26 to 50 of 345 Incident Response Jobs in the UK

client is seeking a SOC Analyst to join a security operations team in London. The role is focused on real-time monitoring, investigation, and incident response across a modern enterprise security environment. Key Responsibilities Monitor, triage, and respond to security alerts across multiple platforms, including Microsoft and endpoint … Optimise and tune detection rules, policies, and alerting mechanisms to improve SOC efficiency. Collaborate with internal teams to support security operations, threat analysis, and incident recovery. Produce clear incident documentation, reports, and recommendations for continuous improvement. Contribute to maintaining and enhancing SOC processes, runbooks, and operational workflows. Required ...

cloud environment. This is not a traditional SOC role focused on alert handling . The position sits at the senior technical level and combines incident leadership, detection engineering, threat hunting and automation. You’ll have genuine ownership of security operations maturity rather than working in a ticket-driven environment. … senior technical point of escalation within the SOC, leading complex investigations and driving continuous improvement across tooling, detection capability and response processes. Typical responsibilities include: Leading complex security incidents end-to-end including investigation, containment, forensics and root cause analysis. Designing, tuning and improving detection across SIEM ...

interpret logs, alerts, and threat data to identify potential security incidents. Ensure security tooling is correctly configured, operational, and fully utilised. Threat Detection, Incident Response & Vulnerability Management Support or lead security incident investigations, including root cause analysis and remediation. Conduct vulnerability assessments and maturity scans, ensuring risks … Experience working with or managing third party SOC, SIEM, and security vendors. Background in overseeing penetration tests and managing remediation activity. Solid understanding of incident response, vulnerability management, and general cyber defence principles. Experience working with ISO 27001 environments or auditing. Excellent communication, documentation, and stakeholder engagement skills. ...

high-performing Security Operations Centre supporting a large-scale telecoms environment. This is a hands-on Tier 2 CERT role focused on investigation, response, and remediation of security incidents across enterprise-scale infrastructure. If you enjoy solving real incidents rather than just closing tickets, this role will suit you. … Defender Conduct forensic analysis to determine root cause, scope, and impact Support containment, eradication, and recovery activities with IT and engineering teams Produce clear incident reports with technical findings and remediation actions Quality assurance of SOC L1 triage and alert handling Develop and refine detection use cases, playbooks ...

industry standards (e.g., GDPR, PCI DSS, NIST CSF) Influence cyber security improvements by reviewing IT/security architectures and providing expert challenge Oversee incident response readiness and assurance of cyber security testing across the enterprise Promote strong security awareness and assure the quality of provider training Conduct horizon … risk assessment and development of mitigation plans aligned to business objectives Experience producing cyber security performance metrics for senior leadership Hands-on experience in incident response, vulnerability management, system hardening, and post-incident analysis Strong understanding of cloud security (IaaS, PaaS, SaaS, CASB, Zero Trust, micro-segmentation ...

delivering technology change/improvement projects and managing external support agreements. The Cyber Security Analyst is required to focus on the detection, investigation and response to cyber security events and incidents. Other tasks involve BAU security tasks, supporting cyber security projects and assisting with regulatory compliance. Daily tasks will … involve the following: * Endpoint monitoring and analysis. * Incident readiness and handling as part of the Computer Security Incident Response (CSIRT) team. * Monitor and administer Security Information and Event Management (SIEM). * Malware analysis and forensics research. * Understanding/differentiation of intrusion attempts and false positives. * Investigation tracking ...

Incident Manager Location: Central London | Salary: £38,000 to £40,000 | Job Type: Permanent Take the lead when it counts most — keep services running and stakeholders confident. Are you an experienced IT Incident Manager looking for a new challenge in a fast-paced and high-impact environment? This … manage high-priority and major incidents from initiation to resolution Coordinate cross-functional IT teams to restore services quickly Maintain ownership of the incident lifecycle and ensure SLAs are met Act as the central communication point during live incidents Provide clear, real-time updates to stakeholders at all levels ...

image scanning, policy-as-code and least privilege IAM. Drive reliability using SRE practices: define SLIs/SLOs, error budgets, capacity planning, chaos testing, incident response and blameless post-incident reviews. Partner with application squads to remove toil, improve developer experience (DX), and reduce lead time … onboarding guides and demo sessions for consumers of the platform. Participate in an on-call rota for critical platform services and lead/coordinate incident response when required. About you Strong hands-on experience with Microsoft Azure core services (networking, compute, storage) and platform services (AKS, App Services ...

Clearance Hybrid work model OUTSIDE IR35 Job Requirements Spec: - end-to-end technical leadership, architecture, and delivery oversight of Network Detection & Response (NDR) and Extended Detection & Response (XDR) solutions using Darktrace and Microsoft Defender - secure, scalable, and successful implementation of advanced detection technologies that enhance organisational threat visibility … improve incident response capability, and support a modern security operations function. - close collaboration with cybersecurity, infrastructure, networking, SOC analysts, service owners, and senior stakeholders to align technical designs with security strategy, operating models, and business needs. - definition of the target architecture for Darktrace NDR and Microsoft Defender ...

CloudFormation. Embed security checks into GitHub CI/CD pipelines for continuous compliance. Develop automated remediation workflows for security findings. Monitoring & Incident Response: Implement monitoring and alerting for security events using AWS native tools and SIEM integrations. Support incident response and root cause analysis for security ...

platforms and services. Apply software engineering principles to improve reliability, scalability, performance and operability. Contribute to technical strategy, standards and long-term platform evolution. Incident Management & Resilience Lead and participate in incident response, root cause analysis and blameless post-mortems. Use data and observability to reduce mean … . Deep understanding of Linux, networking, distributed systems and cloud platforms. Experience with infrastructure-as-code and automation (e.g. Terraform, Ansible, CloudFormation). Strong incident response, troubleshooting and fault-analysis skills using a scientific, data-driven approach. Experience with observability: metrics, logging, tracing, alerting and performance analysis. Ability ...

Operations Centre • Coordinate penetration testing, cybersecurity risk self-assessments and remediation activity • Lead real-time monitoring of cybersecurity alerts and events, including investigation and incident response • Manage and maintain security infrastructure including firewalls, IPS, WAF, SIEM, EDR and endpoint controls • Oversee vulnerability management, patching and security hardening across … Cyber Essentials • Strong understanding of UK regulatory expectations, including PRA, FCA, ICO and GDPR • Proven experience with SIEM-led monitoring, threat detection and incident response • Hands-on experience managing firewalls, IPS, WAF, EDR and endpoint security tools • Strong network security knowledge including routing, switching and firewall design • Solid ...

money stops flowing . As Ticketing Operations Manager, you will: Protect revenue by ensuring maximum uptime across all payment and ticketing channels Lead major incident response for payment and ticketing failures Own operational performance across systems used by millions of customers Manage and develop a high-performing operations … incident management team This is a senior operational leadership role with real accountability and influence. Key Responsibilities Lead the day-to-day operational management of all customer-facing ticketing and payment systems, including: Mobile ticketing apps Smartcards EMV/contactless payments Ticket vending machines Take ownership of major incident ...

Network Security Engineer, where you will play a key role in safeguarding our clients’ organisations’ network infrastructure as part of the 24x7 Internal Security Response (ISR) team.When not involved in incident response and triage activity with the SOC team, you will be responsible for designing, implementing … Permanent Location – Stevenage (Onsite Shift work) Salary - £50k (Plus £2k bonus and shift allowance) Keywords: Network Security Engineer, SOC, Security Operations Center, Firewalls, Incident Response, Security Incidents, Networking Principles, Virtual Private Networks, Security Protocols, Vulnerabilities, Threats. Only apply for this role if you currently hold the specific Government ...

fantastic opportunity for individuals with foundational knowledge in cybersecurity or IT support who are eager to advance their careers in threat detection, incident response, and real-time security monitoring. A great time to join a company looking to nurture new cyber talent from tier 1 through to team … actions performed. Review, assess, and prioritize security alerts generated from platforms such as SIEM, EDR, and XDR. Support clients by offering practical advice on incident response and threat containment. Work alongside senior analysts and response teams to drive incidents through to resolution. Examine suspected security events ...

Engineer is responsible for the design, deployment, management, and optimisation of Security Information and Event Management (SIEM) platforms to enhance threat detection, monitoring, and incident response capabilities across enterprise environments. This role focuses on building and maintaining scalable SIEM solutions—primarily leveraging Elasticsearch-based technologies—to support security … organisational security posture. Why This Role Matters SIEM platforms are a core component of modern security architecture, enabling effective monitoring, threat detection, and response across complex IT and network environments. This role plays a critical part in ensuring SIEM solutions are reliable, performant, and aligned with security standards ...

role suits someone who thrives in complexity, owns outcomes, and embraces the challenge of stabilising today while architecting tomorrow. Whether youre resolving a critical incident, strengthening our cyber posture, or driving our cloud migration roadmap, your impact will be felt across the organisation. Salary The spot salary for this … progression opportunities and structured support. About you Proven experience leading IT Operations in complex, multi-system environments. Strong understanding of security frameworks, threat detection, incident response and operational cyber maturity. Experience with IaaS, PaaS, SaaS and hybrid cloud strategies. Technical depth across infrastructure, networking and enterprise systems. Experience ...

mentor and escalation point for Tier 1 and Tier 2 analysts during live operations Support alignment between SOC operations, threat intelligence, and incident response functions Capture operational metrics relating to alert handling efficiency, response delays, and quality issues Identify procedural gaps and contribute to the improvement … playbooks, SOPs, and workflows Assist the incident response function with investigations requiring escalation to embedded internal stakeholders The ideal candidate would have: A strong career background in Cyber Security within an operational SOC environment Experience mentoring, coaching, or providing quality assurance to SOC analysts The ability to lead ...

activities. Evaluate security risks of third-party vendors, ensuring alignment with internal security requirements. Maintain documentation, evidence, and metrics to support ongoing audit readiness. Incident Response & Awareness Support the development, testing, and refinement of incident response plans. Assist with investigation and reporting of security incidents. Promote ...

organization’s digital environment, using cutting-edge tools like Microsoft Sentinel and Defender. Your role will involve monitoring and responding to security threats, automating incident workflows, and strengthening our endpoint and email security. Key responsibilities of this Cyber Security Analyst includes: Monitor, detect and respond to security alerts using … Microsoft Sentinel, Microsoft Defender, and Ironscales Manage security logs, automate incident responses, oversee endpoint protection, investigate threats, and remediate vulnerabilities Investigate and remediate endpoint threats and vulnerabilities Correlate security events and develop automated playbooks in Sentinel Support threat hunting activities and contribute to incident response efforts Manage ...

services or DevOps tools to continuously enhance infrastructure capabilities. Produce and maintain platform documentation and runbooks, ensuring knowledge is shared and accessible. Contribute to incident response and root cause analysis for infrastructure-related issues. Track and report platform metrics, including performance, cost efficiency, and security posture. Essential Experience … alerting tools (e.g., CloudWatch, ELK/Opensearch, Prometheus, Grafana). Proficiency in scripting or automation languages (Python, Bash, or PowerShell). Track record of incident response and root cause analysis in cloud environments. Ability to collaborate effectively with Development and Test teams, translating requirements into stable and secure ...

fundamental part of your role, where you will detect, analyse, and respond to any cyber security incidents or breaches. This includes managing the incident response process, documenting actions taken, and reporting findings to minimise the impact on our operations. You will also assess and manage the cyber security … guidelines and standards. Conduct continuous monitoring of the Trusts IT systems to detect, analyse, and respond to cybersecurity incidents and breaches. Manage the incident response process, including documentation and reporting, to mitigate risks and minimize the impact of security breaches. Assess and manage cybersecurity risks associated with ...

heart of our cybersecurity strategy. As Operational Security Manager, you'll take ownership of our security operations, overseeing threat intelligence, vulnerability management, incident response and the performance of our outsourced 24/7 SOC. You'll work closely with internal technology teams to embed security into every aspect … infrastructure and change lifecycle, ensuring our defences are proactive, responsive and resilient. From playbook rehearsals to live incident recovery, you'll be the calm in the storm, guiding teams through complex challenges with clarity and confidence. What you'll need to succeed You're a seasoned security professional with ...

operational needs Translate SOC analyst pain points, workflows, and use cases into actionable product features and user stories Design and validate alert prioritization algorithms, incident triage workflows, and automated playbook logic based on operational experience Collaborate with product managers to shape product strategy, roadmap priorities, and feature definitions Conduct … experience as a SOC Analyst, Senior SOC Analyst, or SOC Team Lead Deep understanding of end-to-end SOC operations including alert triage, incident response, threat hunting, and case management Extensive experience with SIEM platforms, security orchestration tools, and the broader SOC technology stack Strong knowledge of threat ...

leads the organisation's cyber security strategy, ensuring strong resilience, compliance, and protection of information assets. You will oversee operations, governance, risk management, and incident response while guiding a high-performing security & infrastructure team. Client Details Our client is a respected not-for-profit UK organisation with … regulatory requirements. Conduct security risk assessments, maintain governance frameworks, and ensure robust oversight. Set, enforce, and update security policies, standards, and technical controls. Lead incident response, including investigation, coordination, remediation, and reporting. Manage supplier assurance, third-party risk, and security obligations within contracts. Plan and support external audits ...