1 to 25 of 31 Incident Response Jobs in the Thames Valley

Cyber Incident Response Manager A Global Organisation requires a Contract Incident Response Manager to lead the Cyber Incident response function. Day Rate: £635 - £675pd IR35 Status: Inside Duration: 6 months initially Travel: 2 days a week in Berkshire This Incident Response Manager will have the following previous experience: Direct end-to-end … cyber incident lifecycle management for major security events -ensuring rapid coordination across business units and leveraging tools like Splunk and Defender to contain and mitigate threats Design, maintain, and continuously enhance playbooks, response frameworks, and tabletop exercises, incorporating threat intelligence and detection insights from CrowdStrike and Splunk to mature IR readiness. Lead root cause analysis and develop actionable … reporting and trend analysis using integrated dashboards, combining insights from Splunk and Defender data sources. Serve as the primary advisor to senior leaders and cross-functional teams, guiding cyber incident communications, impact assessment, and risk mitigation strategies across the company, Operating Companies, and Joint Ventures. More ❯

how it's done. At Maersk, one of the world's largest and most respected logistics and shipping companies, our Cyber team is pioneering a whole new approach to incident response. This isn't your typical SOC/CERT role: our combined fire team approach team is built on cutting-edge research and designed to drive change, resilience, and … seen before. Here, you'll be part of a dynamic team that works together to defend, adapt, and innovate with freedom and purpose. You won't just work on Incident Management; you'll help improve how it's done. Dive into purple teaming, create and refine world-class detections, shape change projects, and push the boundaries of what's … in innovative projects that allow you to bring your ideas to life, help shape the future of cybersecurity while developing new capabilities that enhance our operations. About the role: Incident Response and Leadership Lead incident management activities in response to all high priority cyber-security incidents, with the ability to remain calm and focused during crisis More ❯

in security coverage. Apply GitOps and CI/CD principles to automate detection engineering workflows, boosting operational efficiency. Build and optimize security playbooks to streamline detection, threat hunting, and incident response activities. Develop, automate, and enhance our threat detection and response capabilities. Work closely with security analysts and other stakeholders to identify and address gaps in incident response capabilities. Keep up with current threat intelligence, emerging trends, TTPs, and vulnerabilities to adapt our detection strategies and effectively respond to evolving threats. About You Strong understanding of AWS cloud platforms with proficiency in a wide range of AWS services (e.g., EC2, S3, RDS, Lambda, IAM, VPC, CloudFormation). Experience in developing and maintaining detection rules to More ❯

reliability, establish SLOs, and implement monitoring and alerting strategies Team Leadership: Build, mentor, and grow a high-performing SRE team while fostering a culture of innovation and continuous improvement Incident Management: Establish and optimize incident response processes, lead major incident reviews, and drive systematic improvements Automation Development: Spearhead automation initiatives to reduce manual operations and improve … Deep understanding of distributed systems, cloud platforms (AWS/GCP/Azure), and modern infrastructure technologies Operational Excellence: Strong background in implementing SLOs, SLIs, and SLAs, with expertise in incident management and post-mortem processes Team Development: Experience in hiring, mentoring, and growing high-performing technical teams while fostering a culture of continuous learning Strategic Planning: Ability to develop More ❯

defences by maintaining and optimising security operations tools and processes. You'll focus on monitoring, analysing, and responding to cyber threats, while supporting the SOC team and ensuring effective incident management across the business. Your role will involve collaborating with technology and business stakeholders, investigating security alerts, enhancing tooling performance, and supporting the delivery of continuous improvement and risk … to readiness for significant incidents and play a key role in proactive threat hunting and compliance reporting. What you'll be doing as a Senior Cyber Security Analyst: Security Incident Response : Investigate security alerts from SIEM and third-party MSSPs, triage and respond to incidents, and support root cause analysis to drive remediation. Stakeholder Engagement : Work closely with … alert tuning and automation. SOC Support & Escalation : Act as a key contact and escalation point for the SOC team, providing guidance and mentoring to support operational effectiveness. On-Call & Incident Readiness : Participate in a 24/7/365 on-call rota with MSSP partners, supporting out-of-hours investigations and maintaining incident readiness. Threat Hunting & Continuous Improvement More ❯

and overall security performance. Support compliance efforts across frameworks including Cyber Essentials, ISO 27001, GDPR and DPA. Lead the vulnerability management programme, advising IT on remediation strategies. Oversee security incident monitoring and response in coordination with the SOC team. Design and implement an effective identity and access management (IAM) process and own access control across all systems. Required … application of security frameworks and standards including CIS, ISO 27001/27002, GDPR, DPA, and Cyber Essentials. Proven experience managing or working closely with Security Operations Centres (SOC), including incident response and threat detection. Demonstrable background in implementing and running vulnerability management programmes, with experience using industry-standard tooling. Experience designing, deploying, and managing Identity and Access Management More ❯

teams Work with our Channel team to help support and enable our Distributors and Resellers You will become an expert in Email Security, Advanced Persistent Threats, Attack Protection, Threat Response, Data Loss Prevention (DLP), and the threat landscape Occasional travel required. What You Bring To The Team Proven hands-on experience, either as a Sales/Systems Engineer, Technical … are recommended Enterprise email solutions such as Exchange, O365, G-Suite, Lotus Dominoorworking knowledge of SMTP IT security related areas such as Vulnerability and Risk Management, Security Operations or Incident Response Data Loss Prevention (DLP), compliance and data privacy Cloud security and shadow IT monitoring Cloud computing Infrastructure (e.g. AWS/Azure) Nice to have Hands on experience More ❯

SOC Analyst A Global Organisation requires a Contract L2 SOC Analyst to join their Incident Response team - Splunk, Defender Day Rate: £400 - £420pd IR35 Status: Inside Duration: 6 months initially Travel: 2 days a week in Berkshire This L2 SOC Analyst will have the previous following experience: Monitor and investigate security alerts using tools such as Splunk, Microsoft … Defender, and CrowdStrike, escalating incidents as needed and ensuring timely resolution. Leverage Microsoft Co-pilot and automation workflows to streamline threat detection, incident triage, and response processes. Conduct in-depth log analysis and correlation across multiple data sources to identify potential security threats and reduce false positives. Support threat hunting and root cause analysis efforts, providing detailed documentation More ❯

and organisational security policies. Implement firewall, VPN, IDS/IPS, and zero-trust network security frameworks. Collaborate with the IT security team to proactively identify and mitigate threats. Lead incident response and troubleshooting efforts for network-related security events. Cloud & Hybrid Infrastructure Design and manage OCI cloud networking architectures, ensuring seamless connectivity for multiple child tenancies and enabling More ❯

strong focus on application security, web application firewalls, and secure DevOps pipelines. Provide security leadership and mentoring , supporting colleagues and enhancing security awareness across the business. Actively contribute to incident response , security training , supplier reviews , and client security assurance Stay ahead of evolving threats, and help shape our strategy using frameworks such as OWASP, SASE, and Zero Trust. More ❯

strong focus on application security, web application firewalls, and secure DevOps pipelines. Provide security leadership and mentoring , supporting colleagues and enhancing security awareness across the business. Actively contribute to incident response , security training , supplier reviews , and client security assurance Stay ahead of evolving threats, and help shape our strategy using frameworks such as OWASP, SASE, and Zero Trust. More ❯

Key Responsibilities: - SIEM Deployment & Management - Set up, configure, and maintain SIEM tools like ArcSight, Splunk, or QRadar. - Threat Detection & Analysis - Monitor security logs, detect anomalies, and investigate potential threats. - Incident Response - Work with security teams to analyze and mitigate security incidents. - Custom Rule Creation - Develop and fine-tune detection rules and alerts to identify malicious activities. - Security Reporting More ❯

Role Description: - SIEM Deployment & Management - Set up, configure, and maintain SIEM tools like ArcSight, Splunk, or QRadar. - Threat Detection & Analysis - Monitor security logs, detect anomalies, and investigate potential threats. - Incident Response - Work with security teams to analyze and mitigate security incidents. - Custom Rule Creation - Develop and fine-tune detection rules and alerts to identify malicious activities. - Security Reporting More ❯

/summary SIEM Deployment & Management - Set up, configure, and maintain SIEM tools like ArcSight, Splunk, or QRadar. Threat Detection & Analysis - Monitor security logs, detect anomalies, and investigate potential threats. Incident Response - Work with security teams to analyze and mitigate security incidents. Custom Rule Creation - Develop and fine-tune detection rules and alerts to identify malicious activities. Security Reporting More ❯

/summary SIEM Deployment & Management - Set up, configure, and maintain SIEM tools like ArcSight, Splunk, or QRadar. Threat Detection & Analysis - Monitor security logs, detect anomalies, and investigate potential threats. Incident Response - Work with security teams to analyze and mitigate security incidents. Custom Rule Creation - Develop and fine-tune detection rules and alerts to identify malicious activities. Security Reporting More ❯

/summary SIEM Deployment & Management - Set up, configure, and maintain SIEM tools like ArcSight, Splunk, or QRadar. Threat Detection & Analysis - Monitor security logs, detect anomalies, and investigate potential threats. Incident Response - Work with security teams to analyze and mitigate security incidents. Custom Rule Creation - Develop and fine-tune detection rules and alerts to identify malicious activities. Security Reporting More ❯

Stay abreast of the latest cybersecurity threats and trends, as well as advancements in network security technologies. Develop and enforce policies and procedures for network access, monitoring, and security incident response. What youll bring Youll have professional security certifications such as CISSP, CISM, or equivalent Youll have a minimum of 3 years of experience in network security or a More ❯

Skilled in DNS, VPNs, Citrix, scripting (PowerShell), monitoring, and firewall management Calm and structured under pressure – a safe pair of hands for business-critical systems Proven experience leading incident response and owning service escalations Strong vendor management skills and a focus on cost, compliance, and documentation This is a key role for a reliable, service-minded professional who More ❯

and monitor Cloud infrastructure in a LiveOps environment. Scoping, design and implementation of cloud architecture. Implement, maintain and consolidate cloud testing and automation tools. Identifying and deploying cybersecurity measures. Incident management and root cause analysis. Working with our code and build teams to ensure a streamlined workflow. Prior experience working in DevOps at a Senior level. Strong experience with … Familiarity with CI/CD systems like Jenkins, GitLabCI, CircleCI etc. Experienced with version control systems like Perforce and git. A knowledge of creating and maintaining logging, monitoring and incident response technologies. Experience with Pulumi and Microsoft PlayFab is desirable. We offer an extensive benefits package to our team including: 22 days holidays + Christmas closure (typically More ❯

improved security posture Demonstrated adaptability and eagerness to learn Excellent command of English, both written and spoken Willingness to work occasional nights and weekends for scheduled DDoS simulations or incident response (note: this is not a 24/7 shift-based role) Desirable Qualifications and Experience Experience in a client-facing technical or consulting role Background in one More ❯

L3 SOC Analyst A Global Organisation requires a Contract L3 SOC Analyst to join their Incident Response team acting as an escalaton point - Splunk & Defender Day Rate: £475 - £500pd IR35 Status: Inside Duration: 6 months initially Travel: 2 days a week in Berkshire This L3 SOC Analyst will have the previous following experience: Act as a lead investigator … for high-severity security incidents, coordinating response activities and containment strategies. Perform deep forensic analysis across endpoints, logs, and network traffic to uncover advanced threats. Develop and fine-tune detection rules and correlation logic in SIEM platforms (e.g., Splunk). Collaborate with engineering and threat intelligence teams to improve detection coverage and SOC workflows. Mentor and guide L1/… threat hunting campaigns using tools such as Defender, CrowdStrike, and custom scripts. Contribute to playbook development, automation improvements (including Microsoft Co-pilot integration), and process optimization. Produce executive-level incident reports, root cause analyses, and recommendations for remediation and hardening. More ❯

adversarial testing, model bias assessments, and trustworthiness evaluations. Contribute to training and awareness initiatives on AI/ML security best practices. Act as a key stakeholder in AI-related incident response and mitigation. Your Profile Essential Experience & Skills Proven experience as a Security Architect with direct focus on AI/ML security. Strong knowledge of AI/ML More ❯

Build a diverse, high-performing group aligned with our values. Build Operational and Engineering Excellence for your team through industry leading best practices, top notch instrumentation and well-oiled incident response procedures. Engage in strategic discussions and ensure the team is solving the right problems-not just shipping features. Requirements Taktile is a hybrid company with options to More ❯

customers with little direction. Manage and monitor support interactions, serving as an internal advocate for strategic customers, responding to customer escalations, and proactively escalating when needed. Direct crisis and incident response, working with the account team, technical support, operations and engineering teams to ensure timely resolution, while communicating effectively with customers. Meet regularly with clients, both remotely and More ❯

infrastructure upgrades and issue resolution Contribute to root cause analysis and implement preventative measures Document support procedures and maintain a comprehensive knowledge base Participate in on-call rotations and incident response efforts as needed Critical Skills & Experience Windows Server administration and support Red Hat Enterprise Linux or equivalent Linux server support Configuration and patching using SCCM , WSUS , and More ❯