1 to 25 of 137 Remote Incident Response Jobs in the UK excluding London

boards from below onwards The Role As SOC Manager: Establish goals and priorities by working closely with your team to identify the most critical focus areas. These include: Improving incident response times Reducing false positives and other extraneous alerts Enhancing threat detection capabilities Oversee your staff's activities and ensure they focus on the right priorities Oversee SOC … activities by reviewing your team's performance metrics, incident reports and other key indicators Lead incident response efforts when a security incident occurs, the SOC team has to respond as quickly as possible Lead these efforts by establishing clear incident response procedures and protocols and conveying them to the team Analyse incident reports … to understand your organization's security posture by reviewing incident reports, SOC managers identify patterns and trends that may indicate weaknesses or vulnerabilities in their security defences Serve as the point of contact (POC) for security incidents within the company. You are the primary liaison between the SOC team, other internal stakeholders, and external parties such as vendors, clients More ❯

Incident Response (CSIRT)/SOC Level 3 Analyst Location: Crawley (Hybrid) Department: Information Systems Type: Contract Full-time Outside IR35 About the Role My client is seeking an experienced Incident Response (CSIRT)/Security Operations Centre (SOC) Level 3 Analyst to join their Information Systems directorate, based in Crawley. In this critical role, you'll respond … s network systems, operational technology, and customer data from emerging and sophisticated cyber risks. Key Responsibilities As a senior member of the Security Operations team, you will: Lead the response to escalated and high-severity cyber incidents, ensuring rapid containment and recovery. Conduct advanced threat hunting across IT and OT environments to identify and eliminate hidden threats. Develop and … enhance SOC policies, playbooks, and incident response processes to align with industry best practices. Collaborate with the Managed Security Service Provider (MSSP) and internal teams to ensure complete log source integration and effective alert correlation across cloud and on-prem environments. Support and develop the organisation's SOAR platform, creating automated workflows and improving response efficiency. Perform More ❯

Incident Response (CSIRT)/SOC Level 3 Analyst Location: Crawley (Hybrid) Department: Information Systems Type: Contract | Full-time Outside IR35 About the Role My client is seeking an experienced Incident Response (CSIRT)/Security Operations Centre (SOC) Level 3 Analyst to join their Information Systems directorate, based in Crawley. In this critical role, you'll respond … s network systems, operational technology, and customer data from emerging and sophisticated cyber risks. Key Responsibilities As a senior member of the Security Operations team, you will: Lead the response to escalated and high-severity cyber incidents, ensuring rapid containment and recovery. Conduct advanced threat hunting across IT and OT environments to identify and eliminate hidden threats. Develop and … enhance SOC policies, playbooks, and incident response processes to align with industry best practices. Collaborate with the Managed Security Service Provider (MSSP) and internal teams to ensure complete log source integration and effective alert correlation across cloud and on-prem environments. Support and develop the organisation's SOAR platform, creating automated workflows and improving response efficiency. Perform More ❯

Join Police Digital Service as NMC Cyber Incident Management Lead. Permanent - FT. Salary starting at £70,000 per annum About Police Digital Service Police Digital Service strives to be the go-to partner for technology developments and programmes across UK policing. The National Management Centre (NMC) is part of Police Digital Service and provides visibility and control of information … risks for policing. It supports the 24x7x365 nature of police operations, providing a threat detection and response capability for digital services before, during and after cyber-attacks, enabling stakeholders to understand and proactively manage risk across the technology estate at both the national and force level. Key Responsibilities Responsible for the co-ordination and effective reporting of cyber security … incidents within the NMC, along with any issues concerning quality and delivery of the service. You will have line management responsibility for the team of Cyber Incident Leads. Accountable for the evolution and development of the Incident Management Service with regards to continuously improving People, Processes and Technology. Responsible for the progression of key service deliverables, Incident More ❯

Join Police Digital Service as NMC Cyber Incident Management Lead. Permanent - FT. Salary starting at £70,000 per annum About Police Digital Service Police Digital Service strives to be the go-to partner for technology developments and programmes across UK policing. The National Management Centre (NMC) is part of Police Digital Service and provides visibility and control of information … risks for policing. It supports the 24x7x365 nature of police operations, providing a threat detection and response capability for digital services before, during and after cyber-attacks, enabling stakeholders to understand and proactively manage risk across the technology estate at both the national and force level. Key Responsibilities Responsible for the co-ordination and effective reporting of cyber security … incidents within the NMC, along with any issues concerning quality and delivery of the service. You will have line management responsibility for the team of Cyber Incident Leads. Accountable for the evolution and development of the Incident Management Service with regards to continuously improving People, Processes and Technology. Responsible for the progression of key service deliverables, Incident More ❯

Head of IT Security Incident and Threat Management - Solihull Crimson and IMI have joined forces to build IMI's new security team, and we are looking for talented individuals to join us on this exciting journey. If you are passionate about IT security and want to be part of a dynamic team that is shaping the future of security … within a successful global company, we want to hear from you! We are seeking a highly skilled and experienced Head of IT Security Incident and Threat Management to join our team. In this role, you will be responsible for leading the strategic efforts to safeguard the company's digital assets against potential threats and incidents. This role requires a … seasoned professional with a deep understanding of cybersecurity, incident response an threat management within a FTSE 100 environment. The salary on offer for this position is between £90,000 and £110,000 per annum plus benefits. Please note this role is based on site for the first 3 months followed by a hybrid working arrangement. Key Responsibilities Develop More ❯

lead and develop a team of security professionals, oversee the delivery and ongoing management of our security infrastructure, and act as the go-to technical expert in threat detection, incident response, and vulnerability management. Were looking for someone with strong leadership skills, a deep knowledge of the cyber security landscape, and a real passion for safeguarding digital assets. … and Data, helping to build strong cyber security awareness. Oversee day-to-day security operations, using tools like MDR, SIEM, endpoint protection, and firewalls to keep us protected. Lead incident response, creating and maintaining playbooks and ensuring quick, effective action during any breaches. Stay ahead of threats by managing vulnerabilities, coordinating penetration tests, applying patches, and analysing threat … record of leading and mentoring a team. Extensive experience with security technologies such as SIEM, firewalls, intrusion detection/prevention systems, and vulnerability scanning tools. In-depth knowledge of incident response procedures, threat hunting, and forensic investigation techniques. Strong understanding of networking protocols, operating systems, and cloud security principles. Qualifications Bachelor's degree in Computer Science, Information Security More ❯

Senior Incident Responder - SOC Analyst (L3) £71000 GBP Hybrid WORKING Location: Central London, Greater London - United Kingdom Type: Permanent Senior Incident Responder - SOC Analyst (L3) Location: UK-wide (hybrid/on-site as required) Salary: £71,000 + Bonus Clearance: Must be eligible for SC Clearance Our client is a global consulting and technology services firm, supporting public … and private sector organisations with complex digital and cyber transformation. They are building out their UK Security Practice and are seeking a Senior Incident Responder - SOC Analyst (L3) to lead investigations, manage escalations, and strengthen cyber resilience for mission-critical environments. The Role As a Senior Incident Responder, you'll be the escalation point for L1 and L2 … to containment and remediation. You'll drive root cause analysis, ensure runbooks and playbooks are followed, and directly engage with clients and delivery managers to provide expert guidance on incident handling. This is a hands-on technical leadership role that combines investigation, response, threat intelligence, and collaboration with stakeholders. You'll also support service improvement, tool optimisation, and More ❯

Days: As per business need Special Working Conditions: Occasional client site travel The Role As SOC Manager, you will: Establish goals and priorities with your team, focusing on: Improving incident response times Reducing false positives and extraneous alerts Enhancing threat detection capabilities Oversee staff activities to ensure focus on the right priorities Review team performance metrics, incident reports, and other key indicators Lead incident response efforts with clear procedures and protocols Analyse incident reports to understand the organization's security posture Serve as primary point of contact for security incidents, liaising with internal stakeholders and external parties Conduct information security investigations and manage end-to-end security incident resolution Report to the … identifying new use cases and automations Act as POC for SOC engineering, threat intelligence, and threat exposure management Provide guidance to Level-2 SOC security analysts during investigations and incident resolution Lead coordination of individual information security incidents Mentor security analysts on risk management, security controls, incident analysis, SIEM monitoring, and operational tasks Document incidents from detection to More ❯

variety of stakeholders to ensure, the Leidos CSOC, a Defensive Cyber Security capability, can support a customers Cyber Resilience, protecting them with a 24 x 7 Threat Detection and Response service, mitigating their risk of Cyber Attack. The successful candidate will be able to demonstrate experience from a CSOC background or be able to demonstrate sufficient transferable Cyber Security … reactive analysis, articulating emerging trends to leadership and staff. Use data collected from Cyber Defence tools firewalls, IDS, network traffic, UEBA (User Entity Behaviour Analysis), Security Orchestration and Automated Response (SOAR) etc. to analyse events that occur within the environments. Respond to and correlate alerts from various detective and preventative Cyber Security tools such as Security Information Event Monitoring … SIEM), End Point Protection (EPP), End Point Detection and Response (EDR), XDR (Extended DR), Web Application Firewall (WAF), and Firewalls. Proactively detect suspicious activity, vulnerabilities, and security misconfigurations before they can be exploited by adversaries impacting Confidentiality, Integrity and Availability which could lead to a Cyber Security Incident. Inspection and correlation of logs from multiple sources to identify repeating More ❯

with suppliers on availability issues Support the HR, communications and engagement teams in any ICT set up for events, workshops and training sessions Learn the business continuity requirements and response arrangements if the ICT infrastructure were to fail or be attacked and support the incident response team to resolve the incident Be the recorder/scribe … for any incidents which may require the incident response team to act Shadow the IT Security Manager to learn the safeguards and monitoring systems in place Monitor and liaise with the IT Security Manager regarding any alerts via the Spycloud portal Desirable skills: Detail oriented and with a good eye on accuracy of data Friendly and helpful attitude More ❯

that underpin secure business operations. They will play a key role in shaping and executing the IT security strategy, acting as a subject matter expert while supporting compliance, training, incident management, and continuous improvement efforts across the organisation. Key Responsibilities: Oversees the daily operations of the IT Security team, ensuring service levels and internal objectives are consistently met. Leads … IT security projects, aligning them with broader strategic objectives and deadlines. Contributes expert guidance into IT strategy and supports its implementation from a security standpoint. Owns the organisations security incident response process, including investigation, reporting, and post-incident analysis. Assesses existing system security and proposes improvements to strengthen infrastructure resilience. Ensures the secure handling, processing, and transfer … AWS). Experience with security frameworks and regulatory compliance, including ISO 27001 and GDPR. Demonstrated ability to lead, coach, and develop high-performing technical teams. Track record of managing incident response and conducting technical investigations. Confident multitasker with strong project delivery and organisational skills. Experience in performing or participating in IT security audits. Excellent communication skills, both verbal More ❯

IT projects and infrastructure. Operational Oversight: Define and deploy control baselines, templates, and standards. Tooling & Effectiveness: Manage and monitor security operations tools such as Defender, Sentinel, Tenable, and CASB. Incident Response: Lead triage, coordinate crisis responses, and oversee post-incident reviews. Documentation & Governance: Maintain hardening guides, architecture diagrams, and lead working groups. Cross-Regional Alignment: Foster collaboration … global cybersecurity efforts. What You Bring Essential: Degree or equivalent experience in Information Security. Certifications such as Security+, CEH, CySA+, or Cloud Security Engineer. Extensive experience in cybersecurity, especially incident response and technical operations. Strong understanding of AWS and Azure cloud platforms. Familiarity with frameworks like NIST, ISO, COBIT, and OWASP. Proven success in leading and delivering security More ❯

that underpin secure business operations. They will play a key role in shaping and executing the IT security strategy, acting as a subject matter expert while supporting compliance, training, incident management, and continuous improvement efforts across the organisation. Key Responsibilities: Oversees the daily operations of the IT Security team, ensuring service levels and internal objectives are consistently met. Leads … IT security projects, aligning them with broader strategic objectives and deadlines. Contributes expert guidance into IT strategy and supports its implementation from a security standpoint. Owns the organisations security incident response process, including investigation, reporting, and post-incident analysis. Assesses existing system security and proposes improvements to strengthen infrastructure resilience. Ensures the secure handling, processing, and transfer … AWS). Experience with security frameworks and regulatory compliance, including ISO 27001 and GDPR. Demonstrated ability to lead, coach, and develop high-performing technical teams. Track record of managing incident response and conducting technical investigations. Confident multitasker with strong project delivery and organisational skills. Experience in performing or participating in IT security audits. Excellent communication skills, both verbal More ❯

with Key Vault, SBOM and image scanning, policy-as-code and least privilege IAM. Drive reliability using SRE practices: define SLIs/SLOs, error budgets, capacity planning, chaos testing, incident response and blameless post-incident reviews. Partner with application squads to remove toil, improve developer experience (DX), and reduce lead time for changes through automation and platform … service catalog entries; contribute to onboarding guides and demo sessions for consumers of the platform. Participate in an on-call rota for critical platform services and lead/coordinate incident response when required. About you Strong hands-on experience with Microsoft Azure core services (networking, compute, storage) and platform services (AKS, App Services, API Management, Event Hub/… GitOps, and container build pipelines (e.g., ACR, OPA policies, image scanning). Working knowledge of observability tooling (Azure Monitor, Log Analytics, Application Insights, Datadog/Grafana) and alerting/response workflows. Understanding of the Microsoft Cloud Adoption Framework, Azure Landing Zones and the Well-Architected Framework. Familiarity with DevSecOps practices: threat modelling, dependency and container scanning, SBOM management, and More ❯

cases Triage of security events and third-party SOC management Monitor/Collate data from endpoints across estate OSINT experience for threat hunting, prepare reports Cyber Defence Manager - Experience Incident response, security engineering, intrusion detection Experience of SOC or Incident Response Team Analyse End Point, Network, Application Logs Security frameworks/Standards (NIST, CIS, ISO27001) Scripting More ❯

cases Triage of security events and third-party SOC management Monitor/Collate data from endpoints across estate OSINT experience for threat hunting, prepare reports Cyber Defence Manager - Experience Incident response, security engineering, intrusion detection Experience of SOC or Incident Response Team Analyse End Point, Network, Application Logs Security frameworks/Standards (NIST, CIS, ISO27001) Scripting More ❯

cyber resilience initiatives, ensuring technical excellence and alignment with client goals. Design Secure Architectures: Shape robust, scalable, and secure solutions using industry best practices and advanced security frameworks. Drive Incident Response: Manage and coordinate responses to security incidents, ensuring swift resolution and minimal disruption. Engage Clients: Act as a trusted advisor, delivering tailored solutions and maintaining strong stakeholder … presentations, and service development efforts. Share Knowledge: Develop and distribute best practices to strengthen the cyber resilience function. What You'll Bring: Proven experience in threat intelligence, risk management, incident response, compliance (e.g., GDPR, ISO 27001), and security architecture. Hands-on experience with: SIEM Rapid7, InsightIDR XDR (SentinelOne preferred) Firewalls (Fortinet preferred) PAM (Delinea preferred) SSE/ZTNA More ❯

cyber resilience initiatives, ensuring technical excellence and alignment with client goals. Design Secure Architectures: Shape robust, scalable, and secure solutions using industry best practices and advanced security frameworks. Drive Incident Response: Manage and coordinate responses to security incidents, ensuring swift resolution and minimal disruption. Engage Clients: Act as a trusted advisor, delivering tailored solutions and maintaining strong stakeholder … presentations, and service development efforts. Share Knowledge: Develop and distribute best practices to strengthen the cyber resilience function. What You'll Bring: Proven experience in threat intelligence, risk management, incident response, compliance (e.g., GDPR, ISO 27001), and security architecture. Hands-on experience with: SIEM Rapid7, InsightIDR XDR (SentinelOne preferred) Firewalls (Fortinet preferred) PAM (Delinea preferred) SSE/ZTNA More ❯

cyber resilience initiatives, ensuring technical excellence and alignment with client goals. Design Secure Architectures: Shape robust, scalable, and secure solutions using industry best practices and advanced security frameworks. Drive Incident Response: Manage and coordinate responses to security incidents, ensuring swift resolution and minimal disruption. Engage Clients: Act as a trusted advisor, delivering tailored solutions and maintaining strong stakeholder … presentations, and service development efforts. Share Knowledge: Develop and distribute best practices to strengthen the cyber resilience function. What You'll Bring: Proven experience in threat intelligence, risk management, incident response, compliance (e.g., GDPR, ISO 27001), and security architecture. Hands-on experience with: SIEM Rapid7, InsightIDR XDR (SentinelOne preferred) Firewalls (Fortinet preferred) PAM (Delinea preferred) SSE/ZTNA More ❯

be doing: Working with a diverse group of engineers across Speechmatics to improve reliability of our products and systems, from design through to operation in production. Taking part in incident response, postmortems and ensuring the same incident doesn't happen twice. Managing and improving GitOps release workflows and CI/CD pipelines. Monitoring system performance and troubleshooting … how each layer fits together. Naturally inquisitive and eager to dive deep into new technologies; you thrive on learning as you go. Prior experience with on-call rotations and incident response is a plus. Familiarity with OpenTelemetry and related observability tooling is advantageous. We encourage you to apply even if you do not feel you match all of More ❯

Cyber Security SOC Analyst – London/Remote Atrium EMEA is looking for an accomplished Cyber Security SOC Analyst to support the Security Incident Response Team. The team is growing, we require a strong individual contributor that will investigate, analyse, and contain security incidents. This is a fully remote role, with the occasional London office visit. You can be … based anywhere in the UK • Strong ability to collaborate, delegate tasks and drive deadline compliance in a highly regulated, time sensitive environment. Triage, escalation, and assisting the response of cybersecurity, policy and privacy related events and incidents. Manage containment and remediation efforts of affected assets, IOCs, and TTPs • Integrate and collaborate with other subject matter experts throughout the organization … e.g. Security+, CCNA Cyber Ops, BTL1 and/or BTL2, GCIH, CEH, CySA+, OSCP, CISSP, CCSP etc.) • IT Security or Cyber Security experience in any of the following areas: Incident Response & Digital Forensics. Cybersecurity Detection Engineering and Threat Hunting or Vulnerability Management • Experience analysing attack vectors, current threats, and security remediation strategies • Experience with SIEM technologies, EDR technologies More ❯

Cyber Security SOC Analyst – London/Remote Atrium EMEA is looking for an accomplished Cyber Security SOC Analyst to support the Security Incident Response Team. The team is growing, we require a strong individual contributor that will investigate, analyse, and contain security incidents. This is a fully remote role, with the occasional London office visit. You can be … based anywhere in the UK • Strong ability to collaborate, delegate tasks and drive deadline compliance in a highly regulated, time sensitive environment. Triage, escalation, and assisting the response of cybersecurity, policy and privacy related events and incidents. Manage containment and remediation efforts of affected assets, IOCs, and TTPs • Integrate and collaborate with other subject matter experts throughout the organization … e.g. Security+, CCNA Cyber Ops, BTL1 and/or BTL2, GCIH, CEH, CySA+, OSCP, CISSP, CCSP etc.) • IT Security or Cyber Security experience in any of the following areas: Incident Response & Digital Forensics. Cybersecurity Detection Engineering and Threat Hunting or Vulnerability Management • Experience analysing attack vectors, current threats, and security remediation strategies • Experience with SIEM technologies, EDR technologies More ❯

Cyber Security SOC Analyst – London/Remote Atrium EMEA is looking for an accomplished Cyber Security SOC Analyst to support the Security Incident Response Team. The team is growing, we require a strong individual contributor that will investigate, analyse, and contain security incidents. This is a fully remote role, with the occasional London office visit. You can be … based anywhere in the UK • Strong ability to collaborate, delegate tasks and drive deadline compliance in a highly regulated, time sensitive environment. Triage, escalation, and assisting the response of cybersecurity, policy and privacy related events and incidents. Manage containment and remediation efforts of affected assets, IOCs, and TTPs • Integrate and collaborate with other subject matter experts throughout the organization … e.g. Security+, CCNA Cyber Ops, BTL1 and/or BTL2, GCIH, CEH, CySA+, OSCP, CISSP, CCSP etc.) • IT Security or Cyber Security experience in any of the following areas: Incident Response & Digital Forensics. Cybersecurity Detection Engineering and Threat Hunting or Vulnerability Management • Experience analysing attack vectors, current threats, and security remediation strategies • Experience with SIEM technologies, EDR technologies More ❯

Cyber Security SOC Analyst – London/Remote Atrium EMEA is looking for an accomplished Cyber Security SOC Analyst to support the Security Incident Response Team. The team is growing, we require a strong individual contributor that will investigate, analyse, and contain security incidents. This is a fully remote role, with the occasional London office visit. You can be … based anywhere in the UK • Strong ability to collaborate, delegate tasks and drive deadline compliance in a highly regulated, time sensitive environment. Triage, escalation, and assisting the response of cybersecurity, policy and privacy related events and incidents. Manage containment and remediation efforts of affected assets, IOCs, and TTPs • Integrate and collaborate with other subject matter experts throughout the organization … e.g. Security+, CCNA Cyber Ops, BTL1 and/or BTL2, GCIH, CEH, CySA+, OSCP, CISSP, CCSP etc.) • IT Security or Cyber Security experience in any of the following areas: Incident Response & Digital Forensics. Cybersecurity Detection Engineering and Threat Hunting or Vulnerability Management • Experience analysing attack vectors, current threats, and security remediation strategies • Experience with SIEM technologies, EDR technologies More ❯