26 to 50 of 88 Incident Response Jobs in the South East

doing: Monitor, triage, and investigate security incidents on critical client infrastructure. In-depth analysis of network traffic, logs, and system events to identify potential security threats and vulnerabilities. Provide Incident Response support. Maintain, improve and develop team knowledge of SOC tools, security operations and triage. Prepare reports for managed clients to both technical and non-technical audiences and … continuously improve their content and presentation. Maintain and update security incident documentation, including incident reports, analysis findings, and recommended mitigation strategies. What you will bring : Experience in Security Operations Centre. Demonstrable experience of Managing Microsoft Sentinel or Splunk implementations. Knowledge and experience with Mitre Att&ck Framework. Solid grasp of client-server applications, multi-tier web applications, relational More ❯

CD pipelines Identify and remediate vulnerabilities in applications and cloud environments Collaborate with development teams to improve secure coding practices Contribute to and maintain security documentation and processes Support incident response activities and post-incident analysis Automate security testing, monitoring, and alerting mechanisms Provide clear and actionable security guidance to technical stakeholders Design pragmatic security solutions aligned More ❯

operational processes. You will work alongside the Client Services and Support Team Manager-who handles frontline support-focusing on the end-to-end service lifecycle, including service design, transition, incident management, change coordination, and operational governance. Key Responsibilities Leadership & Strategy Collaborate with the Head of Operations to develop and implement strategic plans that enhance operational efficiency, service reliability, and … innovation, and continuous improvement. Mentor and develop team members, encouraging professional growth and performance excellence. Operational Management Own and manage daily service operations (excluding frontline support), including change enablement, incident coordination, major incident response, service reviews, and reporting. Oversee resource allocation across projects and functions, ensuring optimal use of team capabilities, staffing, and budget. Monitor and analyse … Governance Drive governance and best practices across the service lifecycle-covering service design, transition, operation, and continual improvement. Act as a coordination lead for high-impact incidents, manage post-incident reviews (RCAs), and implement corrective actions. Continuously evaluate and refine operational processes (e.g., change management, environment readiness, incident/problem workflows). Cross-functional Collaboration Partner with Development More ❯

threats, technologies, and regulatory changes. Required Skills & Experience Proven experience in cybersecurity operations, ideally within Defence, Aerospace, or other regulated sectors. Strong understanding of network security, threat intelligence, and incident response. Familiarity with SIEM platforms, firewalls, IDS/IPS, and endpoint protection tools. Experience with regulatory frameworks such as ISO 27001, NIST SP800, and MOD standards. Ability to interpret More ❯

with internal policies, external regulations and industry good practice. (e.g., GDPR, ISO27001, CIS, ISF, NIST). Provide expert guidance on security best practices, threat modelling, and mitigation strategies. Support incident response and post-incident reviews from an architectural perspective. Skills and experience you need asInformation Security & Assurance Specialist: Strong understanding of all security principles and underlying technologies More ❯

across technical and operational teams to ensure robust security controls and compliance with industry standards. Key Responsibilities: Conducting assurance reviews and risk assessments Embedding security into solution designs Supporting incident response and post-incident analysis Ensuring compliance with GDPR, ISO27001, NIST, and other frameworks Advising on threat modelling and mitigation strategies What We're Looking For: Strong More ❯

that enable consistent environment provisioning, application deployment, and system observability. Ensure that automated solutions improve speed, reliability, and operational visibility across the full software delivery lifecycle. Take ownership of incident management, leading the coordination of response activities to restore service quickly. Facilitate post-incident reviews to identify root causes, document learnings, and drive corrective actions that prevent … Ensure documentation is accessible, accurate, and kept up-to-date to support transparency and knowledge sharing. Establish meaningful operational and delivery metrics such as deployment frequency, system reliability, and incident response times. Provide regular reporting to stakeholders to inform decision-making and continuous improvement priorities. Provide technical mentorship and support to DevOps Engineers, helping them develop their technical More ❯

Responsibilities: Monitor, triage, and investigate security incidents on critical client infrastructure. Conduct in-depth analysis of network traffic, system events, and logs to detect security threats and vulnerabilities. Provide Incident Response support and maintain thorough incident documentation. Continuously improve SOC tool usage, operational practices, and knowledge-sharing across the team. Prepare and present reports for managed clients More ❯

Conditional Access, within Azure AD and Microsoft 365. Collaborate with Risk and Compliance teams to ensure infrastructure aligns with enterprise security frameworks (e.g. ISO 27001, NIST, CIS). Support incident response, vulnerability remediation, and disaster recovery planning. Promote a culture of continuous improvement and secure-by-design principles across the technology team. Provide technical leadership and mentoring to More ❯

code) Provisioning and working with Azure PaaS infrastructure with Terraform and ARM templates or equivalent technologies At least one high level computer software language. e.g., C# Application Performance Monitoring Incident Management, including incident response, root cause analysis and post-mortem processes Proficient with: PowerShell, Azure CLI, GIT JavaScript, JSON, XML, YAML Experience with: Distributed architectures Container technologies More ❯

led MSSP services and are used to working in a high-pressure environment and managing geographically dispersed teams across different time-zones. The Role As the Global Head of Incident Response, your primary responsibilities will be: Manage and develop a global team of Cyber Threat Intelligence analysts, providing expert assistance during a cyber incident and for routine More ❯

infrastructure to application design. Key Responsibilities Design and implement security controls across cloud platforms (AWS, Azure, or GCP) Develop and maintain security tooling for threat detection, vulnerability management, and incident response Lead threat modelling and risk assessments for critical systems and services Collaborate with engineering teams to integrate security best practices into CI/CD pipelines Monitor and More ❯

the highest standards. Key Responsibilities Develop, implement, and maintain compliance with ISO , and PCI-DSS standards. Conduct risk assessments, security audits, and vulnerability testing across systems and processes. Lead incident response activities, ensuring rapid and effective mitigation. Collaborate with internal stakeholders and external auditors to achieve and maintain certifications. Deliver organisation-wide security and compliance awareness training. Monitor … Auditor certification (or equivalent). Demonstrable experience managing compliance for ISO , and PCI-DSS. Strong understanding of governance, risk management, and regulatory compliance. Proficiency with security monitoring tools and incident management processes. Excellent analytical, communication, and leadership skills. Desirable Knowledge of GDPR, NIST, or other security frameworks. Experience in highly regulated industries such as, technology, finance, telecoms, and maybe More ❯

and governance frameworks. Ensuring compliance with ISO 27001, GDPR, SOC 2, PCI-DSS and similar regulations. Collaborating with IT, business stakeholders, and third parties to drive secure delivery. Supporting incident response and proactively planning for emerging threats. Translating complex risks into clear advice for technical and non-technical teams. Driving continuous improvement in security processes and tooling. Main More ❯

high-pressure environment with geographically dispersed teams across different time-zones. The Role To detect and investigate all cyber security related incidents across WTW and escalate cases to relevant Incident Response teams Manage a geographically dispersed team supporting SOC based detection services on a 24/7/365 basis around the globe. Ensure shift coverage is adequate … playbooks and operating procedures within the SOC are adequate and effectively identify, triage and investigate cyber threats and attacks in a timely manner Integrate the detection services with the response teams and threat teams to ensure an efficient incident lifecycle is maintained Implement KPI and SLA’s and monitor adherence to targets Maintain a membership list and call … out details of the Cyber Security Incident Group ensuing incidents are raised to the correct resolver groups when appropriate Implement regular Table Top Exercises to test SOC processes and procedures Conduct Quality Assurance reviews of SOC services and incidents ensuring lessons learned and improvements are implemented The Requirements Experience in SOC Management for Enterprise Organisations (Essential) Strong experience in More ❯

people and processes forward * Must have the ability to obtain Security Clearance (SC). Duties include: Lead a shift-based SOC team delivering 24/7 security operations and incident response. Act as a senior technical escalation point for complex or high-impact incidents. Be front of house to customers for SOC technical matters and supporting within customer DDQs. … Configure, tune, and support core SOC technologies across detection, response, and monitoring. Oversee alert triage, playbook execution, and incident coordination. Drive continuous improvement in alert quality, detection logic, and automation. Collaborate with cyber engineering teams to onboard and integrate new log sources. Take ownership of team documentation, shift handover processes, and playbook quality. Required experience: Proven experience in … a leadership or senior role within a Security Operations Centre. Strong technical skills in areas such as alerting, incident response, and log analysis. Comfortable working hands-on with detection and monitoring technologies such as Microsoft Sentinel. Strong understanding of log pipelines, event correlation, and alert tuning. Familiarity with TCP/IP networking, proxies, DNS, endpoint telemetry, and OS More ❯

people and processes forward. Must have the ability to obtain Security Clearance (SC). Duties include: Lead a shift-based SOC team delivering 24/7 security operations and incident response. Act as a senior technical escalation point for complex or high-impact incidents. Be the front of house to customers for SOC technical matters and support within customer … DDQs. Configure, tune, and support core SOC technologies across detection, response, and monitoring. Oversee alert triage, playbook execution, and incident coordination. Drive continuous improvement in alert quality, detection logic, and automation. Collaborate with cyber engineering teams to onboard and integrate new log sources. Take ownership of team documentation, shift handover processes, and playbook quality. Required experience: Proven experience … in a leadership or senior role within a Security Operations Centre. Strong technical skills in areas such as alerting, incident response, and log analysis. Comfortable working hands-on with detection and monitoring technologies such as Microsoft Sentinel. Strong understanding of log pipelines, event correlation, and alert tuning. Familiarity with TCP/IP networking, proxies, DNS, endpoint telemetry, and More ❯

incidents, vulnerability management programmes, and client relationships across enterprise environments. What you'll be doing: Acting as the key liaison between the client and operational delivery teams Leading on incident escalation and coordination with SOC and IR teams Managing post-incident investigations and reporting Supporting and driving improvements to vulnerability management workflows Overseeing IDS/IPS updates, firewall … on best practice and optimisation What we're looking for: 10+ years of experience in a SOC or technical security operations environment Proven track record in vulnerability management and incident response Strong understanding of IDS, IPS, and endpoint protection technologies Excellent stakeholder management and communication skills Ability to lead and coordinate teams through critical incidents UK SC clearance More ❯

activities to proactively discover potential compromises, work with external teams on penetration tests and red team engagements and manage SIEM and XDR tooling, establish processes and workflows to support incident response SOC. Location/WFH: You'll join colleagues in the Central London office for two days a week with flexibility to work from home the other three More ❯

activities to proactively discover potential compromises, work with external teams on penetration tests and red team engagements and manage SIEM and XDR tooling, establish processes and workflows to support incident response SOC. Location/WFH: You'll join colleagues in the Central London office for two days a week with flexibility to work from home the other three More ❯

/summary SIEM Deployment & Management - Set up, configure, and maintain SIEM tools like ArcSight, Splunk, or QRadar. Threat Detection & Analysis - Monitor security logs, detect anomalies, and investigate potential threats. Incident Response - Work with security teams to analyze and mitigate security incidents. Custom Rule Creation - Develop and fine-tune detection rules and alerts to identify malicious activities. Security Reporting More ❯

/summary SIEM Deployment & Management - Set up, configure, and maintain SIEM tools like ArcSight, Splunk, or QRadar. Threat Detection & Analysis - Monitor security logs, detect anomalies, and investigate potential threats. Incident Response - Work with security teams to analyze and mitigate security incidents. Custom Rule Creation - Develop and fine-tune detection rules and alerts to identify malicious activities. Security Reporting More ❯

/summary SIEM Deployment & Management - Set up, configure, and maintain SIEM tools like ArcSight, Splunk, or QRadar. Threat Detection & Analysis - Monitor security logs, detect anomalies, and investigate potential threats. Incident Response - Work with security teams to analyze and mitigate security incidents. Custom Rule Creation - Develop and fine-tune detection rules and alerts to identify malicious activities. Security Reporting More ❯

rollout and enforcement of security policies such as MFA and endpoint protection. Provide support on IT projects, system upgrades, and internal documentation. Perform routine system health checks and support incident response activities. Support scheduled backups and recovery testing procedures. Respond to helpdesk enquiries across multiple UK locations. Provide occasional support to international locations as the organisation grows globally More ❯

experience of working with Microsoft Sentinel, Defender and Purview • Excellent understanding of security frameworks (NIST and Cyber Essentials) • Ability to lead and manage third party providers • Strong understanding of incident response processes and methodologies including leading and managing incidents • Lead on root cause analysis, providing relevant documentation including recommendations • indemonstrable experience of implementing a robust and trustworthy security More ❯