126 to 150 of 378 Incident Response Jobs in the UK excluding London

As part of the Security Operations team, the analyst will work closely with cross-functional teams to identify, investigate, and mitigate cybersecurity threats, ensuring a robust and secure environment. Incident Detection & Response: Analyze security events to determine if they represent legitimate threats, and initiate an appropriate incident response to contain and mitigate any detected issues. Threat … timely patching of identified vulnerabilities. Security Enhancements: Collaborate with IT and other business units to implement security improvements, including automation, configuration changes, and policy enforcement. Documentation & Reporting: Create detailed incident reports, document findings, and provide recommendations to enhance the organization’s cybersecurity posture. Stay Informed: Keep up with the latest cybersecurity trends, vulnerabilities, and best practices, and recommend proactive More ❯

You will be responsible for planning and implementing appropriate security controls to ensure that the information within is kept secure. Key functions/outputs: Vulnerability Scanning & Reporting Endpoint Security Incident Management & Tickets System Hardening Change Work Participation in Regular Meetings Documentation Vulnerability Scanning & Reporting Code Scans: perform regular code scans to audit code quality metrics, potential bugs, and security … access and threats are being blocked. Access Control: ensuring that access controls have been implemented correctly to only allow authorised users to gain access to certain data and systems. Incident Management & Tickets: Incident Identification: help to recognise and confirm potential incidents through alerts, logs and user reports. This includes distinguishing between true threats and false positives. Incident Response: respond to potential security breaches or cyber-attacks. The main effort should focus on containment, mitigating the damage, investigation of the root cause of the incident and restoring to normal operations. Ticket Requests: respond to and resolve any tickets raised to the Leidos Security group on SD+ that require Cyber Security Engineering input. System Hardening: Patch More ❯

security aspects of design, build, implementation, operation, process, and policy, to ensure they are secure, resilient, and compliant with local and national standards. You'll assist with Cyber Security incident detection, response and recovery as well as the development, implementation, maintenance and testing of the Trust's Cyber Incident Response Plan (CIRP) and Security Strategy. You More ❯

assist in vulnerability management programs ensuring that all AWS cloud infrastructure meets the highest security standards. In This Role, You'll Respond to security tickets promptly and professionally, including incident handling, triage, investigation, and collaboration with other teams for resolution. Serve as the point-of-contact for internal user security questions, providing guidance on security policies, tools, and best … practices. Design, implement, and improve operational security processes—focusing on ticket management, incident response workflows, and documentation standards. Monitor security dashboards for alerts; analyze, document, and escalate events as needed for further investigation and remediation. Support the implementation and maintenance of security controls, including vulnerability management, endpoint protection, multi-factor authentication, and encryption technologies. Assist in onboarding and … security engineering Familiarity with securing AWS cloud services Familiarity with Infrastructure-as-Code tools like Terraform Familiarity with deploying and operating Kubernetes such as AWS EKS. Strong understanding of incident management, ticket response, and security operations best practices. Experience using ticketing systems and operational tools such as JIRA or Atlassian suite. Excellent communication skills; ability to explain technical More ❯

manage automated security tooling that prevents security issues before they occur Perform security-focused code reviews and support threat modelling exercises Champion cloud security principles across product engineering teams Incident Management & Monitoring: Lead incident response for security risks and issues raised by SOC teams Manage implementation of logging and SIEM integration for comprehensive monitoring Prioritise and oversee More ❯

delivering robust, scalable, and compliant security operations aligned with FCA Consumer Duty and broader regulatory obligations. You will play a key role in the operational management of security technologies, incident response processes, and the continuous enhancement of our detection and response capabilities. The successful candidate will bring hands-on expertise in, cloud security operations, threat detection and … will do: Operate and optimise core cyber security tools and platforms, including SIEM, XDR, EDR, DLP, IAM, PAM, ZTNA and vulnerability management solutions Lead or support the detection and response lifecycle, including triage of alerts, investigation of incidents, root cause analysis, and coordination of response actions. Implement and administrate security operational controls across AWS, Azure, and on-prem … with ISO 27001, PCI-DSS, CIS and internal governance requirements. Deliver clear, actionable security reporting and dashboards for both technical and executive audiences, covering vulnerabilities, threats, control coverage, and incident trends. Maintain and enhance operational documentation, including runbooks, playbooks, and standard operating procedures (SOPs) Support internal and external audit processes by maintaining evidence artefacts, compliance reporting, and validation of More ❯

Job overview: This is an opportunity to lead global Security Operations focused on safeguarding Arm's digital environment through exemplary threat detection, incident response, and vulnerability management capabilities. This senior role, reporting directly into the CISO is accountable for driving the strategic direction of Arm's Detect & Response function, delivering outstanding performance and ensuring we are resilient … operations, you will lead cyber crisis management, C-Suite level stress testing, team development, and top-level cybersecurity thought leadership. Responsibilities: Own and deliver the strategic roadmap for cyber incident and vulnerability detection & response in line with Arm's threat profile and business objectives. You will guide and develop a high-performing team, driven with context of emerging More ❯

integration. Baseline and conduct regular reviews with an incoming 3rd party managed SOC and the security tools in the Cloud environment (Defender and Sentinel) Oversee security architecture, vulnerability management, incident response, and threat intelligence Lead security risk assessments and manage remediation plans for identified gaps Ensure compliance with financial regulations (e.g. GDPR, PCI DSS, SOX, FCA requirements) Establish … and implementing security frameworks (ISO 27001, NIST) Hands-on experience with SIEM, DLP, IAM, and endpoint security technologies, specifically Microsoft Defender XDR, Purview and Sentinel Excellent risk assessment and incident management skills Outstanding communication skills with the ability to influence stakeholders at all levels Strategic mindset with the capability to balance security controls and business agility SM&CR Responsibilities More ❯

and other relevant standards. In a travel risk management environment this role is critical for safeguarding sensitive traveller data, real-time location tracking and operational systems that support crisis response and duty of care obligations for clients worldwide. In addition you will support the firm's governance, RFP requests, addressing areas of risk and supporting plans to address these … awareness programmes to foster a strong security culture. Promote a positive risk and compliance mindset across the organisation. Ensure lessons from audits, incidents, and inspections are embedded into practice. Incident & Breach Management Lead the response to cyber and information security incidents, including investigation, containment, and escalation. Maintain and test business continuity and disaster recovery plans. Coordinate incident response efforts across IT, operations, and client-facing teams. Risk & Control Management Identify and manage risks related to mobile travel apps, tracking systems, and third-party data processors. Develop risk treatment plans and support the implementation of appropriate controls. Work closely with Governance and Data Protection teams to ensure alignment. Vendor & System Assurance Conduct third-party security assessments More ❯

Responsibilities Lead, coach, and develop a multisite team of 1st to 3rd line IT Support Analysts. Oversee daily operations of the IT Service Desk, ensuring SLAs are met across incident, request, and problem management. Act as the primary escalation point for major incidents, coordinating resolution and stakeholder communication. Own and improve ITSM processes including incident, problem, request, change … and major incident management. Monitor service desk KPIs. Ensure smooth collaboration across infrastructure, development, and platform teams. Maintain excellent service quality and communication with internal and external users. Promote a culture of continuous improvement and customer service excellence. Contribute to IT strategy by identifying automation opportunities and service enhancements. Service Desk Manager Requirements Proven experience managing an IT Service … Desk or Technical Support function. Strong working knowledge of ITSM frameworks. Hands on expertise in incident, request, problem, and major incident management. Skilled in leading and developing high performing support teams (1st to 3rd line). Experience with major incident response and crisis communication. Customer focused with strong interpersonal and stakeholder management abilities. Familiarity with ITSM More ❯

Responsibilities Lead, coach, and develop a multisite team of 1st to 3rd line IT Support Analysts. Oversee daily operations of the IT Service Desk, ensuring SLAs are met across incident, request, and problem management. Act as the primary escalation point for major incidents, coordinating resolution and stakeholder communication. Own and improve ITSM processes including incident, problem, request, change … and major incident management. Monitor service desk KPIs. Ensure smooth collaboration across infrastructure, development, and platform teams. Maintain excellent service quality and communication with internal and external users. Promote a culture of continuous improvement and customer service excellence. Contribute to IT strategy by identifying automation opportunities and service enhancements. Service Desk Manager Requirements Proven experience managing an IT Service … Desk or Technical Support function. Strong working knowledge of ITSM frameworks. Hands on expertise in incident, request, problem, and major incident management. Skilled in leading and developing high performing support teams (1st to 3rd line). Experience with major incident response and crisis communication. Customer focused with strong interpersonal and stakeholder management abilities. Familiarity with ITSM More ❯

safeguarding our AWS cloud environment , ensuring our systems stay secure, resilient, and fully compliant with financial regulations. You'll bring real-world experience with security tools, threat detection, and incident response , helping us evolve and harden our defences every day. A background in a regulated industry (like financial services) is important, as is a strong grasp of infrastructure … will do: Operate and optimise a wide range of security platforms, including SIEM, XDR, EDR, IAM, DLP, PAM, ZTNA, and vulnerability management tools Take ownership of the detection and response lifecycle - triaging alerts, investigating incidents, identifying root causes, and coordinating response actions Implement and manage security controls across AWS, Azure, and on-prem environments, aligning with frameworks like … ISO 27001, PCI-DSS Build and maintain clear, actionable dashboards and reports for technical and leadership teams, covering threats, vulnerabilities, incident trends, and control effectiveness Keep our documentation tight - from runbooks and playbooks to standard operating procedures (SOPs) Support internal and external audits, helping maintain evidence, reporting, and demonstrating control effectiveness Devoted to the FCA principle of Consumer Duty More ❯

our project development lifecycle and delivery processes Support the agenda for our cloud first strategy and ensure any cloud solutions meet our security aspirations and requirements Take responsibility for incident management and lead our response to cyber security events, incidents and potential breaches Ensure our suppliers adequately monitor the IT estate for threats and alerts and are capable … disciplinary teams in complex infrastructure environments A strong technical background across Networks, Security, Firewall, Vulnerability Management, SIEM and EDR technologies Experience with cyber security concepts, such as Threat Modelling, Incident Response, Penetration Testing (external/internal) Advanced knowledge of cloud products and services e.g. Azure, Microsoft 365 Emotionally intelligent and able to recognise and manage the needs and More ❯

doing: Monitor, triage, and investigate security incidents on critical client infrastructure. In-depth analysis of network traffic, logs, and system events to identify potential security threats and vulnerabilities. Provide Incident Response support. Maintain, improve and develop team knowledge of SOC tools, security operations and triage. Prepare reports for managed clients to both technical and non-technical audiences and … continuously improve their content and presentation. Maintain and update security incident documentation, including incident reports, analysis findings, and recommended mitigation strategies. What you will bring : Experience in Security Operations Centre. Demonstrable experience of Managing Microsoft Sentinel or Splunk implementations. Knowledge and experience with Mitre Att&ck Framework. Solid grasp of client-server applications, multi-tier web applications, relational More ❯

SOC Analyst (L3) - Senior Incident Responder Location: Birmingham (Hybrid) Salary: Up to £70,000 (depending on experience) + bonus NOTE: Candidates for this role must be eligible for UK Security Clearance (SC). We’re looking for a hands-on L3 Senior Incident Responder who can lead on complex security investigations, manage high-severity incidents, and bring real … Splunk and wider SIEM technologies. This is a critical role within the SOC, where you’ll be the escalation point for L1 and L2 analysts and take ownership of incident containment, remediation, and post-incident review. What you’ll do: Act as the L3 escalation point , leading investigations into complex incidents escalated by L1/L2 analysts. Use … Splunk and other SIEM tools to detect, investigate, and respond to security events. Perform detailed forensic analysis, root cause analysis, and malware investigation. Lead incident response activities end-to-end, ensuring containment, eradication, and recovery. Develop, refine, and own SOC use cases, runbooks, and playbooks to drive continual service improvement. Liaise directly with clients, providing clear guidance and More ❯

Day Rate: £382.50 per day Inside IR35 The Role We are seeking an experienced SOC Level 2 Analyst to join our Security Operations Center, supporting threat detection, investigation, and response across enterprise systems. You'll work with leading security technologies, responding to advanced threats and guiding L1 analysts in a fast-paced, collaborative environment. Key Responsibilities Investigate and remediate … tools such as Splunk and Microsoft Defender. Perform forensic analysis to identify root causes and recommend containment and recovery actions. Develop detection use cases, improve processes, and maintain accurate incident documentation. Collaborate with IT and security teams to strengthen overall detection and response capability. Essential Skills & Experience 6-8 years in cybersecurity, with strong SOC or incident response experience. Proficient in SIEM (Splunk, ArcSight) and EDR (Defender, CrowdStrike, Carbon Black). Strong knowledge of digital forensics, malware analysis, and threat hunting. Skilled across Windows, Linux, and cloud environments. Familiar with frameworks such as MITRE ATT&CK, NIST, and ISO 27001. Scripting experience (Python, PowerShell) beneficial. Preferred Certifications SOC-related (CySA+, Blue Team L1, GCIH, GCIA More ❯

and threat-intelligence feeds to spot anomalies. Threat Hunting: Use forensic tools to track indicators of compromise across networks. Vulnerability Management: Run scans, prioritize remediation tasks, and validate fixes. Incident Response Support: Coordinate with SRE and DevOps teams to contain breaches. Report & Recommend: Draft concise, actionable incident summaries for executive stakeholders. Continuous Learning: Attend weekly knowledge-shares … Clear, concise communication skills for both technical and business audiences. Nice-to-Haves Exposure to cloud security (AWS, Azure, or GCP). Hands-on lab or internship experience with incident response. Entry-level certs like CompTIA Security+ or GIAC GSEC in progress. Why Our Client? Competitive package: £36,000-£43,000 + performance bonus. Flexibility: Choose your workspace—office More ❯

Manage identity and access management (IAM) in a cloud-first environment, including Azure AD, MFA, Conditional Access, SSO, and Privileged Access Management (PAM). • Lead threat monitoring, detection, and response using cloud-native security solutions such as Microsoft Defender, Sentinel, and SIEM platforms. • Ensure compliance with cloud security frameworks and regulatory requirements (ISO 27001, NIST, GDPR, SOC2, FCA). … SOC2), and risk management best practices. • Identity & Access Management (IAM): Expertise in Azure AD, MFA, Conditional Access, Single Sign-On (SSO), and Privileged Access Management (PAM). • Threat Management & Incident Response: Ability to detect, respond to, and mitigate cyber threats using SIEM, endpoint security, and vulnerability management tools. • Networking & Infrastructure Security: Understanding of firewalls, VPNs, SD-WAN, DNS More ❯

implement the company's security strategy across AI, blockchain, and cloud environments. Establish policies, standards, and governance frameworks aligned with industry best practices (ISO 27001, NIST, SOC2). Lead incident response, risk assessment, and threat modelling programmes. Build and mentor a world-class security team. AI Data Security Protect proprietary AI models, training data, and pipelines from data … Skills & Experience 15+ years of progressive experience in Information Security, with a minimum of 7-8 years focused on cybersecurity. Proven track record in cybersecurity strategy, team leadership, and incident management. Deep knowledge of blockchain protocols, smart contracts (Solidity, Rust), cryptography, and custody systems. Strong expertise in cloud security, DevSecOps, and secure software development lifecycle (SSDLC). Understanding of More ❯

Job summary The Senior Security Analyst (Ops) sits within the Protective Monitoring function of the Cyber Security Operations Centre (CSOC). The CSOC is made up of Protective Monitoring, Incident Management, Threat Operations, Engineering and Consultancy. The role is a Tier 3 analyst in the Cloud Protective Monitoring Sub team. Cyber Operations purpose is to support safe care and … Delivery Unit (CDU). Cyber Improvement Programme. Chief Information Security Office Function (CISO) The post of Senior Security Analyst has been awarded a Recruitment and Retention Premia (RRP) in response to current labour market conditions. In recognition of this, the role attracts an additional monthly RRP payment equal to 20% per annum. Please be aware that RRP is none … contractual and subject to review. Main duties of the job As a Senior Security Analyst Ops you will: Provide Tier 3 security analytics and incident response for service-specific security monitoring. Deputise for Security Lead (Analyst) in their absence. Act as an escalation point for Tier 2 Analysts for incidents and investigations. Offer mentorship and guidance to Tier More ❯

from day one. Key Responsibilities Lead the development, implementation, and continuous improvement of the RSPBs cyber security strategy. Act as the senior accountable executive for cyber risk, compliance, and incident response. Provide expert advice to the CDTO, trustees, and executive board on cyber threats, risks, and mitigation strategies. Embed a cyber-aware culture across the organisation through training, awareness … campaigns, and policy enforcement. Maintain oversight of cyber KPIs, threat intelligence, and incident response protocols. Ensure compliance with relevant regulatory frameworks (e.g., PCI DSS, NIST, ISO 27001) Build and maintain strategic relationships with external partners, including regulators and the National Cyber Security Centre. Represent cyber security in major organisational change programmes and digital transformation initiatives. Essential Qualifications Professional … full ownership of the cyber function. Strong communication skills with the ability to translate technical risk into business impact. Decisive and calm under pressure, particularly in high-risk or incident scenarios. Skilled in building high-trust relationships with internal and external stakeholders. Desirable Experience in cyber leadership within the charity or not-for-profit sector. Evidence of sector-wide More ❯

day one. Key Responsibilities Lead the development, implementation, and continuous improvement of the RSPB’s cyber security strategy. Act as the senior accountable executive for cyber risk, compliance, and incident response. Provide expert advice to the CDTO, trustees, and executive board on cyber threats, risks, and mitigation strategies. Embed a cyber-aware culture across the organisation through training, awareness … campaigns, and policy enforcement. Maintain oversight of cyber KPIs, threat intelligence, and incident response protocols. Ensure compliance with relevant regulatory frameworks (e.g., PCI DSS, NIST, ISO 27001) Build and maintain strategic relationships with external partners, including regulators and the National Cyber Security Centre. Represent cyber security in major organisational change programmes and digital transformation initiatives. Essential Qualifications Professional … full ownership of the cyber function. Strong communication skills with the ability to translate technical risk into business impact. Decisive and calm under pressure, particularly in high-risk or incident scenarios. Skilled in building high-trust relationships with internal and external stakeholders. Desirable Experience in cyber leadership within the charity or not-for-profit sector. Evidence of sector-wide More ❯

teams to identify and remediate vulnerabilities across hardware and software. Act as the primary technical liaison with the Business Continuity Planning (BCP) team, supporting BIAs and resilience obligations. Lead incident response investigations, mitigation, and ongoing security improvements. Support Cyber Essentials Plus accreditation and contribute to maintaining a strong external security rating. Produce clear reporting, dashboards, and technical documentation More ❯

Security Manager, you'll be the technical lead in our IT Security team, responsible for: Designing and implementing scalable, secure architectures and strategies Leading threat assessments, vulnerability management, and incident response Driving cloud security governance and DevSecOps frameworks Evaluating and deploying security tools and technologies Ensuring compliance with GDPR, PCI-DSS, SOX, and other standards Leading and mentoring More ❯

V, VMware) and implement endpoint security solutions including EDR, anti-malware, and DLP. Monitoring & Threat Detection Operate and optimise SIEM tools (Splunk, Microsoft Sentinel) for proactive threat detection and incident response. Vulnerability Management Perform vulnerability assessments using Qualys and Tenable, driving remediation and continuous improvement. Compliance & Governance Align security controls with frameworks such as ISO 27001, NIST, CIS, and More ❯