1 to 25 of 110 Remote Incident Response Jobs in the UK excluding London

that makes us truly one team. Who are we looking for? Due to continued growth, Bridewell's CSIRT is seeking a capable and motivated Incident Response Consultant to support and deliver consultancy services to our Critical National Infrastructure (CNI) clients. This role is ideal for professionals with foundational … experience in cyber security and incident response, looking to deepen their expertise and take ownership of client-facing engagements while continuing to develop under the guidance of senior consultants. Requirements You will contribute to strengthening clients' response capabilities through preparation activities, documentation development, and cyber incident ...

Stevenage The CERT Incident Responder is responsible for leading digital forensics and incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation (AEV)— including Red and Purple Team activities The role ensures detection, response, and control validation against real-world threat actor tactics … provides the option to claim cash back on everyday healthcare expenses such as optical, dental, health and wellbeing and more. The opportunity: The CERT Incident Responder is responsible for leading digital forensics and incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation ...

Stevenage The CERT Incident Responder is responsible for leading digital forensics and incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation (AEV)- including Red and Purple Team activities The role ensures detection, response, and control validation against real-world threat actor tactics … option to claim cash back on everyday healthcare expenses such as optical, dental, health and wellbeing and more . The opportunity: The CERT Incident Responder is responsible for leading digital forensics and incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation (AEV)- including ...

Bolton The CERT Incident Responder is responsible for leading digital forensics and incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation (AEV)- including Red and Purple Team activities The role ensures detection, response, and control validation against real-world threat actor tactics … option to claim cash back on everyday healthcare expenses such as optical, dental, health and wellbeing and more . The opportunity: The CERT Incident Responder is responsible for leading digital forensics and incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation (AEV)- including ...

team activities in critical industrial environments? Do you want a role that mixes penetration testing, threat emulation and resilience validation with security architecture and incident response? Would you like to help major UK operators strengthen their cyber resilience across energy, water, renewables and manufacturing? What … professional membership fees covered What will you be doing? Delivering OT-focused red team activities with specialist partners, including penetration testing, adversary simulation and incident response exercises Planning and executing security assessments and incident response exercises in OT/ICS environments Developing and implementing attack scenarios ...

team activities in critical industrial environments? Do you want a role that mixes penetration testing, threat emulation and resilience validation with security architecture and incident response? Would you like to help major UK operators strengthen their cyber resilience across energy, water, renewables and manufacturing? What … professional membership fees covered What will you be doing? Delivering OT-focused red team activities with specialist partners, including penetration testing, adversary simulation and incident response exercises Planning and executing security assessments and incident response exercises in OT/ICS environments Developing and implementing attack scenarios ...

primary escalation point for complex IT and cybersecurity incidents. Manage and secure core client infrastructure and cloud environments. Ensure centralised security, monitoring, and incident response platforms operate effectively. You will collaborate closely with our Service Desk, Projects and Account Management teams to maintain high standards of service, document … infrastructure, cloud services, endpoints, and networks, in alignment with best practices and frameworks such as ISO27001, NIST, and Cyber Essentials Plus. Lead and coordinate incident response efforts, including root cause analysis, threat containment and post-incident reporting for clients. Collaborate with the Project and Service Desk teams ...

will support information security and risk activities within Operational Security Management. Our Security Operations Center (SOC) is the frontline of defense, responsible for incident response, initial triage, and proactive threat hunting. You will work closely with the Cyber Security Incident Response Team (CSIRT) and business units … work as part of a rotation. Where weekend work is done days off during the week will be provided. What you will deliver: Perform incident detection and response within the SOC, including analysis and escalation of security alerts. Investigate security incidents and ensure accurate documentation in SIEM ...

networks, and cloud environments; perform root-cause analysis, impact assessment and containment actions. Develop and maintain detection rules, use cases, threat-intelligence processes, and incident response playbooks. Automate detection and response workflows, using scripting tools (e.g. Python, PowerShell). Perform threat-hunting, log-analysis (including firewall … hours coverage if needed. What we're looking for Solid experience, ideally 3+ years working in a SOC or security operations/incident-response role. Strong working knowledge of Microsoft security stack (e.g. Sentinel, Defender) and hands-on experience with SIEM tooling, alerts triage, detection logic, and security ...

Role: Agentic AI for Security & Sentinel Advanced Capabilities Lead the adoption and integration of Agentic AI for Security to enable autonomous threat detection, adaptive response, and continuous security posture improvement. Architect and optimise Microsoft Sentinel for SIEM, UEBA, and threat intelligence integration, leveraging Microsoft Sentinel Model Context Protocol … advanced context-aware analytics and automation. Develop and maintain security analytics and data pipelines within Sentinel Data Lake to support large-scale threat detection, incident response, and threat hunting, while optimizing cost and enabling Agentic AI-driven security operations. Integrate and automate security workflows using Microsoft Sentinel Graph ...

getting organised ahead of their anticipated growth. We’re focused on finding them a Security Operations (SecOps) Manager to enhance their cybersecurity, oversee incident response and ensure the protection of critical systems and data. This position also includes line management of two team members who support IT operations … week, 3 days from home. Key Responsibilities Monitor and analyse alerts from SIEM, EDR, firewalls, and other security platforms Lead and coordinate incident response activities Manage security projects including DPIAs, supplier assurance, penetration testing, and remediation Support evaluation and implementation of emerging technology, including AI security tools Conduct ...

getting organised ahead of their anticipated growth. We’re focused on finding them a Security Operations (SecOps) Manager to enhance their cybersecurity, oversee incident response and ensure the protection of critical systems and data. This position also includes line management of two team members who support IT operations … week, 3 days from home. Key Responsibilities Monitor and analyse alerts from SIEM, EDR, firewalls, and other security platforms Lead and coordinate incident response activities Manage security projects including DPIAs, supplier assurance, penetration testing, and remediation Support evaluation and implementation of emerging technology, including AI security tools Conduct ...

Windows Server infrastructure, including patching and hardening. Conduct regular security assessments, vulnerability remediation, and participate in audits. Develop and maintain technical documentation, runbooks, and incident response procedures. Collaborate with IT, Security, and business teams to deliver secure, scalable solutions. Integrate security best practices into DevOps and cloud automation … emerging threats, vulnerabilities, and technology trends. Key Experience Required Proven expertise in Azure security engineering and Windows Server administration. Strong background in security operations, incident response, and monitoring. Skilled in Microsoft security tools (M365 Purview, DLP) and automation (PowerShell, Azure CLI). Knowledge of identity and access management ...

role in protecting a large-scale, high-availability environment, acting as an escalation point for complex security incidents. Your day will include: Leading incident response activities: investigating alerts, conducting threat hunting, and managing escalations. Tuning and configuring Splunk SIEM to reduce false positives and enhance detection accuracy. Handling … malware analysis, forensic reviews and sensitive internal cases. Correlating logs across multiple systems and using threat intelligence to strengthen detection capabilities. Producing clear, concise incident reports for senior stakeholders, including non-technical audiences. Supporting junior analysts with guidance, best practice coaching and career development (no formal line management). ...

troubleshooting and resolution in line with SLAs Create and maintain technical documentation, policies, and procedures, ensuring smooth handover to Service Desk teams Lead the incident response lifecycle, including managing security incidents and data breach containment, eradication, and post-mortem analysis. Serve as a dedicated Tier 3 escalation point … security framework Monitor, investigate, and remediate security alerts, incidents, and Indicators of Compromise (IOCs) Conduct threat analysis to address new and emerging risks; deploy response strategies to mitigate vulnerabilities Manage and optimise security tools, including Next-Gen SIEM, SOAR, EDR/MDR/XDR, and cloud security solutions (CASB ...

cyber-resilience strategy and protect the systems and data that support essential public services. This is a key leadership role overseeing cyber security governance, incident response, regulatory compliance (PSN, PCI-DSS, Cyber Essentials Plus), and the secure operation of cloud and hybrid environments. Youll work closely with senior … design across all ICT services. What youll do: Lead the local authoritys cyber security framework, policies, and standards Own vulnerability management, security monitoring, and incident response Ensure compliance with NCSC, PSN, PCI-DSS, GDPR and other national frameworks Manage SIEM, Microsoft security tooling (Sentinel/Defender/ ...

Operational Technology) Outside IR35 Duration: 6 9 months Location: Crawley, Hybrid 2 days per week on site Overview of project: The role of an Incident Response (CSIRT)/Security Operations Centre (SOC) Level 3 Analyst is to respond to high-severity cyber security incidents and/or escalated … policies, standards and procedures aligned with best practice. Logs: Ensure all logs feed into the SIEM and build use cases to detect anomalous activity. Incident Response: Lead high-severity incidents, improve playbooks and manage remediation, communication and reporting. SOAR: Develop automated workflows to streamline detection, enrichment and response. ...

Operational Technology) Outside IR35 Duration: 6 – 9 months Location: Crawley, Hybrid 2 days per week on site Overview of project: The role of an Incident Response (CSIRT)/Security Operations Centre (SOC) Level 3 Analyst is to respond to high-severity cyber security incidents and/or escalated … policies, standards and procedures aligned with best practice. Logs: Ensure all logs feed into the SIEM and build use cases to detect anomalous activity. Incident Response: Lead high-severity incidents, improve playbooks and manage remediation, communication and reporting. SOAR: Develop automated workflows to streamline detection, enrichment and response. ...

operational edge-cases Oversee full Intune security baselining, including secure device provisioning, compliance models, remediation scripts, endpoint hardening, managed configurations, and integration with incident response Architect and tune the Microsoft Defender XDR stack, including advanced hunting, alert tuning, automation rules, vulnerability management, attack surface reduction, and integration with … governance and access control models covering privileged identity management, entitlement workflows, elevated access justification, and audit-ready forensic traceability Build out logging, monitoring, and incident response capabilities, ensuring telemetry is collected, correlated, enriched, and actionable for both engineering and SOC teams Champion technical evidence collection and audit readiness ...

security operations. This is a hands-on, strategic position within the Technical Operations team, where you’ll set the direction for security practices, guide incident response, and support the growth of the wider team. Your responsibilities: Lead on security incidents, managing investigations through to resolution Design, implement … maintain robust security controls across infrastructure and applications Drive the creation and execution of incident response plans, ensuring continuous improvements Integrate security practices seamlessly into the DevOps pipeline Manage and optimise monitoring tools to provide real-time threat visibility Carry out regular threat and vulnerability assessments, applying effective ...

services or DevOps tools to continuously enhance infrastructure capabilities. Produce and maintain platform documentation and runbooks, ensuring knowledge is shared and accessible. Contribute to incident response and root cause analysis for infrastructure-related issues. Track and report platform metrics, including performance, cost efficiency, and security posture. Required Skills … security best practices. Experience with monitoring, logging, and alerting tools. Proficiency in scripting or automation languages (Python, Bash, or PowerShell). Track record of incident response and root cause analysis in cloud environments. If you are interested in this position please apply online or for more information contact ...

services or DevOps tools to continuously enhance infrastructure capabilities. Produce and maintain platform documentation and runbooks, ensuring knowledge is shared and accessible. Contribute to incident response and root cause analysis for infrastructure-related issues. Track and report platform metrics, including performance, cost efficiency, and security posture. Required Skills … security best practices. Experience with monitoring, logging, and alerting tools. Proficiency in scripting or automation languages (Python, Bash, or PowerShell). Track record of incident response and root cause analysis in cloud environments. If you are interested in this position please apply online or for more information contact ...

services or DevOps tools to continuously enhance infrastructure capabilities. Produce and maintain platform documentation and runbooks, ensuring knowledge is shared and accessible. Contribute to incident response and root cause analysis for infrastructure-related issues. Track and report platform metrics, including performance, cost efficiency, and security posture. Required Skills … security best practices. Experience with monitoring, logging, and alerting tools. Proficiency in scripting or automation languages (Python, Bash, or PowerShell). Track record of incident response and root cause analysis in cloud environments. If you are interested in this position please apply online or for more information contact ...

Contract (Inside IR35) Our leading financial services client is seeking an experienced Cyber Security Programme Manager to support key initiatives across Resilience, Cyber, and Incident Response . This role will play a pivotal part in shaping and delivering strategic cyber and data transformation programmes, ensuring alignment between business … needs, technology, and governance. Key Responsibilities: Drive and prioritise business requirements across multiple stakeholders, with a focus on Cyber, Resilience, and Incident Response. Ensure user stories and technical frameworks are aligned with strategic programme goals and business outcomes. Collaborate with technology and data teams to align requirements for application ...

environments. You ll work across servers, networks, storage, and security tools, contributing to infrastructure projects as well as cyber initiatives such as vulnerability management, incident response, and enhancing security controls. You ll also collaborate with group security teams and help ensure systems remain resilient and up to date. … etc.) Palo Alto deployment/configuration experience is a must Good understanding of firewalls, network protocols, and intrusion prevention Ability to manage vulnerability scanning, incident response, and remediation Confident communicator with solid documentation skills The role also covers an office in Birmingham and they might be occasional travel ...