1 to 25 of 36 Incident Response Jobs in Scotland

Cybersecurity Incident Response Lead Location: Hybrid - must live in comutable distance to Glasgow city centre (maybe a requirement to be on-site in an office at short notice). Excellent Cybersecurity Incident Response Lead opportunity to join a leading UK bank who continue to expand their … Cyber Security capabilities. You will be a sharp, decisive, and highly experienced Cybersecurity Incident Response Specialist looking to join a high-performing Detect & Respond Operations Team. You will thrive working under pressure, excel at solving complex problems, and have a knack for identifying and neutralising threats before they … resilience. Provide clear, concise briefings and reports to senior leadership, offering insight into incidents, risks, and ongoing threat landscapes. 💡 Your background: Proven experience leading incident response operations and cybersecurity investigations. Deep understanding of cyber attack vectors, threat actors, and red team/blue team methodologies. Strong analytical skills More ❯

An exciting opportunity has arisen for a Cyber Security Incident Response Manager to join a leading Financial Services organisation based in Glasgow. This role plays a key part in safeguarding the organisation from cyber threats by identifying, responding to, and mitigating cybersecurity incidents. As part of the Cyber … Detect and Respond Operations Team , you will be instrumental in enhancing security operations, strengthening defences, and ensuring operational resilience. Key Responsibilities Lead real-time response to cyber threats, managing cybersecurity incidents and investigations through to resolution. Analyse security breaches, identify attack vectors, and ensure appropriate remediation actions are taken. … to improve cybersecurity measures and prevent future threats. Provide clear communication to senior management on cybersecurity risks and incidents. Drive continuous improvement through post-incident reviews and scenario testing. What They're Looking For Extensive experience in cybersecurity incident response and operational leadership within a Security Operations More ❯

SRE maturity through the research and development of internal tooling, operational enhancements, and deployment pipelines. Ivanti SRE takes a holistic view of operational procedures, incident response procedures, application and infrastructure monitoring, and process automation. Ivanti SRE is a blend of infrastructure, networking, automation, development, and application administration. This … a hands-on technical position. The ideal candidate will have a software engineering background and strong experience with continuous deployment, SaaS delivery, and production incident response. This role requires that applicants reside in Scotland and be authorized to work in the United Kingdom. About The Team Ivanti Engineering is … Working with geographically dispersed, cross-departmental teams to solve difficult problems Participate in on-call rotations for 24x7 coverage (follow-the-sun model) for incident response, issue triage, and problem resolution To Be Successful in The Role, You Will Have A BSc in Computer Science, a related field More ❯

cyber threats. Key Responsibilities: Monitor and assess OT cybersecurity systems, ensuring effective threat detection and response. Conduct threat analysis and vulnerability assessments to support incident response activities. Develop and implement incident response plans tailored to OT environments. Support vulnerability management initiatives and penetration testing exercises. Contribute … understanding of OT/ICS cybersecurity or relevant control systems (SCADA/PLC) – training provided where required. Experience with network security, threat detection, and incident response. Knowledge of security frameworks and regulations including NIST, IEC, NIS Directive, and Cyber Kill Chain. Analytical mindset with the ability to manage complex More ❯

improving, this role offers the ideal opportunity to make a lasting impact. As an IT Service Manager, you’ll play a central role in incident response , service monitoring, and process optimisation, while maintaining a strong focus on governance, audit compliance, and communication. This is a hands-on role … insight, and operational rigour all come into play. What you’ll be doing: Managing system reliability, scalability, and performance through monitoring and automation Leading incident response and resolution efforts, including stakeholder updates and post-incident reviews Driving continuous improvement initiatives based on data, feedback, and audit insights … Overseeing infrastructure-related projects and vendor contracts to meet business needs What we're looking for: 3+ years in Service Delivery, Site Reliability, or Incident Management roles Strong understanding of infrastructure (e.g. VMs, containers, patching, certificates) Confident user of Jira and Confluence for incident, change, and knowledge management More ❯

and you'll collaborate across engineering and security teams to make real impact. You'll also get involved in shaping wider security policy, supporting incident response, and driving forward best practice across the board. They're looking for someone who's been around the block a bit; a … with senior stakeholders and execs on making security decisions that matter. Ideally, you'll have: Strong experience across multiple InfoSec domains (vuln management, risk, incident response, etc.) A good understanding of modern security tooling; ideally hands on with Splunk, Qualys, CrowdStrike Knowledge of frameworks like NIST, ISO More ❯

Lead independent, risk-based assurance and oversight of cyber and data security risk. Provide insight and challenge across key domains like IAM, endpoint security, incident response and more. Oversee frameworks for identifying, assessing, and reporting cyber and information risks. What you’ll bring: A solid grounding in cybersecurity … or governance function. Relevant industry certifications such as CISSP, CISM, CRISC, CDPSE, CompTIA Security+ or similar. Strong technical awareness across areas like application security , incident response , and data privacy . More ❯

Lead independent, risk-based assurance and oversight of cyber and data security risk. Provide insight and challenge across key domains like IAM, endpoint security, incident response and more. Support enterprise-wide risk communication and reporting to drive good decisions and strong risk culture. Oversee frameworks for identifying, assessing … or governance function. Relevant industry certifications such as CISSP, CISM, CRISC, CDPSE, CompTIA Security+ or similar. Strong technical awareness across areas like application security , incident response , and data privacy . Excellent stakeholder engagement skills—you’ll work closely with leaders across the business. More ❯

methodologies within various GTIS teams. This is a hands-on engineering role where you will design, build, and optimise automation frameworks, observability tools, and incident response mechanisms. This role also involves collaborating across GTIS and CTO, engaging with storage, data, and other product teams. You will act as … Programming and Scripting - This includes expertise in languages such as Python, Powershell, or Go, which are essential for automating routine tasks and system deployments. Incident Management and Troubleshooting - The ability to manage incidents effectively, troubleshoot issues swiftly, and perform root cause analysis to prevent future incidents. Systems Engineering and … be based in Knutsford (Radbroke Hall) or Glasgow Campus . Purpose of the role To apply software engineering techniques, automation, and best practices in incident response, to ensure the reliability, availability, and scalability of the systems, platforms, and technology through them. Accountabilities Availability, performance, and scalability of systems More ❯

Join us as a Security Engineer to help detect threats, improve incident response, and meet compliance requirements by designing, implementing, and maintaining the security of computer systems and networks, identifying vulnerabilities, responding to incidents, and collaborating with other teams to ensure a secure environment. To be successful as … writing KQL and SPL; log sources, ingestion patterns, and correlation rules). DevOps knowledge (Git/BitBucket/GitLab). Security Fundamentals (threat detection, incident response, threat intel; knowledge of the MITRE ATT&CK framework and security operations). Some other highly valued skills may include: Scripting - Python … securely generated, stored, and used. Execution of audits to monitor, identify, and assess vulnerabilities in the bank's infrastructure/software and support the response to potential security breaches. Identification of advancements to support the innovation and adoption of new cryptographic technologies and techniques. Collaboration across the bank, including More ❯

ll also drive cyber awareness and training initiatives for commercial teams, support regulatory compliance (e.g., ISO 27001, NIST SP 800-53, GDPR), and handle incident response, triage, and escalations per internal policies. You'll contribute to investigations, the annual NIST CSF 2.0 maturity assessment, and resolution of Information More ❯

Analysts and providing more in-depth analysis of potential threats to the organization. This role is crucial in the escalated investigation, triage, and response to cyber incidents while supporting the development and training of Tier 1 Analysts. As a Tier 2 Analyst you will work to ensure a seamless … SOC operation & act as a bridge between foundational & advanced threat detection & response functions. Responsibilities: Conducting escalated triage & analysis on security events identified by Tier 1 Analysts, determining threat severity & advising on initial response actions. Applying expertise in SIEM solutions utilizing Kusto Query Language (KQL), to perform log analysis … event correlation, & thorough documentation of security incidents. Identifying & escalating critical threats to Tier 3 Analysts with detailed analysis for further action, ensuring rapid response & adherence to service Tier objectives (SLOs). Investigating potential security incidents by conducting deeper analysis on correlated events & identifying patterns or anomalies that may indicate More ❯

and implementing security measures that protect sensitive information in complex environments. Your technical expertise spans areas such as encryption, access controls, vulnerability assessments and incident response. You have excellent problem-solving skills and a proactive mindset, enabling you to anticipate potential threats and address them effectively. Communication comes naturally More ❯

drive all of the key operational activities of the Security Team, including continually improving our security controls, liaising with our external Managed Detection and Response (MDR) partner, investigating and resolving reported issues, handling requests and queries, maintaining and making changes to security solutions, establishing processes and creating documentation. You … This may occasionally require working outside normal business hours e.g. in evenings or at weekends. Act as a point of contact for security investigations, incident response activities and vulnerability assessments initiated by our external Managed Detection and Response (MDR) partner. This may occasionally require working extended hours More ❯

Join us as a Web Proxy Security Analyst We’ll look to you to provide an end-to-end security response, including triage, response, escalation, coordination and remediation of events and incidents You’ll undertake a proactive role to anticipate and identify security events, incidents and contributing to … modification, perusal, inspection, recording or destruction. You’ll be collaborating with internal and external colleagues, specialists and stakeholders to make sure activities relating to incident response, user access, alert monitoring, root cause analysis and scenario planning are completed in line with standard operating procedures and to a high … Monitoring and maintaining queues in ServiceNow Automating processes and tasks to improve existing systems and activities Reviewing, remediating, giving advice and solutions during an incident and problem tickets lifecycle Identifying security incidents while helping to handle them in a timely manner, in accordance with security best practice and raising More ❯

+Linux +Networking The role: Conduct escalated triage and analysis on security events identified by Tier 1 Analysts, determining threat severity and advising on initial response actions. Apply expertise in SIEM solutions utilizing Kusto Query Language (KQL), to perform log analysis, event correlation, and thorough documentation of security incidents. Identify … and escalate critical threats to Tier 3 Analysts with detailed analysis for further action, ensuring rapid response and adherence to service Tier objectives (SLOs). Investigate potential security incidents by conducting deeper analysis on correlated events and identifying patterns or anomalies that may indicate suspicious or malicious activity. Use … Monitor the threat landscape and document findings on evolving threat vectors, sharing relevant insights with CTAC teams to enhance overall situational awareness. Follow established incident response playbooks, providing feedback for enhancements and suggesting updates to streamline CTAC processes and improve threat response times. Coordinate with Tier More ❯

Requirements: Ensure compliance with CR GR SSI 001, CR GR SSI 023, GS EP INS 135, and L2-OPS-17-001 across all assets. Incident Management: Review, investigate, mitigate, and resolve cybersecurity incidents, anomalies, and threats promptly. Cyber Security Road Map: Assist in delivering key activities and act as … Vulnerability Management: Manage the industrial cybersecurity vulnerability process and ensure timely patching. Training: Develop and maintain industrial cybersecurity training materials and competence procedures. Emergency Response: Create and maintain cyber emergency and incident response plans. Project Involvement: Ensure cybersecurity requirements are captured in new projects and modifications. Culture … to monitor cybersecurity progress and communicate findings to stakeholders. Vendor Coordination: Coordinate with third parties and vendors during cybersecurity incidents and carry out post-incident investigations. REQUIREMENTS: Education: Relevant degree in Instrumentation and Controls, Computer Science, or Cyber Security. Experience: Prior relevant industry experience. Knowledge: Understanding of offshore operations More ❯

Requirements: Ensure compliance with CR GR SSI 001, CR GR SSI 023, GS EP INS 135, and L2-OPS-17-001 across all assets. Incident Management: Review, investigate, mitigate, and resolve cybersecurity incidents, anomalies, and threats promptly. Cyber Security Road Map: Assist in delivering key activities and act as … Vulnerability Management: Manage the industrial cybersecurity vulnerability process and ensure timely patching. Training: Develop and maintain industrial cybersecurity training materials and competence procedures. Emergency Response: Create and maintain cyber emergency and incident response plans. Project Involvement: Ensure cybersecurity requirements are captured in new projects and modifications. Culture … to monitor cybersecurity progress and communicate findings to stakeholders. Vendor Coordination: Coordinate with third parties and vendors during cybersecurity incidents and carry out post-incident investigations. REQUIREMENTS: Education: Relevant degree in Instrumentation and Controls, Computer Science, or Cyber Security. Experience: Prior relevant industry experience. Knowledge: Understanding of offshore operations More ❯

Tier 1 Analysts and providing more in-depth analysis of potential threats to the organisation. The role is crucial in the investigation, triage, and response to cyber incidents while supporting the development and training of Tier 1 Analysts. The Tier 2 Analyst will work closely with senior and junior … analysts to ensure a seamless SOC operation and act as a bridge between foundational and advanced threat detection and response functions. This is a full-time on-site role, covering a 24x7 shift pattern, which will come with a shift allowance. Candidates will be required to have active SC … threats to Tier 3 Analysts with detailed analysis for further action Monitor the threat landscape and document findings on evolving threat vectors Follow established incident response playbooks, providing feedback for enhancements and streamlining CTAC processes Co-ordinate with Tier 3 Analysts and management to refine detection and response More ❯

You will play a crucial role in ensuring the resilience of our high profile public sectors clients business operations in the event of an incident or disaster. In this role you will be responsible for planning, coordinating, and executing disaster recovery testing to validate the effectiveness of IT recovery … Maintain detailed documentation and reporting for clientl audits, risk committees, and compliance reviews. • Provide training and awareness to client teams on DR testing and incident response procedures. • Work with emergency planning teams, elected officials, and public sector partners to integrate IT recovery within wider resilience and emergency response More ❯

You will play a crucial role in ensuring the resilience of our high-profile public sector clients' business operations in the event of an incident or disaster. In this role, you will be responsible for planning, coordinating, and executing disaster recovery testing to validate the effectiveness of IT recovery … Maintain detailed documentation and reporting for client audits, risk committees, and compliance reviews. Provide training and awareness to client teams on DR testing and incident response procedures. Work with emergency planning teams, elected officials, and public sector partners to integrate IT recovery within wider resilience and emergency response More ❯

maintain standard operating procedures and protocols. Collaborate closely with the Cyber Defence team to uphold enterprise defence practices, guidelines, and procedures. Provide support for incident response efforts as needed. Assist with operational and management reporting produced by the team. Skills/Qualifications A highly self-motivated individual with More ❯

enterprise security program and developing a security model in the AWS cloud - identity and access management, logging and monitoring, infrastructure security, data protection, and incident response. Delivery - As a consultant you will often go on-site to customers to deliver projects proving the use of AWS services and security More ❯

security protocols and procedures to protect our systems and data. Own practices and processes within the Security Operations Centre (SOC), ensuring effective monitoring and incident response. Manage workload for a team of security analysts, fostering collaboration and high performance. Engage with senior leadership to influence security strategies and policies. More ❯

requirement for this role. Job Functions: Drive technical and architectural improvements of the ArcSight SIEM managed service and related tools. Manage operations involving support, incident response, and change control. Handle version management to ensure appropriate ArcSight version levels within vendor support. Develop and update use case content. Onboard More ❯