1 to 25 of 148 Remote/Hybrid Incident Response Jobs in the UK

Bolton The CERT Incident Responder is responsible for leading digital forensics and incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation (AEV)- including Red and Purple Team activities The role ensures detection, response, and control validation against real-world threat actor tactics … option to claim cash back on everyday healthcare expenses such as optical, dental, health and wellbeing and more . The opportunity: The CERT Incident Responder is responsible for leading digital forensics and incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation (AEV)- including ...

Role Overview We are seeking an experienced SOC Operator to support a public sector security operations capability, with a focus on threat detection, incident response, and collaboration with delivery teams to improve security monitoring and resilience. The role involves developing detection content aligned to recognised threat frameworks, supporting … incident investigations, and helping technical and non-technical stakeholders prepare for and respond to security incidents. Key Responsibilities Develop and maintain SIEM rules and alerts in Splunk , mapped to the MITRE ATT&CK framework Analyse security events and alerts to identify potential threats and incidents Contribute to and lead ...

issues. Root Cause Analysis: Conduct thorough root cause analysis for security incidents and systemic vulnerabilities, leveraging insights to drive developer training and systemic improvements. Incident Response Management: Act as Investigation Lead or Incident Commander during incident response efforts, including facilitating tabletop exercises to enhance … incident readiness. Skills & Experience: Expertise: Deep knowledge in vulnerability management, threat modeling, security architecture, and secure software development lifecycle (SDLC) practices. Incident Response Skills: Strong background in incident response, root cause analysis, and managing bug bounty programs. Communication Ability: Excellent communication and stakeholder management skills ...

Security Lead - Incident Response & Threat Management 4 Months Contract £400 to £500 a day Inside IR35 Remote working *Active Security Clearance is Needed* A well-established consultancy firm is urgently looking for an experienced Security Lead with a strong background in Incident Response and Threat Management … high-profile client. This role requires a professional with active SC Clearance and a deep understanding of SecOps analyst support. Core Responsibilities Incident Management: Directing the full incident response lifecycle, including the triage, investigation, and total resolution of security events. Threat Intelligence: Utilising Recorded Future, OpenCTI ...

Security Lead - Incident Response & Threat Management 4 Months Contract £400 to £500 a day Inside IR35 Remote working *Active Security Clearance is Needed* A well-established consultancy firm is urgently looking for an experienced Security Lead with a strong background in Incident Response and Threat Management … high-profile client. This role requires a professional with active SC Clearance and a deep understanding of SecOps analyst support. Core Responsibilities Incident Management: Directing the full incident response lifecycle, including the triage, investigation, and total resolution of security events. Threat Intelligence: Utilising Recorded Future, OpenCTI ...

enterprise clients.* Full-time, permanent role focused on securing client infrastructures across network, cloud, and endpoint environments.* Hands-on position covering security design, incident response, vulnerability management, and client consultancy.* Hybrid working model with strong benefits, development pathways, and exposure to complex, real-world security challenges.* To apply … Security Engineer, you'll play a key role in securing client IT environments by designing, implementing, and managing robust security solutions. You'll lead incident response activities, conduct vulnerability assessments, and proactively identify risks across network, cloud, and endpoint systems. You'll work directly with clients to understand ...

firms risk appetite, client expectations and legal and regulatory changes and attitudes Manage and provide day to day leadership and advice on data incident response globally, ensuring appropriate action is taken to minimize the risks associated with actual or potential exfiltration of data, including forensic document review, legal … regulatory reporting, client and individual notifications and reputation management. Act as a trusted adviser to partners, functional heads and others on data incident management, response and remediation worldwide To support the CPO and CISO in the formulation and delivery of the firms cyber and incident response ...

Information Security Operations Manager to lead and mature a Security Operations (SOC) function. This is a hands-on, operational role focused on improving detection, response, and incident readiness - not a compliance or GRC-led position. You'll manage a small SOC team, own the relationship with a Managed … Detection & Response (MDR) provider, and drive continuous improvement across security operations, tooling, and processes. Key Responsibilities Lead and develop a small SOC team (2 SOC Analysts and an interim resource) Own and optimise the clear day-to-day relationship with an MDR provider Improve SOC maturity, playbooks, and incident ...

driving continuous improvement across a large, complex environment. The Role As an IT Security Analyst, you will support all aspects of security operations, incident response, vulnerability management, governance activities, and the development of secure processes across the organisation. You’ll monitor and investigate alerts, analyse threats, lead security … defending large-scale environments from emerging threats. Key Responsibilities Investigate and analyse security events, correlating data and identifying root causes. Perform deep-dive incident analysis using logs, threat intel and IoCs. Conduct proactive and reactive threat hunting. Execute vulnerability assessments and support remediation activities. Carry out risk analysis, identifying ...

ANALYST ROLE: As a Cyber Resilience Analyst, you'll be responsible for defining, maintaining, and testing the organisation's resilience plans, covering Business Continuity, Incident Response, and Disaster Recovery. You'll work closely with IT teams and stakeholders across the wider business to ensure resilience strategies are practical … robust, and effective. The role plays a key part in analysing the impact of cyber incidents on business systems, supporting incident reviews, and ensuring lessons learned are fed back into improved resilience planning. You'll also work alongside project and change teams to ensure new systems and developments ...

months). In full: Job Purpose The UK CSIRT Tier1 Analyst will deliver the actions and activities as required and detailed in Cyber Incident Response plans. Using technical expertise and co-ordination capabilities, they will work within a team and individually, to respond to incidents and security events. … role requires the individual to have a high level of performance and individual ability. About the Role As part of the Cyber Security Incident Response Team (CSIRT), you will be employed within a global team as a Tier 1 CISRT analyst within its Cyber Security Operations Centre (CSOC ...

deployment and device security policies Advise engineering teams on secure SDLC practices, DevSecOps integration, and application security principles Operational Security Develop and maintain incident response plans and procedures Lead incident response tabletop exercises and post-incident reviews Provide guidance on business continuity and disaster recovery ...

responsible for the leadership, governance and performance of Security Operations Centre capabilities supporting a secure defence programme. The role ensures effective monitoring, detection and response across classified environments, working closely with incident response and threat teams. Key Responsibilities Own SOC operating model, processes and performance management Ensure … effective monitoring and detection across secure environments Oversee SOC analysts, tooling and service providers where applicable Drive continuous improvement of detection use cases and response workflows Coordinate closely with incident response and vulnerability teams Provide senior-level reporting on security posture and operational effectiveness Ensure SOC activities ...

cloud environment. This is not a traditional SOC role focused on alert handling . The position sits at the senior technical level and combines incident leadership, detection engineering, threat hunting and automation. You’ll have genuine ownership of security operations maturity rather than working in a ticket-driven environment. … senior technical point of escalation within the SOC, leading complex investigations and driving continuous improvement across tooling, detection capability and response processes. Typical responsibilities include: Leading complex security incidents end-to-end including investigation, containment, forensics and root cause analysis. Designing, tuning and improving detection across SIEM ...

industry standards (e.g., GDPR, PCI DSS, NIST CSF) Influence cyber security improvements by reviewing IT/security architectures and providing expert challenge Oversee incident response readiness and assurance of cyber security testing across the enterprise Promote strong security awareness and assure the quality of provider training Conduct horizon … risk assessment and development of mitigation plans aligned to business objectives Experience producing cyber security performance metrics for senior leadership Hands-on experience in incident response, vulnerability management, system hardening, and post-incident analysis Strong understanding of cloud security (IaaS, PaaS, SaaS, CASB, Zero Trust, micro-segmentation ...

. This is a great opportunity to join a forward-thinking security operations team , where you’ll have hands-on ownership across threat detection, incident response, and overall security posture , alongside a competitive salary, strong benefits, and clear long-term development opportunities . The role offers flexible, hybrid … networks, and cloud environments; perform root-cause analysis, impact assessment and containment actions. Develop and maintain detection rules, use cases, threat-intelligence processes, and incident response playbooks. Automate detection and response workflows, using scripting tools (e.g. Python, PowerShell). Perform threat-hunting, log-analysis (including firewall ...

Clearance Hybrid work model OUTSIDE IR35 Job Requirements Spec: - end-to-end technical leadership, architecture, and delivery oversight of Network Detection & Response (NDR) and Extended Detection & Response (XDR) solutions using Darktrace and Microsoft Defender - secure, scalable, and successful implementation of advanced detection technologies that enhance organisational threat visibility … improve incident response capability, and support a modern security operations function. - close collaboration with cybersecurity, infrastructure, networking, SOC analysts, service owners, and senior stakeholders to align technical designs with security strategy, operating models, and business needs. - definition of the target architecture for Darktrace NDR and Microsoft Defender ...

CloudFormation. Embed security checks into GitHub CI/CD pipelines for continuous compliance. Develop automated remediation workflows for security findings. Monitoring & Incident Response: Implement monitoring and alerting for security events using AWS native tools and SIEM integrations. Support incident response and root cause analysis for security ...

platforms and services. Apply software engineering principles to improve reliability, scalability, performance and operability. Contribute to technical strategy, standards and long-term platform evolution. Incident Management & Resilience Lead and participate in incident response, root cause analysis and blameless post-mortems. Use data and observability to reduce mean … . Deep understanding of Linux, networking, distributed systems and cloud platforms. Experience with infrastructure-as-code and automation (e.g. Terraform, Ansible, CloudFormation). Strong incident response, troubleshooting and fault-analysis skills using a scientific, data-driven approach. Experience with observability: metrics, logging, tracing, alerting and performance analysis. Ability ...

money stops flowing . As Ticketing Operations Manager, you will: Protect revenue by ensuring maximum uptime across all payment and ticketing channels Lead major incident response for payment and ticketing failures Own operational performance across systems used by millions of customers Manage and develop a high-performing operations … incident management team This is a senior operational leadership role with real accountability and influence. Key Responsibilities Lead the day-to-day operational management of all customer-facing ticketing and payment systems, including: Mobile ticketing apps Smartcards EMV/contactless payments Ticket vending machines Take ownership of major incident ...

drive improvements to tools, processes, automation, and reporting to enhance programme maturity. Stay current with emerging vulnerabilities, zero-day threats, and vendor advisories. Support incident response activities where vulnerabilities are linked to potential security events. What You'll Bring Proven experience in vulnerability management, cyber security operations … SIEM, SOAR, EDR, and associated security tooling. Strong analytical skills with the ability to translate technical risk into clear, executive-level reporting. Experience supporting incident response and investigations. Excellent stakeholder management skills, with the confidence to challenge and influence both technical and non-technical teams. Strong understanding ...

Engineer is responsible for the design, deployment, management, and optimisation of Security Information and Event Management (SIEM) platforms to enhance threat detection, monitoring, and incident response capabilities across enterprise environments. This role focuses on building and maintaining scalable SIEM solutions—primarily leveraging Elasticsearch-based technologies—to support security … organisational security posture. Why This Role Matters SIEM platforms are a core component of modern security architecture, enabling effective monitoring, threat detection, and response across complex IT and network environments. This role plays a critical part in ensuring SIEM solutions are reliable, performant, and aligned with security standards ...

protect the firm's data and Technology infrastructure. * VPN Administration - Administer and maintain Virtual Private Networks (VPN) to ensure secure remote access for employees. * Incident Response - Investigate and resolve potential security issues, participate in incident response initiatives, and respond to security-related alerts promptly. * Vulnerability Management ...

operational needs Translate SOC analyst pain points, workflows, and use cases into actionable product features and user stories Design and validate alert prioritization algorithms, incident triage workflows, and automated playbook logic based on operational experience Collaborate with product managers to shape product strategy, roadmap priorities, and feature definitions Conduct … experience as a SOC Analyst, Senior SOC Analyst, or SOC Team Lead Deep understanding of end-to-end SOC operations including alert triage, incident response, threat hunting, and case management Extensive experience with SIEM platforms, security orchestration tools, and the broader SOC technology stack Strong knowledge of threat ...

leads the organisation's cyber security strategy, ensuring strong resilience, compliance, and protection of information assets. You will oversee operations, governance, risk management, and incident response while guiding a high-performing security & infrastructure team. Client Details Our client is a respected not-for-profit UK organisation with … regulatory requirements. Conduct security risk assessments, maintain governance frameworks, and ensure robust oversight. Set, enforce, and update security policies, standards, and technical controls. Lead incident response, including investigation, coordination, remediation, and reporting. Manage supplier assurance, third-party risk, and security obligations within contracts. Plan and support external audits ...