151 to 175 of 588 Incident Response Jobs in the UK

beyond simply reviewing logs or fixing vulnerabilities; it’s about redefining how security is perceived and integrated across everything we do. You will take a hands-on role in incident response, lead initiatives to strengthen our security posture, and be a key force in ensuring NGN stays ahead of evolving cyber threats. Please Note: National Security Vetting is … delivery of our NIS Directive Improvement Plan, ensuring compliance becomes a strategic advantage, not just a checkbox What we are looking for Experience with SIEM tools, logging, and cyber incident response Strong knowledge of EDR/AV solutions, vulnerability testing, and management Familiarity with Office 365, Active Directory, and network security (TCP/IP) Understanding of SCCM, Intune More ❯

beyond simply reviewing logs or fixing vulnerabilities; it's about redefining how security is perceived and integrated across everything we do. You will take a hands-on role in incident response, lead initiatives to strengthen our security posture, and be a key force in ensuring NGN stays ahead of evolving cyber threats. Please Note: National Security Vetting is … delivery of our NIS Directive Improvement Plan, ensuring compliance becomes a strategic advantage, not just a checkbox What we are looking for Experience with SIEM tools, logging, and cyber incident response Strong knowledge of EDR/AV solutions, vulnerability testing, and management Familiarity with Office 365, Active Directory, and network security (TCP/IP) Understanding of SCCM, Intune More ❯

beyond simply reviewing logs or fixing vulnerabilities; it’s about redefining how security is perceived and integrated across everything we do. You will take a hands-on role in incident response, lead initiatives to strengthen our security posture, and be a key force in ensuring NGN stays ahead of evolving cyber threats. Please Note: National Security Vetting is … delivery of our NIS Directive Improvement Plan, ensuring compliance becomes a strategic advantage, not just a checkbox What we are looking for Experience with SIEM tools, logging, and cyber incident response Strong knowledge of EDR/AV solutions, vulnerability testing, and management Familiarity with Office 365, Active Directory, and network security (TCP/IP) Understanding of SCCM, Intune More ❯

Kali Linux, Metasploit Pro, and NMAP Ability to exploit vulnerabilities such as SQL injection, XSS, and conduct password cracking Prior experience on a Cyber Defense Blue Team (e.g., SOC, Incident Response, Threat Hunting, or Security Architecture) Strong understanding of the MITRE ATT&CK Framework Solid grasp of ports, protocols, operating systems, and file system fundamentals Knowledge of computer … simulating real-world attacks Identify vulnerabilities through manual and automated techniques Leverage advanced toolsets and custom scripts to exploit systems securely Collaborate with blue teams to improve detection and response capabilities Document and present findings to technical and executive stakeholders Utilize MITRE ATT&CK tactics in planning and executing red team campaigns Continuously improve testing methodologies and red teaming … capabilities Maintain awareness of evolving threat landscapes and offensive techniques Assist in training internal teams on adversary behaviors and defense strategies Support incident response and threat emulation efforts when needed Ensure operational security and compliance throughout engagements Contribute to after-action reports and remediation plans for clients More ❯

You will be involved in assisting in monitoring network traffic and using SIEM tools (e.g. FortiSIEM, Microsoft Sentinel) to detect suspicious activity and triage security risks and supporting incident reporting and response, including risk assessments and vulnerability scans. Role Assist in monitoring network traffic and using SIEM tools (e.g. FortiSIEM, Microsoft Sentinel) to detect suspicious activity and triage … security risks. Support incident reporting and response, including risk assessments and vulnerability scans. Gain hands-on experience managing firewalls, antivirus, endpoint security, patching, and software updates. Collaborate with IT, Legal, and other departments to ensure a unified security approach, including third-party risk assessments. Monitor and respond to the IT Security Queue (CVE updates, service requests, incidents, bulletins … . Assess and manage tickets, ensuring priority issues are resolved within 48 hours. Handle walk-up incidents and participate in major incident responses. Support the ICT security incident response process and maintain the ICT Risk Register. Manage security dashboards (SIEM, FortiMail, FortiConsole, SOPHOS, Windows Defender). Oversee job assignments and SLA performance across teams. Support projects aligned More ❯

environments, and enterprise systems. Reporting to the Cyber Resilience Manager, you'll work across technical and governance functions to ensure ongoing protection against an evolving threat landscape, while supporting incident response, architecture design, compliance, and risk management. Key Responsibilities Design and maintain enterprise-wide cloud security architectures aligned to business objectives and compliance requirements Implement security controls across … measures into the software development lifecycle (SDLC) and broader IT processes Engage with architects, IT teams, and external suppliers to embed security into system design Develop and maintain technical incident response plans and support ongoing testing and refinement Monitor industry standards and regulatory changes (e.g., NIS regulations), ensuring ongoing compliance Contribute to internal security awareness and training programmes More ❯

environments, and enterprise systems. Reporting to the Cyber Resilience Manager, you'll work across technical and governance functions to ensure ongoing protection against an evolving threat landscape, while supporting incident response, architecture design, compliance, and risk management. Key Responsibilities Design and maintain enterprise-wide cloud security architectures aligned to business objectives and compliance requirements Implement security controls across … measures into the software development lifecycle (SDLC) and broader IT processes Engage with architects, IT teams, and external suppliers to embed security into system design Develop and maintain technical incident response plans and support ongoing testing and refinement Monitor industry standards and regulatory changes (e.g., NIS regulations), ensuring ongoing compliance Contribute to internal security awareness and training programmes More ❯

IEC62443 standards. Key Responsibilities Lead the implementation of new technical security controls across OT environments. Contribute to the assessment of OT network architecture, protocols, and change management processes. Lead incident response and remediation for cyber events detected by OT SIEM systems. Actively support vulnerability management and ensure threat exposure is minimised. Provide hands-on leadership in data and … and energy-sector-specific technologies. Demonstrable experience implementing security controls within OT environments. Hands-on knowledge of OT technologies and protocols, including experience managing configuration changes. Experience working within incident response frameworks-from coordination to containment and recovery. Familiarity with threat modelling and architectural reviews, particularly in critical national infrastructure. Relevant certifications or credentials in IEC62443 or cyber More ❯

IEC62443 standards. Key Responsibilities Lead the implementation of new technical security controls across OT environments. Contribute to the assessment of OT network architecture, protocols, and change management processes. Lead incident response and remediation for cyber events detected by OT SIEM systems. Actively support vulnerability management and ensure threat exposure is minimised. Provide hands-on leadership in data and … and energy-sector-specific technologies. Demonstrable experience implementing security controls within OT environments. Hands-on knowledge of OT technologies and protocols, including experience managing configuration changes. Experience working within incident response frameworks-from coordination to containment and recovery. Familiarity with threat modelling and architectural reviews, particularly in critical national infrastructure. Relevant certifications or credentials in IEC62443 or cyber More ❯

Ability to demonstrate any IRM solution and SecOps solutions as and when needed. Knowledge of various modules like Policy Mgmt. Compliance & Audit Mgmt., Vendor Mgmt., Business Continuity Management, Vulnerability Response, Incident Response, Security Dashboard on ServiceNow IRM platform Assess as-is IRM processes for maturity and automation on ServiceNow platform Knowledge of Advance risk management and continuous More ❯

A global IT MSP is looking for an experienced SOC Incident Response & Threat Hunting Manager to join its expanding Security Operations Centre. This is a pivotal leadership role, overseeing Tier 3 Security and Incident Response Analysts while driving proactive threat hunting and cyber threat intelligence initiatives click apply for full job details More ❯

benchmarks. Network Security: Implement and manage firewalls, VPNs, IDS/IPS, and other network security technologies to secure connectivity and prevent unauthorized access across the company's digital assets. Incident Response & Remediation: Lead efforts in incident detection, response, and remediation for infrastructure-related security incidents, ensuring rapid mitigation and future prevention. Collaboration & Integration: Work closely with More ❯

STIGs, and UK Functional Standard 007 Vulnerability Assessment & Access Review Support regular access reviews, entitlement audits, and role certification; identify and remediate potential vulnerabilities in provisioning and access enforcement. Incident Management & Response Participate in access-related incident response, including unauthorized access investigations, root-cause analysis, and mitigation measures. Client Engagement & Training Collaborate with stakeholders to understand … SAML/OAuth, and access governance tools. Security Framework Knowledge : Understanding of defence and public-sector security frameworks (JSP 440/604, STIGs, ISO 27001, Government Functional Standard 007) Incident & Risk Handling : Proven ability to conduct security incident investigations relevant to unauthorized access and remediate gaps. Communication Skills : Strong ability to engage with both technical teams and non More ❯

STIGs, and UK Functional Standard 007 Vulnerability Assessment & Access Review Support regular access reviews, entitlement audits, and role certification; identify and remediate potential vulnerabilities in provisioning and access enforcement. Incident Management & Response Participate in access-related incident response, including unauthorized access investigations, root-cause analysis, and mitigation measures. Client Engagement & Training Collaborate with stakeholders to understand … SAML/OAuth, and access governance tools. Security Framework Knowledge : Understanding of defence and public-sector security frameworks (JSP 440/604, STIGs, ISO 27001, Government Functional Standard 007) Incident & Risk Handling : Proven ability to conduct security incident investigations relevant to unauthorized access and remediate gaps. Communication Skills : Strong ability to engage with both technical teams and non More ❯

STIGs, and UK Functional Standard 007 Vulnerability Assessment & Access Review Support regular access reviews, entitlement audits, and role certification; identify and remediate potential vulnerabilities in provisioning and access enforcement. Incident Management & Response Participate in access-related incident response, including unauthorized access investigations, root-cause analysis, and mitigation measures. Client Engagement & Training Collaborate with stakeholders to understand … SAML/OAuth, and access governance tools. Security Framework Knowledge : Understanding of defence and public-sector security frameworks (JSP 440/604, STIGs, ISO 27001, Government Functional Standard 007) Incident & Risk Handling : Proven ability to conduct security incident investigations relevant to unauthorized access and remediate gaps. Communication Skills : Strong ability to engage with both technical teams and non More ❯

STIGs, and UK Functional Standard 007 Vulnerability Assessment & Access Review Support regular access reviews, entitlement audits, and role certification; identify and remediate potential vulnerabilities in provisioning and access enforcement. Incident Management & Response Participate in access-related incident response, including unauthorized access investigations, root-cause analysis, and mitigation measures. Client Engagement & Training Collaborate with stakeholders to understand … SAML/OAuth, and access governance tools. Security Framework Knowledge : Understanding of defence and public-sector security frameworks (JSP 440/604, STIGs, ISO 27001, Government Functional Standard 007) Incident & Risk Handling : Proven ability to conduct security incident investigations relevant to unauthorized access and remediate gaps. Communication Skills : Strong ability to engage with both technical teams and non More ❯

SOC Lead to take ownership of a high-performing Security Operations Centre working on critical defence and national security projects. You'll lead day-to-day SOC operations, drive incident response, and mentor analysts to strengthen detection and response capability against evolving threats. If you want to combine technical depth with leadership responsibility, this role offers both … for complex incidents and investigations Reviewing, tuning and enhancing detection rules, alerts and playbooks in SIEM/SOAR tools Providing mentorship and technical guidance to SOC analysts Driving post-incident reviews, root cause analysis and continuous improvement Conducting proactive threat hunting and supporting compliance/audit requirements Collaborating with wider IT/security teams to improve detection and response capability What you'll bring 3+ years' experience in a SOC or security operations role Strong knowledge of incident detection, response and threat analysis Hands-on experience with SIEM, SOAR and endpoint detection tools Excellent problem-solving, analytical and communication skills A degree in a relevant subject or equivalent experience Relevant certifications such as GCIA, GCIH, CEH More ❯

and mitigating potential risks. You will oversee information security, compliance, and risk management practices based on industry-accepted information security and risk management frameworks, whilst establishing and maintaining an incident response plan, including incident detection, response, investigation, and resolution, to minimise the impact of security incidents. What you'll need to succeed Demonstrable experience of implementing More ❯

performing advanced investigations and, when required, first-line triage to maintain queue health and SLA compliance. You are responsible for high-quality service delivery through detailed analysis, evidence-led response actions, and operational leadership. In addition to handling escalated alerts, you provide line management, oversee ticket quality, contribute to training and onboarding, and drive continual improvement. You work core … business hours with participation in the on-call rota, ensuring consistent service support for customers and operational continuity across teams. Key Responsibilities • Incident Investigation and Response - You take ownership of escalated incidents, performing detailed investigations and, when necessary, stepping into first-line triage to guarantee prompt alert handling and escalation. • Team Leadership - You provide day-to-day leadership … SOC Analysts, conducting performance reviews, appraisals, one-to-one meetings, and development planning. • Quality Assurance - You own QA for the team’s outputs, ensuring consistency, accuracy, and completeness of incident handling and documentation across the team. • Training and Onboarding - You lead knowledge-transfer sessions, support structured onboarding of new team members, and coordinate internal training to drive skill development More ❯

council is a Living Wage Employer. Responsibilities: Assist in monitoring network traffic and using SIEM tools (e.g. FortiSIEM, Microsoft Sentinel) to detect suspicious activity and triage security risks. Support incident reporting and response, including risk assessments and vulnerability scans. Gain hands-on experience managing firewalls, antivirus, endpoint security, patching, and software updates. Collaborate with IT, Legal, and other … Security Queue (CVE updates, service requests, incidents, bulletins). Assess and manage tickets, ensuring priority issues are resolved within 48 hours. Handle walk-up incidents and participate in major incident responses. Support the ICT security incident response process and maintain the ICT Risk Register. Manage security dashboards (SIEM, FortiMail, FortiConsole, SOPHOS, Windows Defender). Oversee job assignments More ❯

As part of the Security Operations team, the analyst will work closely with cross-functional teams to identify, investigate, and mitigate cybersecurity threats, ensuring a robust and secure environment. Incident Detection & Response: Analyze security events to determine if they represent legitimate threats, and initiate an appropriate incident response to contain and mitigate any detected issues. Threat … timely patching of identified vulnerabilities. Security Enhancements: Collaborate with IT and other business units to implement security improvements, including automation, configuration changes, and policy enforcement. Documentation & Reporting: Create detailed incident reports, document findings, and provide recommendations to enhance the organization’s cybersecurity posture. Stay Informed: Keep up with the latest cybersecurity trends, vulnerabilities, and best practices, and recommend proactive More ❯

As part of the Security Operations team, the analyst will work closely with cross-functional teams to identify, investigate, and mitigate cybersecurity threats, ensuring a robust and secure environment. Incident Detection & Response: Analyze security events to determine if they represent legitimate threats, and initiate an appropriate incident response to contain and mitigate any detected issues. Threat … timely patching of identified vulnerabilities. Security Enhancements: Collaborate with IT and other business units to implement security improvements, including automation, configuration changes, and policy enforcement. Documentation & Reporting: Create detailed incident reports, document findings, and provide recommendations to enhance the organization’s cybersecurity posture. Stay Informed: Keep up with the latest cybersecurity trends, vulnerabilities, and best practices, and recommend proactive More ❯

As part of the Security Operations team, the analyst will work closely with cross-functional teams to identify, investigate, and mitigate cybersecurity threats, ensuring a robust and secure environment. Incident Detection & Response: Analyze security events to determine if they represent legitimate threats, and initiate an appropriate incident response to contain and mitigate any detected issues. Threat … timely patching of identified vulnerabilities. Security Enhancements: Collaborate with IT and other business units to implement security improvements, including automation, configuration changes, and policy enforcement. Documentation & Reporting: Create detailed incident reports, document findings, and provide recommendations to enhance the organization’s cybersecurity posture. Stay Informed: Keep up with the latest cybersecurity trends, vulnerabilities, and best practices, and recommend proactive More ❯

As part of the Security Operations team, the analyst will work closely with cross-functional teams to identify, investigate, and mitigate cybersecurity threats, ensuring a robust and secure environment. Incident Detection & Response: Analyze security events to determine if they represent legitimate threats, and initiate an appropriate incident response to contain and mitigate any detected issues. Threat … timely patching of identified vulnerabilities. Security Enhancements: Collaborate with IT and other business units to implement security improvements, including automation, configuration changes, and policy enforcement. Documentation & Reporting: Create detailed incident reports, document findings, and provide recommendations to enhance the organization’s cybersecurity posture. Stay Informed: Keep up with the latest cybersecurity trends, vulnerabilities, and best practices, and recommend proactive More ❯

As part of the Security Operations team, the analyst will work closely with cross-functional teams to identify, investigate, and mitigate cybersecurity threats, ensuring a robust and secure environment. Incident Detection & Response: Analyze security events to determine if they represent legitimate threats, and initiate an appropriate incident response to contain and mitigate any detected issues. Threat … timely patching of identified vulnerabilities. Security Enhancements: Collaborate with IT and other business units to implement security improvements, including automation, configuration changes, and policy enforcement. Documentation & Reporting: Create detailed incident reports, document findings, and provide recommendations to enhance the organization’s cybersecurity posture. Stay Informed: Keep up with the latest cybersecurity trends, vulnerabilities, and best practices, and recommend proactive More ❯