentials and Cyber Essentials Plus audits and assessments Acting as an escalation point for cyber incidents, security alerts, and engineering tasks Conducting vulnerability remediation and assessments (infrastructure … tools (e.g., Mimecast, Egress) Understanding of Azure Firewall and Defender for Cloud/Cloud Apps Experience conducting offensive security/web application assessments Strong understanding of threat detection and incident response Certifications (any of the following highly desirable): SC-200: Microsoft Certified - Security Operations Analyst Associate SC-300: Microsoft Certified - Identity and Access Administrator Associate AZ-500: Microsoft More ❯

key role in deploying Microsoft security solutions and supporting client audits, assessments, and vulnerability remediation efforts. Responsibilities include: Delivering Microsoft security technologies including Defender XDR, Sentinel, and Endpoint Detection & Response Supporting Cyber Essentials and Cyber Essentials Plus audits and assessments Acting as an escalation point for cyber incidents, security alerts, and engineering tasks Conducting vulnerability remediation and assessments (infrastructure … tools (e.g., Mimecast, Egress) Understanding of Azure Firewall and Defender for Cloud/Cloud Apps Experience conducting offensive security/web application assessments Strong understanding of threat detection and incident response Certifications (any of the following highly desirable): SC-200: Microsoft Certified - Security Operations Analyst Associate SC-300: Microsoft Certified - Identity and Access Administrator Associate AZ-500: Microsoft More ❯