126 to 150 of 678 Incident Response Jobs in the UK

SSCP – Highly desirable Bonus Skills & Knowledge Awareness of compliance and risk frameworks such as ISO 27001, NIST, and CIS Benchmarks. Ability to support threat modelling, cloud risk assessment, and incident response planning. Exposure to Infrastructure-as-Code (IaC) security using tools like Terraform, ARM templates, or Bicep. Skilled in translating technical risks into business terms for senior stakeholders. More ❯

in languages like PowerShell, Bask, or Python for task automation - Experience with vulnerability management tools like Nessus, Qualys, or OpenVAS - Knowledge of endpoint security solutions (antivirus, anti-malware) and incident response procedures - Familiarity with Security Information and Event Management (SIEM) tools, like Splunk or QRadar - Ability to interpret metrics from network, server and application performance monitoring tools - Knowledge More ❯

management tool expertise (Tenable, Qualys) Email security solutions Knowledge (Mimecast, Egress) A Working understanding of Microsoft 365 Cloud Technologies and their threat landscape Familiarity with SOC operations, threat detection, incident response, and security analytics As a Cyber security Engineer you should have one or more of SC-200 - Microsoft Certified: Security Operations Analyst Associate SC-300 - Microsoft Certified More ❯

recommendations to technical and non-technical audiences. Familiarity with NHS and public sector data protection responsibilities (e.g. NHS Data Security Standards, GDPR, DSP roles). Experience participating in security incident response, post-incident reviews, and technical root cause analysis. Knowledge of identity and access management, security logging/monitoring, and asset/information classification. Strong documentation skills More ❯

our Information Security team and exposure to our wider IT teams. You will build knowledge in the following areas: Risk Management, Policy and Compliance, Security Certifications,Supplier Due Diligence, Incident Response and Awareness, and Security Awareness, as well as working on ongoing projects. WHAT IS THE SCOPE OF THE ROLE? The following list is not exhaustive but gives More ❯

our Information Security team and exposure to our wider IT teams. You will build knowledge in the following areas: Risk Management, Policy and Compliance, Security Certifications, Supplier Due Diligence, Incident Response and Awareness, and Security Awareness, as well as working on ongoing projects. What is the scope of the role? The following list is not exhaustive but gives More ❯

our Information Security team and exposure to our wider IT teams. You will build knowledge in the following areas: Risk Management, Policy and Compliance, Security Certifications, Supplier Due Diligence, Incident Response and Awareness, and Security Awareness, as well as working on ongoing projects. What is the scope of the role? The following list is not exhaustive but gives More ❯

and capable individual with: At least 2 years' experience in a Security Analyst role , ideally in a SOC or equivalent environment. Proficiency in SIEM tools , system log analysis, and incident response. Strong understanding of data networks and vulnerability management . SC Clearance (essential); must be eligible for DV clearance . UK nationality only (sole nationality required for this role More ❯

Senior Security Incident Response Engineer About Team: If you are considering a new role and want to work in a company that is helping to change the world, consider joining an organisation serving the global scientific research community, supporting the brightest minds on the planet. Elsevier is expanding its Global InfoSec Security Incident Response team and … is looking for an Incident Response Engineer to join its ranks in the UK. About Role: As a Senior Security Incident Response Engineer, you will be a key internal security support team member, assisting in incident response investigations. You will have experience in analysing, triaging, scoping, containing, providing remediation guidance, and determining the root … cause of security incidents. You are familiar with collecting and analysing security incident-related data to identify indicators of attack and compromise. You will be responsible for managing and responding to security incidents, ensuring the protection of our data and systems. You will work closely with cross-functional teams to identify, analyse, and mitigate security threats. Key Skills: Extensive More ❯

Senior Analyst, (Delivery Lead), Incident Response London We have a new and exciting role available within our Cyber Security division in London for a Senior Analyst in the Incident Response Team. S-RM is a global intelligence and cybersecurity consultancy. Since 2005, we've helped some of the most demanding clients in the world solve some … Working in Cyber at S-RM Our Cybersecurity division is the newest and fastest-growing part of S-RM. The cyber sector is always evolving, and our Advisory , Testing , Incident Response and Forensics practices are in more demand than ever. We're building a team to meet this challenge. We're quick to respond, innovate, and improve. We … a range of perspectives and expertise to draw on and help you grow. If that sounds like your kind of team, we'd like to hear from you. Our Incident Response Delivery Leads are a critical part of our Cyber Security division's success. As a Delivery Lead on our team, you will deploy your incident response More ❯

Security Engineer, AWS SOC Incident Response Job ID: Amazon Data Services UK Limited The Amazon Web Services Security Operations Center AWS-SOC Team manages security issues across the globe. The team is looking for a highly motivated, technically inclined individual to work as a Security Engineer. A successful candidate will need to embody our 16 leadership principles; especially … real-time. - Develop, implement, and fine-tune detection rules and correlation logic to improve threat detection capabilities. - Conduct in-depth investigations of security incidents, perform forensic analysis, and coordinate incident response activities. - Maintain and optimize security information and event management systems and other security tools used in the SOC. - Collaborate with other teams to enhance threat intelligence, improve … incident response procedures, and provide regular reports on security posture. A day in the life A day in the life As a Security Engineer in Detections, your day revolves around safeguarding our digital assets. This position supports other AWS Security Engineers with security engineering, security operations and incident response activities. You will be responsible for coordinating More ❯

Security Incident Response Engineer, AWS CorpSec Response Job ID: Amazon Development Centre (London) Limited - C26 The Amazon Web Services team is looking for a passionate Security Incident Response Engineer who can lead the response to security issues across the largest cloud provider in the world. You must thrive in dynamic/ambiguous situations, and … think like both an attacker and defender, while working through the entire incident response lifecycle. You'll be working in a global team environment where clear and accurate communication and collaboration on security issues is critical. In this role you'll be conducting security monitoring and response activities for the Amazon internal network. We value broad and … deep technical knowledge, specifically in the fields of operating system security, network security, cryptography, software security, malware analysis, forensics, security operations, incident response, and emergent security intelligence. We don't expect you to be an expert in all of the domains mentioned above, but we do expect you to be excited to learn about them! You'll apply More ❯

French Speaking) The Varonis Commercial Security Analyst will deliver solutions to customers to assist in gaining visibility into security events affecting their environment and assist in operations efforts alongside Incident Response Managers. They will have intimate knowledge of Varonis and must be dedicated to a career in detecting and responding to insider threats and cyber-attacks. They will … IDS, Active Directory, Firewall, DNS, etc.) and will develop additional expertise in Varonis to make it a key component of every security program. They will also develop knowledge in Incident Response and participate in Incident Response operations, coordinating efforts across multiple regions and departments. Additionally, they will educate customers and other Varonis employees on Varonis capabilities … cyber threats, and security trends. Responsibilities Deliver Threat Detection & Response initiatives to Varonis customers. Consult with customers to ensure Varonis products are integrated into their Security Program. Integrate Varonis products into the customers' security ecosystem and threat detection workflows. Monitor security threats and operational impact on Threat Detection and Response. Participate in Incident Response operations, assisting Incident More ❯

deep expertise in Cyber Security Operations Centre (SOC) practices. This role is ideal for someone with a strong ability to analyse and enhance SOC effectiveness, from threat detection to incident response, and provide clear and appropriate advice and guidance. Key Responsibilities of the SecOps Consultant Collaborate with clients to improve SOC operations, particularly around threat detection, and IR. … configuration, and integration based on operational needs. Monitor emerging threats and trends, advising stakeholders on potential impacts and mitigation strategies. Deploy, configure, and manage security tools to optimize detection, response, and reporting functions. Skills & Knowledge Solid understanding of SOC best practices, incident response, and regulatory frameworks (e.g., GDPR, NIST, ISO 27001). Hands-on experience with security More ❯

deep expertise in Cyber Security Operations Centre (SOC) practices. This role is ideal for someone with a strong ability to analyse and enhance SOC effectiveness, from threat detection to incident response, and provide clear and appropriate advice and guidance. Key Responsibilities of the SecOps Consultant Collaborate with clients to improve SOC operations, particularly around threat detection, and IR. … configuration, and integration based on operational needs. Monitor emerging threats and trends, advising stakeholders on potential impacts and mitigation strategies. Deploy, configure, and manage security tools to optimize detection, response, and reporting functions. Skills & Knowledge Solid understanding of SOC best practices, incident response, and regulatory frameworks (e.g., GDPR, NIST, ISO 27001). Hands-on experience with security More ❯

join our Security Operations Center team. The ideal candidate will be responsible for monitoring, analyzing, and responding to security incidents, optimizing SIEM configurations, and contributing to threat detection and response strategies. This role requires hands-on experience with both platforms and a deep understanding of cybersecurity principles and incident management. Key Responsibilities: Monitor and investigate security alerts from … Analyze logs, network traffic, and other data sources to detect threats and suspicious activities. Develop and tune detection rules, analytics, and alerting logic in both SIEM platforms. Collaborate with incident response teams to contain and remediate security incidents. Create dashboards, workbooks, and reports for stakeholders. Perform threat hunting activities and support continuous improvement of SOC processes. Maintain and More ❯

log parsing Threat Detection & Use Case Development: Develop and refine detection rules based on threat intelligence and attack patterns Continuously improve detection efficacy and reduce false positives Security Monitoring & Incident Response: Monitor systems for anomalies and malicious activity Contribute to threat hunting and incident response playbooks Provide expert guidance on securing applications and infrastructure Security Advisory More ❯

log parsing Threat Detection & Use Case Development: Develop and refine detection rules based on threat intelligence and attack patterns Continuously improve detection efficacy and reduce false positives Security Monitoring & Incident Response: Monitor systems for anomalies and malicious activity Contribute to threat hunting and incident response playbooks Provide expert guidance on securing applications and infrastructure Security Advisory More ❯

and overall security performance. Support compliance efforts across frameworks including Cyber Essentials, ISO 27001, GDPR and DPA. Lead the vulnerability management programme, advising IT on remediation strategies. Oversee security incident monitoring and response in coordination with the SOC team. Design and implement an effective identity and access management (IAM) process and own access control across all systems. Required … application of security frameworks and standards including CIS, ISO 27001/27002, GDPR, DPA, and Cyber Essentials. Proven experience managing or working closely with Security Operations Centres (SOC), including incident response and threat detection. Demonstrable background in implementing and running vulnerability management programmes, with experience using industry-standard tooling. Experience designing, deploying, and managing Identity and Access Management More ❯

such as CrowdStrike Falcon, RoboShadow, Microsoft Defender, ThreatLocker Evaluate and onboard new security technologies; liaise with vendors Lead technical onboarding of cyber tools for both internal and client deployments Incident Response & Threat Management: Develop and own incident response playbooks Act as the lead escalation point for live security incidents Analyse alerts, threat intelligence, and forensic data … of: CrowdStrike Falcon - policy config, triage, alerting RoboShadow or similar - vulnerability workflows Microsoft Defender, Conditional Access, MFA, Secure Score Familiarity with frameworks: Cyber Essentials Plus, ISO 27001, PCI DSS Incident response experience with real-world investigations Understanding of identity security, patch management, and user awareness training Excellent written and verbal communication - able to simplify complex concepts for clients More ❯

such as CrowdStrike Falcon, RoboShadow, Microsoft Defender, ThreatLocker Evaluate and onboard new security technologies; liaise with vendors Lead technical onboarding of cyber tools for both internal and client deployments Incident Response & Threat Management: Develop and own incident response playbooks Act as the lead escalation point for live security incidents Analyse alerts, threat intelligence, and forensic data … of: CrowdStrike Falcon - policy config, triage, alerting RoboShadow or similar - vulnerability workflows Microsoft Defender, Conditional Access, MFA, Secure Score Familiarity with frameworks: Cyber Essentials Plus, ISO 27001, PCI DSS Incident response experience with real-world investigations Understanding of identity security, patch management, and user awareness training Excellent written and verbal communication - able to simplify complex concepts for clients More ❯

As a member of the Starling SOC team, you will be working with the industries brightest SecOps professionals to protect Starling customers, assets, and systems using the latest technologies. Incident Triage, Response, and Investigations based on Alerts received from multiple sources which include: Cloud Infrastructure/Security. Endpoint Detection and Response. Perimeter detection tooling. Investigating and responding to … security alerts raised by Users. Enhancing and creating analytic triggers to enhance alert efficacy. Continuous development of incident handling and readiness processes. Proactive threat hunting based on threat intelligence. Documentation of incidents and investigations. About your Skills We're open-minded when it comes to hiring and we care more about aptitude and attitude than specific experience or qualifications. … Below is an overview: 3+ years experience in an in-house SOC role and team Understanding of AWS Security Solutions (or other Public Cloud Solutions) Analysis and Incident Response experience with Cloud systems such as AWS or GCP Experience working and supporting analytics/SIEM platforms. Experience working in CSIRT/SOC functions. Experience supporting and conducting Incident More ❯

on staying ahead of threats and building resilient systems. Analytical by nature, you're always two steps ahead - translating complex risks into real-world solutions. Whether it's leading incident response, identifying vulnerabilities, or influencing strategy, you combine technical depth with a calm, collaborative mindset. You're ready to drive impactful security initiatives and support teams across the … strategic insight and act as a mentor for junior team members, helping shape a forward-thinking security culture across the business. Day-to-day you can expect to: Lead incident response for breaches, malware attacks, root cause analysis, and recovery Monitor threat feeds and correlate intelligence with tooling to identify emerging risks Oversee vulnerability management and assess remediation …/hardware issues A solid understanding of both automated and manual penetration testing Hands-on experience identifying, testing, and mitigating system vulnerabilities A strong grasp of threat intelligence and incident response processes A collaborative mindset, with the ability to explain technical risks to non-technical audiences Logical and lateral problem-solving skills Calmness under pressure and the ability More ❯

initial work conducted by Tier 1 Analysts and providing more in-depth analysis of potential threats to the organization. This role is crucial in the escalated investigation, triage, and response to cyber incidents while supporting the development and training of Tier 1 Analysts. The Tier 2 Analyst works closely with senior and junior analysts to ensure a seamless SOC … operation and acts as a bridge between foundational and advanced threat detection and response functions. Responsibilities: • Conduct escalated triage and analysis on security events identified by Tier 1 Analysts, determining threat severity and advising on initial response actions. • Apply expertise in SIEM solutions utilizing Kusto Query Language (KQL), to perform log analysis, event correlation, and thorough documentation of … security incidents. • Identify and escalate critical threats to Tier 3 Analysts with detailed analysis for further action, ensuring rapid response and adherence to service Tier objectives (SLOs). • Investigate potential security incidents by conducting deeper analysis on correlated events and identifying patterns or anomalies that may indicate suspicious or malicious activity. • Use OSINT (Open-Source Intelligence) to enrich contextual More ❯

will be doing as a Lead Security Engineer; Risk Management: Perform risk assessments to identify potential security risks and work product development teams to implement mitigations and preventive measures. Incident Response & Mitigation: Assess and maintain the Incident Response Plan, lead the response to security incidents and breaches, providing expertise in root cause analysis, containment, and More ❯