1 to 25 of 31 Incident Response Jobs in the Thames Valley

We are seeking an experienced and highly capable SOC Tier 3 Analyst to serve as a senior member of our Security Operations Center (SOC). You will lead advanced incident response efforts, conduct proactive threat hunting, perform digital forensics, and collaborate cross-functionally to safeguard our digital assets and infrastructure. This is a pivotal role for those passionate … about cybersecurity, threat detection, and investigative analysis. Key Responsibilities 🔍 Advanced Incident Detection & Response Lead the investigation and resolution of complex cyber incidents, including APTs, malware outbreaks, and data breaches. Take charge of escalated alerts from Tier 1 and 2 analysts and guide them through advanced response protocols. Utilize SIEM, EDR, and threat intelligence platforms to perform deep … to uncover hidden anomalies or malicious behavior. Partner with security engineering teams to build detection capabilities based on evolving threats. 🔬 Digital Forensics & Investigation Conduct detailed forensic investigations to determine incident scope, root cause, and impact. Collect and preserve digital evidence in accordance with legal and regulatory standards. Deliver comprehensive findings, timelines, and impact reports. 🛠 Remediation & Recovery Advise on containment More ❯

and endpoint protection. Perform regular vulnerability assessments, penetration testing, and risk analysis. Collaborate with IT and development teams to ensure secure system architecture and application development. Maintain and enhance incident response procedures and disaster recovery plans. Investigate and document security breaches, providing root cause analysis and remediation plans. Conduct security awareness training for staff and ensure compliance with More ❯

security stacks. You will handle complex incidents like APTs, malware, and data breaches, ensuring swift, effective responses to minimize risk to the organization and its clients. Key Responsibilities: 1. Incident Detection and Response: o Utilize advanced SIEM (Security Information and Event Management) tools, threat intelligence platforms, and other security technologies to analyze and correlate security alerts. 2. Threat … the environment using behavioural analysis and threat intelligence data. o Analyse data from logs, network traffic, endpoint activities, and threat intelligence feeds to detect unusual or malicious activity. 3. Incident Forensics: o Perform in-depth forensic analysis to determine the scope, impact, and root cause of security incidents. o Collect, preserve, and analyze evidence related to breaches, intrusions, or … Collaborate with threat intelligence teams to identify indicators of compromise (IOCs) and ensure proper actions are taken to block further attacks. 5. Compliance and Risk Management: o Ensure all incident response activities align with industry standards, regulations, and best practices (e.g., NIST, ISO 27001, GDPR, HIPAA). o Work with legal and compliance teams to manage incidents within More ❯

security stacks. You will handle complex incidents like APTs, malware, and data breaches, ensuring swift, effective responses to minimize risk to the organization and its clients. Key Responsibilities: 1. Incident Detection and Response: o Utilize advanced SIEM (Security Information and Event Management) tools, threat intelligence platforms, and other security technologies to analyze and correlate security alerts. 2. Threat … the environment using behavioural analysis and threat intelligence data. o Analyse data from logs, network traffic, endpoint activities, and threat intelligence feeds to detect unusual or malicious activity. 3. Incident Forensics: o Perform in-depth forensic analysis to determine the scope, impact, and root cause of security incidents. o Collect, preserve, and analyze evidence related to breaches, intrusions, or … Collaborate with threat intelligence teams to identify indicators of compromise (IOCs) and ensure proper actions are taken to block further attacks. 5. Compliance and Risk Management: o Ensure all incident response activities align with industry standards, regulations, and best practices (e.g., NIST, ISO 27001, GDPR, HIPAA). o Work with legal and compliance teams to manage incidents within More ❯

security stacks. You will handle complex incidents like APTs, malware, and data breaches, ensuring swift, effective responses to minimize risk to the organization and its clients. Key Responsibilities: 1. Incident Detection and Response: o Utilize advanced SIEM (Security Information and Event Management) tools, threat intelligence platforms, and other security technologies to analyze and correlate security alerts. 2. Threat … the environment using behavioural analysis and threat intelligence data. o Analyse data from logs, network traffic, endpoint activities, and threat intelligence feeds to detect unusual or malicious activity. 3. Incident Forensics: o Perform in-depth forensic analysis to determine the scope, impact, and root cause of security incidents. o Collect, preserve, and analyze evidence related to breaches, intrusions, or … Collaborate with threat intelligence teams to identify indicators of compromise (IOCs) and ensure proper actions are taken to block further attacks. 5. Compliance and Risk Management: o Ensure all incident response activities align with industry standards, regulations, and best practices (e.g., NIST, ISO 27001, GDPR, HIPAA). o Work with legal and compliance teams to manage incidents within More ❯

The SecOps Manager is a key figure in the organisation's cyber defence efforts, tasked with identifying, detecting, and responding to information security threats, as well as managing the response to cybersecurity incidents. Working closely with colleagues across IT and the wider organisation, this role ensures the protection of digital and information assets against a range of internal and … that impact identity management across the organisation. The post holder also serves as a technical authority within the team and department. What you'll need to succeed Security Operations & Incident Response Lead security operations services, including monitoring, incident response, threat management, and intrusion detection, using both internal and external resources. Manage the outsourced 24/… security operations service. Lead the organisation's response to security incidents, coordinating recovery efforts with internal teams and vendors. Establish and manage threat intelligence processes to ensure timely remediation of vulnerabilities. Monitor and analyse performance metrics to support security troubleshooting and continuous improvement. Identity & Access Management Provide expert technical leadership for identity and access management, ensuring secure, high-performing More ❯

day-to-day security operations and services, both in-house and outsourced Lead a small team covering Microsoft 365, identity management, and security Oversee security tools, monitoring systems, and incident response Guide improvements to identity and access processes with a focus on automation Work with IT teams to ensure security is built into systems and projects Maintain a … high-quality technical services Other Commitment to ongoing training and development Willing to travel between sites if needed Desirable Criteria Experience managing Microsoft 365 services ITIL certification or similar Incident response training (e.g., CREST, GIAC) Knowledge of public cloud (Azure, Oracle Cloud) Experience in 24/7 operations Familiarity with AHV Hypervisor Experience working with teams beyond core More ❯

collaborative and innovative environment. Stakeholder Communication: Act as a key point of contact for security-related matters, effectively communicating complex technical concepts to both technical and non-technical stakeholders. Incident Response: Lead the response to security incidents, coordinating with relevant teams to contain and remediate issues quickly and effectively. Continuous Improvement: Drive continuous improvement initiatives to enhance More ❯

collaborative and innovative environment. Stakeholder Communication: Act as a key point of contact for security-related matters, effectively communicating complex technical concepts to both technical and non-technical stakeholders. Incident Response: Lead the response to security incidents, coordinating with relevant teams to contain and remediate issues quickly and effectively. Continuous Improvement: Drive continuous improvement initiatives to enhance More ❯

tickets in Primarks service desk system for the Primark environment Contribute to the execution of Security Operations Centre (SOC) capabilities, ensuring efficient and effective operation of detection, threat and incident response Participant in the triaging events from a wide range of sources, including reports from employees, security systems and threat intelligence data Perform analysis and response to … for this role in particular: 3+ years enterprise cybersecurity IT experience, ideally with Cloud technologies and On premise experience Experience in Cyber Security Operations with a track record in Incident Response and Investigations Solid foundation in modern operating systems and networking protocols Experience of working in multi-skilled teams Strong appreciation & adherence to processes, defined roles & responsibilities and More ❯

You’ll Be Doing: Lead the technical implementation of ISO27001 and Cyber Essentials+ (CE+) Manage and enhance the Security Operations Center (SOC) , with one analyst reporting to you Oversee incident response , manage security incidents from detection to resolution Work closely with the compliance manager on vulnerability management Architect secure solutions, validate baseline configurations, and recommend improvements to stay More ❯

threats. Lead, mentor and grow a high-performing team of security engineers. Provide leadership in the creation of security awareness programs. Be a key player in the organisation's incident response efforts. Personal Attributes & Experience Deep experience with endpoint monitoring, CSPM, network security, intrusion detection and management. Proven track record in managing continuous threat exposure management programs and More ❯

complex network security incidents Enhancing risk and vulnerability management processes Collaborating with architecture and operations teams to embed security best practices Supporting forensic investigations and Tier 3/4 incident response What you'll bring to the role You'll be a seasoned network security professional with deep technical expertise and a proactive, solutions-driven mindset. You'll More ❯

remote Berkshire SC-200 Senior SOC Analyst Level 2/3 to join a specialist Managed Security Services business. You will be responsible for advanced threat hunting/triage, incident response etc with a strong focus on the Microsoft Security Stack. Key Responsibilities: Lead and resolve complex security incidents/escalations Conduct advanced threat hunting using the Microsoft … Security Stack. Build, optimise and maintain workbooks, rules, analytics etc. Correlate data across Microsoft 365 Defender, Azure Defender and Sentinel. Perform root cause analysis and post-incident reporting. Aid in mentoring and upskilling Level 1 and 2 SOC analysts. Required Skills & Experience: The ability to achieve UK Security Clearance (SC) - existing clearance ideal. (Sorry no visa applications) Must have More ❯

and procedures in alignment with industry best practices. Reviewed penetration test reports to ensure they are up to standard and meet test objectives. Mentor junior penetration testers. Assist in incident response activities, including investigation, containment, and remediation of security incidents. Conduct cloud security assessments. Essential Requirements Must be currently residing in mainland UK . Minimum 5 years of More ❯

SOC Analyst A Global Organisation requires a Contract L2 SOC Analyst to join their Incident Response team - Splunk, Defender Day Rate: £400 - £420pd IR35 Status: Inside Duration: 6 months initially Travel: 2 days a week in Berkshire This L2 SOC Analyst will have the previous following experience: Monitor and investigate security alerts using tools such as Splunk, Microsoft … Defender, and CrowdStrike, escalating incidents as needed and ensuring timely resolution. Leverage Microsoft Co-pilot and automation workflows to streamline threat detection, incident triage, and response processes. Conduct in-depth log analysis and correlation across multiple data sources to identify potential security threats and reduce false positives. Support threat hunting and root cause analysis efforts, providing detailed documentation More ❯

L3 SOC Analyst A Global Organisation requires a Contract L3 SOC Analyst to join their Incident Response team acting as an escalation point - Splunk & Defender Day Rate: £475 - £500pd IR35 Status: Inside Duration: 6 months initially Travel: 2 days a week in Berkshire This L3 SOC Analyst will have the previous following experience: Act as a lead investigator … for high-severity security incidents, coordinating response activities and containment strategies. Perform deep forensic analysis across endpoints, logs, and network traffic to uncover advanced threats. Develop and fine-tune detection rules and correlation logic in SIEM platforms (e.g., Splunk). Collaborate with engineering and threat intelligence teams to improve detection coverage and SOC workflows. Mentor and guide L1/… threat hunting campaigns using tools such as Defender, CrowdStrike, and custom scripts. Contribute to playbook development, automation improvements (including Microsoft Co-pilot integration), and process optimization. Produce executive-level incident reports, root cause analyses, and recommendations for remediation and hardening. More ❯

robust CI/CD infrastructure. This is a hands-on leadership role that balances strategic vision with technical execution. Key Responsibilities Oversee day-to-day cloud operations, including monitoring, incident response, troubleshooting and optimisation Lead & manage both short & long term project planning (Agile, Sprints, Iteration Planning) Develop and implement cloud governance, security and compliance policies & procedures Drive automation More ❯

adversarial testing, model bias assessments, and trustworthiness evaluations. Contribute to training and awareness initiatives on AI/ML security best practices. Act as a key stakeholder in AI-related incident response and mitigation. Your Profile Essential Experience & Skills Proven experience as a Security Architect with direct focus on AI/ML security. Strong knowledge of AI/ML More ❯

all IT assets. Security & Compliance Implement and enforce IT security best practices in alignment with ISO 27001, ISO 22301, Cyber Essentials Plus, and internal policies. Assist in risk assessments, incident response, and vulnerability management. Maintain documentation to support audit readiness and operational transparency. Enforce access controls and data protection policies across systems. Project Delivery & Change Management Support the More ❯

Cyber Incident Response Manager A Global Organisation requires a Contract Incident Response Manager to lead the Cyber Incident response function. Day Rate: £635 - £675pd IR35 Status: Inside Duration: 6 months initially Travel: 2 days a week in Berkshire This Incident Response Manager will have the following previous experience: Direct end-to-end … cyber incident lifecycle management for major security events -ensuring rapid coordination across business units and leveraging tools like Splunk and Defender to contain and mitigate threats Design, maintain, and continuously enhance playbooks, response frameworks, and tabletop exercises, incorporating threat intelligence and detection insights from CrowdStrike and Splunk to mature IR readiness. Lead root cause analysis and develop actionable … reporting and trend analysis using integrated dashboards, combining insights from Splunk and Defender data sources. Serve as the primary advisor to senior leaders and cross-functional teams, guiding cyber incident communications, impact assessment, and risk mitigation strategies across the company, Operating Companies, and Joint Ventures. More ❯

SRE team. What You’ll Do: Own the operational reliability of a large-scale Azure cloud platform. Drive automation-first culture using Terraform, Azure CLI, PowerShell and more. Lead incident management, capacity planning, and performance tuning initiatives. Guide engineers in observability, cost optimisation, and security best practices. Define and track service level objectives (SLOs) to improve engineering outcomes. Champion … run it” accountability. We’re Looking For: Proven background in Site Reliability Engineering or senior DevOps roles. Strong software engineering fundamentals (especially in .NET/C#) Confidence in leading incident response, platform scaling, and service design. Someone who thrives in a matrixed, multidisciplinary structure and enjoys mentoring others. The Offer: £80–85k base salary 1 day per week More ❯

IaC (Infrastructure as Code) and continuous deployment. Implement advanced monitoring, logging, and alerting systems to ensure system health. Manage and optimize cloud infrastructure for performance and cost-efficiency. Lead incident response and post-mortem analysis to improve system reliability. Lead Agile Scrum meetings and activities. Requirements On your first day, we'll expect you to have: 6+ years … a DevOps Engineer. Experience developing enterprise software with technologies like Java, PHP, JavaScript. Experience working in a collaborative Agile engineering team. Experience working with a microservices architecture. Experience with incident response. Education Bachelor's or advanced degree in Computer Science, or related field, or equivalent experience. This job description is not intended to be all inclusive, and employee will More ❯

Build a diverse, high-performing group aligned with our values. Build Operational and Engineering Excellence for your team through industry leading best practices, top notch instrumentation and well-oiled incident response procedures. Engage in strategic discussions and ensure the team is solving the right problems-not just shipping features. Requirements Taktile is a hybrid company with options to More ❯

Major Incident Manager S2 IT Operations Milton Keynes Country: United Kingdom Join our community: IT Operations is the beating heart of Santander, we manage and maintain the IT infrastructure that underpins our critical services. We have a very exciting opportunity as a Major Incident Manager where you are part of a technical team working across complex infrastructure environments … ll make: Driving the management of IT Major incidents to minimise disruption to services and restore normal operations for customers and colleagues as quickly as possible. Receiving and documenting incident reports, prioritising, and categorising incidents according to severity and impact. Coordinating with technical teams to diagnose and resolve incidents, escalating critical incidents to higher level support to management. Communicating … with stakeholders and end users regarding incident status and resolution, documenting incident response procedures and best practices. Owning post incident reviews to support root cause identification and prevent recurrence. Contributing to continuous improvement of incident management processes to focus on areas to support a quicker resolution. What you'll bring: Demonstrable direct experience of IT More ❯