1 to 25 of 67 Incident Response Jobs in the South East

how it's done. At Maersk, one of the world's largest and most respected logistics and shipping companies, our Cyber team is pioneering a whole new approach to incident response. This isn't your typical SOC/CERT role: our combined fire team approach team is built on cutting-edge research and designed to drive change, resilience, and … seen before. Here, you'll be part of a dynamic team that works together to defend, adapt, and innovate with freedom and purpose. You won't just work on Incident Management; you'll help improve how it's done. Dive into purple teaming, create and refine world-class detections, shape change projects, and push the boundaries of what's … in innovative projects that allow you to bring your ideas to life, help shape the future of cybersecurity while developing new capabilities that enhance our operations. About the role: Incident Response and Leadership Lead incident management activities in response to all high priority cyber-security incidents, with the ability to remain calm and focused during crisis More ❯

will focus on creating a business strategy, gap analysis and implementation, for securing their Azure-based infrastructure, integrating security automation, ensuring PCI DSS compliance, vulnerability and penetration testing and incident response. This role will focus on developing and maintaining secure, scalable Azure DevOps pipelines and Infrastructure as Code (IaC) using Terraform. Their ideal candidate will have a strong background … every stage. Cloud Security Implementation: Leverage Azure Security Centre, Microsoft Defender for Cloud, and Microsoft Sentinel for advanced security monitoring. Threat Detection & SOAR Automation: Oversee Security Orchestration, Automation, and Response (SOAR) solutions including SOC Prime. Network & Application Security: Manage Web Application Firewalls (WAF) and Intrusion Prevention Systems (IPS). Vulnerability & Penetration Testing: Review Penetration Testing, vulnerability assessments, and security … proactively identify and remediate risks. PCI DSS Compliance: Conduct security audits, risk assessments, and ensure regulatory compliance. DNS Security: Implement and monitor DNS security solutions to prevent cyber threats. Incident Response: Formulating and documenting a solid process utilising a 3rd party support partner Security Monitoring & Logging: Develop SIEM solutions, logging strategies, and real-time threat intelligence. Monitor, audit More ❯

Ensure cybersecurity practices and security by design are integrated into business unit initiatives, motivating business units to adopt efficient security controls throughout their lifecycle. Oversight of R&B’s response to Incident, integrating cyber incident response policies with business operations to improve agility and effectiveness in cyber incident management. Work with R&B leaders to … team exercises Foster relationships with internal business units to enhance cyber security communication, including knowledge of threats, vulnerabilities, and mitigation strategies. Provide strategic insights to senior management on cyber incident response readiness and effectiveness. Collaborate with security leadership to enforce cyber security policies and practices, addressing operations and incident response. Provide expertise and knowledge to the business … and technology governance forums. The Requirements Technical skills: A comprehensive understanding of information security services (security operations and offensive security testing) Experience of strategic planning and oversight of cyber incident response and crisis management Strong understanding of cybersecurity standards and frameworks (e.g. ISO27001, NIST, CIS) and their application in strategic planning and policy development Ability to collaborate business More ❯

Incident Responder/IR Consultant Hybrid - LondonUp to £65k + Bonus + Good bens. I'm currently working with an established cyber security business that's looking for an Incident Responder (IR/DFIR Consultant) to join their team. As an Incident Responder, you'll take the lead on active engagements involving real-world attacks such as … ransomware, data breaches, insider threats, and more. You'll conduct forensic investigations, advise clients on containment and recovery strategies, work on delivery and implementation, and produce detailed post-incident reports. This is a hands-on, client-facing role that requires a calm head, deep technical knowledge, and the ability to own high-impact situations from start to finish. You … will be working on back-to-back incidents (occasionally concurrent) so this role would suit someone who enjoys the high-pressure environment of incident response and enjoys being busy. Responsibilities: Co-ordinate and manage cyber security incident response for a diverse client base, ensuring effective containment, investigation, and recovery. Conduct in-depth digital forensic analysis of More ❯

as the monitoring and deployment services that enable the rest of engineering to develop, deliver and maintain our platform services. You will also be instrumental in both monitoring and incident response, playing a key role in ensuring maximum reliability and minimal downtime. You will collaborate with teams across the company, including developers, customer support, product owners and sales … to track the health, performance, and availability of infrastructure components and applications. Configure alerting mechanisms to notify teams of potential issues and proactively address them before they impact users. Incident Response and Root Cause Analysis: Participate in incident response activities to identify, troubleshoot, and resolve incidents. Communicate incident status and updates to ensure both internal More ❯

automation, cloud technology, and fast-paced problem-solving—and want your work to have a real impact—this could be the perfect role for you. Key Responsibilities Lead security incident response and threat detection efforts, prioritising the protection of customer data and experience Build automated detection and remediation workflows using SOAR, SIEM, and scripting (Python, SQL) Apply deep … facing and payment systems into the security monitoring platform Perform threat hunting and detection engineering to identify and address emerging risks Support security audits, compliance (PCI-DSS), and post-incident reviews Mentor junior team members and contribute to a culture of continuous improvement Participate in the on-call rotation to ensure fast, effective incident response during critical … events Key requirements: Proven Experience: 4+ years in Security Operations or Incident Response, ideally in ecommerce, retail, or fintech environments Technical Depth: Hands-on expertise with SIEM, SOAR, EDR, automation tools, Python, SQL, and cloud-native security tooling Cloud Security: Strong knowledge of AWS and Azure, especially services like WAF, Shield, IAM, and API Gateway Forensic Skills: Experience More ❯

is a pivotal opportunity for an experienced Senior Consultant to lead large-scale cybersecurity projects across a diverse client base. The role focuses on cyber resilience, including threat intelligence, incident response, risk management, compliance, and security architecture. You will act as a trusted advisor, delivering tailored solutions that help clients enhance their cyber posture and protect their critical … the end-to-end delivery of cyber resilience projects, ensuring solutions are scalable, secure, and aligned with client goals Design and implement advanced cyber resilience solutions and frameworks Manage incident response, guiding teams through breach containment and recovery Engage directly with clients to identify requirements, provide expertise, and drive successful outcomes Facilitate Agile ceremonies to support efficient project … members, encouraging skill development and knowledge sharing Contribute to business development by producing high-quality proposals and identifying growth opportunities Skills & Experience ? Extensive expertise in threat intelligence, risk management, incident response, compliance (e.g. GDPR, ISO 27001), and security architecture ? Proficiency with tools such as Rapid7 InsightIDR/InsightVM, SentinelOne, Fortinet, Netskope, SOAR automation (Rapid7 InsightConnect), and cloud security More ❯

Location: United Kingdom 100% Remote? Duration: 6 Months Clearance: Active SC Clearance is required Are you a hands-on Security Engineer with deep expertise in SIEM , Azure Sentinel , and incident response Join a dynamic cyber security team to support a critical national infrastructure (CNI) project involving the deployment of Windows Hello for a major UK utility company. What … You'll Be Doing: Supporting and tuning Microsoft Sentinel and other SIEM platforms (KQL scripting) Managing escalated incidents from L1 analysts and leading full incident response lifecycle (MIM) Conducting in-depth data analysis , threat hunting, and forensic investigations Maintaining and enhancing SOC documentation, SOPs, and playbooks Collaborating with cross-functional teams and contributing to security strategy Ensuring security … MITRE ATT&CK We're Looking for Someone With: Expert-level SIEM experience (Azure Sentinel highly preferred) Strong knowledge of Kusto Query Language (KQL) Demonstrated experience in cybersecurity incident response & breach handling Familiarity with threat intelligence, vulnerability management , and cloud security tools Proactive mindset with ability to work independently in high-pressure environments Active SC Clearance Ready to More ❯

a leading organisation based in Croydon, who are looking to employ an experienced Cyber Security Manager with an in-depth knowledge of Cybersecurity frameworks, tools, and technologies, ISO27001 adoption, Incident management and Change management. This role involves the development and implementation of security strategies, policies, and procedures to protect against cybersecurity threats, as well as actively monitoring and responding … per week Some of the main duties of the Cyber Security Manager will include: * Security Strategy & Implementation: Design, implement, and maintain comprehensive cybersecurity policies, procedures, and controls* Threat Detection & Response: Continuously monitor the digital environment for potential vulnerabilities and security breaches* Incident Management : Lead incident response activities, coordinating with IT teams to mitigate risks and minimise … damage. Responsible for writing incident reports, gathering input across the technical and business teams to then share the report and project management of any improvement change actions* Security Integration & System Management: Collaborate with IT and development teams to ensure security is embedded in all new and existing applications, systems, and network infrastructure* Risk Management & Compliance: Ensure compliance with industry More ❯

log parsing Threat Detection & Use Case Development: Develop and refine detection rules based on threat intelligence and attack patterns Continuously improve detection efficacy and reduce false positives Security Monitoring & Incident Response: Monitor systems for anomalies and malicious activity Contribute to threat hunting and incident response playbooks Provide expert guidance on securing applications and infrastructure Security Advisory More ❯

incidents and escalate as appropriate Collaborate with the SOC and internal teams to respond to and resolve security events Drive vulnerability remediation across infrastructure and cloud environments Participate in incident response activities, forensic investigations, and risk mitigation Participate in an on-call rota for out-of-hours cyber incident response What We're Looking For Experience More ❯

incidents and escalate as appropriate Collaborate with the SOC and internal teams to respond to and resolve security events Drive vulnerability remediation across infrastructure and cloud environments Participate in incident response activities, forensic investigations, and risk mitigation Participate in an on-call rota for out-of-hours cyber incident response What We're Looking For Experience More ❯

and experience: An experienced threat intelligence lead (or similar). Expert in cybersecurity, with a focus on threat management and defensive security in regulated environments. Proficient in threat management, incident response and remediation tools. Strategic development in cyber threat intelligence research, process automation, knowledge sharing and team training. Skilled in using threat frameworks (e.g. MITRE ATT&CK, Cyber … Kill chain). Experienced in using OSINT and security analysis tools (e.g. Shodan, Censys, Qualys, Virus Total, EDR, AV). Experience supporting incident response or vulnerability management programs. Professional certifications in Cyber and Information Security (e.g. OCSP, GREM, CEH). Strong analytical and problem-solving abilities, translating complex technical issues into actionable recommendations. An excellent communicator with the More ❯

incidents using SIEM tools (Splunk) to create detection use cases, analyse security event data for proactive threat hunting and conduct research on the latest threats and vulnerabilities to enhance incident response readiness and capabilities. Location/WFH: You'll join the team in the Frankfurt office three days a week with flexibility to work from home the other … two days. About you: You are degree educated in Cyber Security or Computer Science You have strong experience in Security Operations and Incident Response You have experience of performing analysis with SIEM technologies, Splunk preferred You have experience with proactive threat hunting using MITRE ATT&CK or similar frameworks You have a deep understanding of security appliances/ More ❯

Center, VPC Service Controls, Azure Security Center, Azure AD, and Microsoft Defender for Cloud. Conduct security assessments, vulnerability scans, and penetration testing. Monitor cloud environments for threats and lead incident response efforts. Integrate security into the CI/CD pipeline and ensure secure configurations. Develop and enforce cloud security policies aligned with regulatory and internal frameworks. Provide guidance … Qualifications 6+ years of experience in cloud or information security. Proven experience securing Google Cloud Platform (GCP) environments. Strong understanding of cloud security principles and native controls. Experience with incident response and threat modelling. Relevant certifications such as: Google Professional Cloud Security Engineer Azure Security Engineer Associate (AZ-500) Certified Cloud Security Professional (CCSP) Key Attributes Strong verbal More ❯

basis until the move has been completed Maintain Nessus vulnerability management, update systems, run scans and provide reports Cover email security using Mimecast Enterprise Real world threat modelling and incident response (mainly L3/L4 when required) Make suggestions and influence various areas of the business/group from a security perspective Automate tasks and processes to make … expertise (full lifecycle ideal) Microsoft Defender for EDR/XDR/MDR Nessus for vulnerability management Mimecast for email security SCCM/Intune for patch management L3/L4 Incident Response experience Threat Intelligence/modelling experience Automating tasks using PowerShell, Python etc What’s in it for you? In return you’ll be joining a well established More ❯

Defender for Cloud). Conduct regular security assessments, vulnerability scanning, and penetration testing of cloud infrastructure and applications. Monitor cloud environments for security threats, anomalies, and incidents, and lead incident response efforts. Collaborate with development, operations, and compliance teams to integrate security best practices into the CI/CD pipeline and ensure secure configurations. Develop and enforce security … of GCP security services and best practices. Solid understanding of cloud security principles, including shared responsibility model, cloud native security controls, and infrastructure as code security. Experience with security incident response and threat modelling. Google Professional Cloud Security Engineer Azure Security Engineer Associate (AZ-500) Certified Cloud Security Professional (CCSP) This is very much a hands-on role More ❯

what users need, when they need it. Provision of effective cyber security protective monitoring, vulnerability management in conjunction with technical teams and suppliers, and a responsive and effective cyber incident response capability. Lead on software licencing (circa £40m/y) seeking to ensure legal compliance and cost effectiveness Provide a comprehensive inventory of the IT estate to enable … Certification in ITIL mandatory. A thorough understanding of modern IT technologies and management approaches. Knowledge and experience in leading in an operational environment. Knowledge of cyber security and cyber incident response Desirable a certification in Service Operations. Skills Required Strategic thinking and strategy development, especially in the area of IT services. Exceptional leadership skills, including in operational crisis More ❯

doing: Monitor, triage, and investigate security incidents on critical client infrastructure. In-depth analysis of network traffic, logs, and system events to identify potential security threats and vulnerabilities. Provide Incident Response support. Maintain, improve and develop team knowledge of SOC tools, security operations and triage. Prepare reports for managed clients to both technical and non-technical audiences and … continuously improve their content and presentation. Maintain and update security incident documentation, including incident reports, analysis findings, and recommended mitigation strategies. What you will bring : Experience in Security Operations Centre. Demonstrable experience of Managing Microsoft Sentinel or Splunk implementations. Knowledge and experience with Mitre Att&ck Framework. Solid grasp of client-server applications, multi-tier web applications, relational More ❯

operational processes. You will work alongside the Client Services and Support Team Manager-who handles frontline support-focusing on the end-to-end service lifecycle, including service design, transition, incident management, change coordination, and operational governance. Key Responsibilities Leadership & Strategy Collaborate with the Head of Operations to develop and implement strategic plans that enhance operational efficiency, service reliability, and … innovation, and continuous improvement. Mentor and develop team members, encouraging professional growth and performance excellence. Operational Management Own and manage daily service operations (excluding frontline support), including change enablement, incident coordination, major incident response, service reviews, and reporting. Oversee resource allocation across projects and functions, ensuring optimal use of team capabilities, staffing, and budget. Monitor and analyse … Governance Drive governance and best practices across the service lifecycle-covering service design, transition, operation, and continual improvement. Act as a coordination lead for high-impact incidents, manage post-incident reviews (RCAs), and implement corrective actions. Continuously evaluate and refine operational processes (e.g., change management, environment readiness, incident/problem workflows). Cross-functional Collaboration Partner with Development More ❯

across technical and operational teams to ensure robust security controls and compliance with industry standards. Key Responsibilities: Conducting assurance reviews and risk assessments Embedding security into solution designs Supporting incident response and post-incident analysis Ensuring compliance with GDPR, ISO27001, NIST, and other frameworks Advising on threat modelling and mitigation strategies What We're Looking For: Strong More ❯

that enable consistent environment provisioning, application deployment, and system observability. Ensure that automated solutions improve speed, reliability, and operational visibility across the full software delivery lifecycle. Take ownership of incident management, leading the coordination of response activities to restore service quickly. Facilitate post-incident reviews to identify root causes, document learnings, and drive corrective actions that prevent … Ensure documentation is accessible, accurate, and kept up-to-date to support transparency and knowledge sharing. Establish meaningful operational and delivery metrics such as deployment frequency, system reliability, and incident response times. Provide regular reporting to stakeholders to inform decision-making and continuous improvement priorities. Provide technical mentorship and support to DevOps Engineers, helping them develop their technical More ❯

Responsibilities: Monitor, triage, and investigate security incidents on critical client infrastructure. Conduct in-depth analysis of network traffic, system events, and logs to detect security threats and vulnerabilities. Provide Incident Response support and maintain thorough incident documentation. Continuously improve SOC tool usage, operational practices, and knowledge-sharing across the team. Prepare and present reports for managed clients More ❯

Conditional Access, within Azure AD and Microsoft 365. Collaborate with Risk and Compliance teams to ensure infrastructure aligns with enterprise security frameworks (e.g. ISO 27001, NIST, CIS). Support incident response, vulnerability remediation, and disaster recovery planning. Promote a culture of continuous improvement and secure-by-design principles across the technology team. Provide technical leadership and mentoring to More ❯

led MSSP services and are used to working in a high-pressure environment and managing geographically dispersed teams across different time-zones. The Role As the Global Head of Incident Response, your primary responsibilities will be: Manage and develop a global team of Cyber Threat Intelligence analysts, providing expert assistance during a cyber incident and for routine More ❯