1 to 25 of 203 Remote Incident Response Jobs

Overview We now have an exciting opportunity for an Associate Director to join our Digital Forensics and Incident Response (DFIR) team in London. As the senior member of the EMEA DFIR team with deep digital forensic experience, you will be integral to the wider EMEA practice, and in turn part of a global practice offering and influencing the … direction of our forensic technology and digital forensics incident response capability. The Discovery and Data Insights department is the hub of all technical consulting and you will provide digital forensics and incident response solutions for matters which involve cyber response investigations, digital forensic investigations, eDiscovery and data analytics. Our clients include law firms and Fortune … need to deploy the team and support crises. As the technical lead for engagements, you will provide direction to empower the team and provide quality assured, highly responsive forensic incident management. A significant portion of the role will require you to engage across the business to leverage technology consulting into all business development and go-to-market strategy. You More ❯

Incident Response (CSIRT)/SOC Level 3 Analyst Location: Crawley (Hybrid) Department: Information Systems Type: Contract Full-time Outside IR35 About the Role My client is seeking an experienced Incident Response (CSIRT)/Security Operations Centre (SOC) Level 3 Analyst to join their Information Systems directorate, based in Crawley. In this critical role, you'll respond … s network systems, operational technology, and customer data from emerging and sophisticated cyber risks. Key Responsibilities As a senior member of the Security Operations team, you will: Lead the response to escalated and high-severity cyber incidents, ensuring rapid containment and recovery. Conduct advanced threat hunting across IT and OT environments to identify and eliminate hidden threats. Develop and … enhance SOC policies, playbooks, and incident response processes to align with industry best practices. Collaborate with the Managed Security Service Provider (MSSP) and internal teams to ensure complete log source integration and effective alert correlation across cloud and on-prem environments. Support and develop the organisation's SOAR platform, creating automated workflows and improving response efficiency. Perform More ❯

Incident Response (CSIRT)/SOC Level 3 Analyst Location: Crawley (Hybrid) Department: Information Systems Type: Contract | Full-time Outside IR35 About the Role My client is seeking an experienced Incident Response (CSIRT)/Security Operations Centre (SOC) Level 3 Analyst to join their Information Systems directorate, based in Crawley. In this critical role, you'll respond … s network systems, operational technology, and customer data from emerging and sophisticated cyber risks. Key Responsibilities As a senior member of the Security Operations team, you will: Lead the response to escalated and high-severity cyber incidents, ensuring rapid containment and recovery. Conduct advanced threat hunting across IT and OT environments to identify and eliminate hidden threats. Develop and … enhance SOC policies, playbooks, and incident response processes to align with industry best practices. Collaborate with the Managed Security Service Provider (MSSP) and internal teams to ensure complete log source integration and effective alert correlation across cloud and on-prem environments. Support and develop the organisation's SOAR platform, creating automated workflows and improving response efficiency. Perform More ❯

Senior Cyber Incident Response InvestigatorFully UK RemoteDV Clearance or eligibility essential£80,000 + OT and On-Call earning £100,000+ Excellent opportunity for a candidate with Incident Response experience, DV Clearance or the ability to obtain it, and extensive experience with cyber forensic tools to join a business offering an entirely remote working position, the … key stakeholders within your client. This is a highly autonomous environment and you'll even set your own hours of work.The ideal candidate will have good experience within Cyber Response and have a wide range of experience with different cyber forensic tools. Candidates must be happy to travel to customer sites a few times a year, must be eligible … a wide and varied client base, remote working opportunities, and the chance to make a real difference to businesses across the UK and Europe! The Role: *Senior-Level Cyber Incident Response Investigator*Fully Remote*Helping businesses deal with real-time cyber-attacks remotely*Occasionally travelling to customer sites*£80,000 base + OT and On-all bumping total More ❯

Senior Cyber Incident Response Investigator Fully UK Remote DV Clearance or eligibility essential £80,000 + OT and On-Call earning £100,000+ Excellent opportunity for a candidate with Incident Response experience, DV Clearance or the ability to obtain it, and extensive experience with cyber forensic tools to join a business offering an entirely remote working … stakeholders within your client. This is a highly autonomous environment and you'll even set your own hours of work. The ideal candidate will have good experience within Cyber Response and have a wide range of experience with different cyber forensic tools. Candidates must be happy to travel to customer sites a few times a year, must be eligible … a wide and varied client base, remote working opportunities, and the chance to make a real difference to businesses across the UK and Europe! The Role: *Senior-Level Cyber Incident Response Investigator *Fully Remote *Helping businesses deal with real-time cyber-attacks remotely *Occasionally travelling to customer sites *£80,000 base + OT and On-all bumping total More ❯

strategic and hands-on Security Operations Manager to fortify our defences, drive compliance, and lead proactive risk mitigation across the organisation. You’ll oversee Security Operations and Engineering, manage incident response, and collaborate with IT, legal, and compliance teams to embed a culture of security awareness. If you're passionate about protecting assets and reputation while leading with … and implementation of strategic security plans to enhance MIB’s security posture and resilience Operational Resilience Identify within Security Operations and support the business on our Operational Resilience efforts Incident Response Management : Lead and coordinate from a Security perspective incident response efforts, ensuring timely and effective resolution of security incidents Budget Management The Security Operations Manager … Engineering teams. This includes the ability to mentor and guide team members, fostering a collaborative and high-performance environment Experience in budget management and control Extensive experience in security incident response leadership. This includes coordinating and managing incident response efforts, ensuring timely and effective resolution of security incidents. Relevant advanced security qualifications such as CISSP, GIAC. More ❯

qualification, and soft skills, have you got everything required to succeed in this opportunity Find out below. The Cloud Operations Specialist (L1) provides first-line monitoring, triage, and rapid incident response across Knox’s multi-tenant and single-tenant cloud environments. This role ensures system availability, security, and compliance within FedRAMP Moderate, FedRAMP High, and DoD IL4 environments. … documentation. The ideal candidate combines technical curiosity with discipline — capable of working in Linux, CLI, and cloud monitoring environments, while collaborating effectively with L2 and Security teams. *Key ResponsibilitiesMonitoring & Incident Response* * Monitor infrastructure, applications, and network health using tools such as Grafana, Wiz, CloudWatch, Datadog, and CrowdStrike Falcon. * Detect, triage, and escalate alerts based on severity and business … impact. * Document incident timelines, actions, and resolutions in ticketing systems (ServiceNow, Jira Service Management). * Follow established FedRAMP incident handling and escalation procedures. *Operational Support* * Execute predefined runbooks for system checks, restarts, and health verifications. * Validate post-maintenance and deployment health of systems and services. * Assist with system patching coordination, log collection, and audit evidence gathering. * Maintain situational More ❯

highly visible security operations function with global impact upon Colt, business units, partners, and customers. While working as part of this team, the successful individual will provide world class incident response functions to detect, protect, respond, and sustain operations within cyberspace. What you will do: Support SOC Manager to deliver the following SIEM, IR tools platform management including … health checks Responsible for operational activities, Technology escalation support, Security Solution assessment, build activities , existing Service maturing and Build activities assist Analyse potential infrastructure security incidents to determine if incident qualifies as a legitimate security breach Establishing and governing the security incident response processes, investigations and security operational processes. Maintenance and enhancement of formal service catalogue, service … with Colt’s long term priorities and strategy. Develop and grow the talent and people capability within the security teams. What We're Looking For? 6+ years Information Security Incident Response experience with a focus on detection and response to malicious activity using log data from various sources preferred. Strong Networking and Systems experience, preferably in an More ❯

Unit 42 Consulting Unit 42 Consulting is Palo Alto Networks' elite security advisory team. Our vision is to create a more secure digital world by delivering the highest quality incident response, risk management, and digital forensic services to clients of all sizes. Our team comprises highly recognized experts and incident responders with deep technical expertise and extensive … experience in investigations, data breach response, digital forensics, and information security. With a proven track record of delivering mission-critical cybersecurity solutions, we work swiftly to provide effective incident response, attack readiness, and remediation plans, focusing on long-term support to enhance our clients’ security posture. Job Description Your Career Unit 42 is a dynamic, energetic, and … dynamic environments. Deep Cybersecurity Domain Mastery: At least 10 years of experience selling complex Security solutions or services, including a profound understanding and proven success in: Offensive Security Services Incident Response Retainers Risk Management Services SOC Assessment Services Threat Intelligence Services Channel Ecosystem Acumen: A profound understanding of global channel partners and a proven ability to strategically leverage More ❯

Head of IT Security Incident and Threat Management - Solihull Crimson and IMI have joined forces to build IMI's new security team, and we are looking for talented individuals to join us on this exciting journey. If you are passionate about IT security and want to be part of a dynamic team that is shaping the future of security … within a successful global company, we want to hear from you! We are seeking a highly skilled and experienced Head of IT Security Incident and Threat Management to join our team. In this role, you will be responsible for leading the strategic efforts to safeguard the company's digital assets against potential threats and incidents. This role requires a … seasoned professional with a deep understanding of cybersecurity, incident response an threat management within a FTSE 100 environment. The salary on offer for this position is between £90,000 and £110,000 per annum plus benefits. Please note this role is based on site for the first 3 months followed by a hybrid working arrangement. Key Responsibilities Develop More ❯

lead and develop a team of security professionals, oversee the delivery and ongoing management of our security infrastructure, and act as the go-to technical expert in threat detection, incident response, and vulnerability management. Were looking for someone with strong leadership skills, a deep knowledge of the cyber security landscape, and a real passion for safeguarding digital assets. … and Data, helping to build strong cyber security awareness. Oversee day-to-day security operations, using tools like MDR, SIEM, endpoint protection, and firewalls to keep us protected. Lead incident response, creating and maintaining playbooks and ensuring quick, effective action during any breaches. Stay ahead of threats by managing vulnerabilities, coordinating penetration tests, applying patches, and analysing threat … record of leading and mentoring a team. Extensive experience with security technologies such as SIEM, firewalls, intrusion detection/prevention systems, and vulnerability scanning tools. In-depth knowledge of incident response procedures, threat hunting, and forensic investigation techniques. Strong understanding of networking protocols, operating systems, and cloud security principles. Qualifications Bachelor's degree in Computer Science, Information Security More ❯

customers with an integrated energy offering. Delivering our strategy sustainably is fundamental to achieving our ambition to be a net zero company by 2050 or sooner! The Cyber Security Incident Response Team (CSIRT), part of Counter Threat & Engineering (CT&E), responds to digital security threats and incidents globally from bp hubs in Houston, Sunbury, Kuala Lumpur, Pune, and … role is not eligible for relocation Remote Type: This position is a hybrid of office/remote working Skills: Automation system digital security, Client Counseling, Conformance review, Digital Forensics, Incident management, incident investigation and response, Information Assurance, Information Security, Information security behaviour change, Intrusion detection and analysis, Legal and regulatory environment and compliance, Risk Management, Secure development More ❯

customers with an integrated energy offering. Delivering our strategy sustainably is fundamental to achieving our ambition to be a net zero company by 2050 or sooner! The Cyber Security Incident Response Team (CSIRT), part of Counter Threat & Engineering (CT&E), responds to digital security threats and incidents globally from bp hubs in Houston, Sunbury, Kuala Lumpur, Pune, and … role is not eligible for relocation Remote Type: This position is a hybrid of office/remote working Skills: Automation system digital security, Client Counseling, Conformance review, Digital Forensics, Incident management, incident investigation and response, Information Assurance, Information Security, Information security behaviour change, Intrusion detection and analysis, Legal and regulatory environment and compliance, Risk Management, Secure development More ❯

customers with an integrated energy offering. Delivering our strategy sustainably is fundamental to achieving our ambition to be a net zero company by 2050 or sooner! The Cyber Security Incident Response Team (CSIRT), part of Counter Threat & Engineering (CT&E), responds to digital security threats and incidents globally from bp hubs in Houston, Sunbury, Kuala Lumpur, Pune, and … role is not eligible for relocation Remote Type: This position is a hybrid of office/remote working Skills: Automation system digital security, Client Counseling, Conformance review, Digital Forensics, Incident management, incident investigation and response, Information Assurance, Information Security, Information security behaviour change, Intrusion detection and analysis, Legal and regulatory environment and compliance, Risk Management, Secure development More ❯

have knowledge of ISO 27001 and ISAE 3402; You are familiar with security technologies such as XDR, EDR, SIEM, NAC, IDS/IPS, and SASE; You have experience with incident response, risk assessment, and security policy development; You have excellent command of both Dutch and English, in spoken and written communication. Wij bieden A competitive salary based on … services, monitor the effectiveness of the ISMS, and prepare regular reports for senior management. You liaise with auditors, clients, and vendors, conduct risk assessments and penetration tests, and manage incident response processes. Additionally, you oversee access management, data security, and the execution of business continuity and disaster recovery plans. You also lead security awareness programs and stay up … services, monitor the effectiveness of the ISMS, and prepare regular reports for senior management. You liaise with auditors, clients, and vendors, conduct risk assessments and penetration tests, and manage incident response processes. Additionally, you oversee access management, data security, and the execution of business continuity and disaster recovery plans. You also lead security awareness programs and stay up More ❯

opportunity to shape a secure and scalable platform at the crossroads of security, technology, and energy innovation. Key Responsibilities: Lead the architecture and design of ServiceNow SecOps modules (Security Incident Response, Vulnerability Response, Threat Intelligence, etc.). Integrate ServiceNow with cybersecurity tools (SIEM, SOAR, EDR, CMDB, OT/ICS). Work with cybersecurity, IT, and engineering teams … to automate and improve response workflows. Define and deliver the SecOps roadmap and best practices for multiple business units. Champion platform governance, scalability, and alignment with enterprise standards. Mentor delivery teams and ensure quality, performance, and security across implementations. What You Will Ideally Bring: Proven ServiceNow Architect experience, ideally across SecOps or IRM modules. Strong understanding of security operations … incident response, and vulnerability management. Hands-on expertise in ServiceNow workflows, Scripting, and integrations (REST/SOAP, MID Server). Experience supporting critical infrastructure (energy, utilities, or OT/ICS environments). Excellent stakeholder engagement and communication skills. Familiarity with security frameworks (NIST, ISO 27001) and regulations (eg, NIS2). Contract Details: Duration: 6 months (with potential for More ❯

posture across our three UK brands: PEXA UK, Smoove, and Optima Legal.You'll lead our Security Operations (SOC), Security Engineering, and Information Security and Governance functions, covering everything from incident response and secure architecture to audits, lender assurance, and compliance with ISO 27001 and FCA requirements.This is a senior leadership role offering the opportunity to define security strategy … SOC, engineering, and information security Represent UK security priorities in leadership forums, lender assurance discussions, and governance reviews Security Operations and Governance Oversee SOC operations ensuring timely threat detection, response, and resolution Continuously improve detection and response capabilities using Cortex XDR, Abnormal Security, Splunk, and Nucleus Manage vulnerability management end-to-end, from scanning and prioritisation to remediation … and dashboarding)o Abnormal Security (email security)o Prisma Cloud (cloud security posture management)o Airlock (application and API security)o Nucleus (vulnerability management and reporting) Deep knowledge of incident response, threat hunting, and vulnerability management. Excellent stakeholder management and communication skills - able to explain complex risks in simple terms. Experience building and mentoring high-performing teams across More ❯

variety of stakeholders to ensure, the Leidos CSOC, a Defensive Cyber Security capability, can support a customers Cyber Resilience, protecting them with a 24 x 7 Threat Detection and Response service, mitigating their risk of Cyber Attack. The successful candidate will be able to demonstrate experience from a CSOC background or be able to demonstrate sufficient transferable Cyber Security … reactive analysis, articulating emerging trends to leadership and staff. Use data collected from Cyber Defence tools firewalls, IDS, network traffic, UEBA (User Entity Behaviour Analysis), Security Orchestration and Automated Response (SOAR) etc. to analyse events that occur within the environments. Respond to and correlate alerts from various detective and preventative Cyber Security tools such as Security Information Event Monitoring … SIEM), End Point Protection (EPP), End Point Detection and Response (EDR), XDR (Extended DR), Web Application Firewall (WAF), and Firewalls. Proactively detect suspicious activity, vulnerabilities, and security misconfigurations before they can be exploited by adversaries impacting Confidentiality, Integrity and Availability which could lead to a Cyber Security Incident. Inspection and correlation of logs from multiple sources to identify repeating More ❯

Cross-Team Collaboration Partner with Engineering, Product, and Support teams to resolve incidents and improve platform reliability. Support team scaling and rebalancing initiatives, especially around ownership of platform components. Incident Response & Reliability Lead incident response and root cause analysis for outages or performance issues. Maintain SLA commitments and communicate service availability metrics. Cost Optimisation & Vendor Management More ❯

to uncover anomalies. You'll also conduct proactive threat hunting and maintain detailed risk profiles for users, systems, and applications to support a strong security posture. Endpoint Detection and Response (EDR) You'll manage and maintain endpoint security and compliance, performing daily health checks and resolving any issues that arise. Working closely with Infrastructure teams, you'll ensure endpoint … implement and configure DLP solutions, define classification policies, and monitor for potential data leaks. Your work will help protect sensitive information and prevent unauthorised data exfiltration across the organisation. Incident Response You will form a key part of the incident response team when security incidents occur—analysing threats, assessing business impact, and be part of the … response lifecycle from containment to recovery. You'll document incidents thoroughly, follow established playbooks, and help improve them over time. Automation will be key to streamlining investigations and enriching threat intelligence. Testing and Validation You'll take part in cyber crisis simulations, penetration testing, and table-top exercises to ensure our defences are robust and response plans are More ❯

with suppliers on availability issues Support the HR, communications and engagement teams in any ICT set up for events, workshops and training sessions Learn the business continuity requirements and response arrangements if the ICT infrastructure were to fail or be attacked and support the incident response team to resolve the incident Be the recorder/scribe … for any incidents which may require the incident response team to act Shadow the IT Security Manager to learn the safeguards and monitoring systems in place Monitor and liaise with the IT Security Manager regarding any alerts via the Spycloud portal Desirable skills: Detail oriented and with a good eye on accuracy of data Friendly and helpful attitude More ❯

IT projects and infrastructure. Operational Oversight: Define and deploy control baselines, templates, and standards. Tooling & Effectiveness: Manage and monitor security operations tools such as Defender, Sentinel, Tenable, and CASB. Incident Response: Lead triage, coordinate crisis responses, and oversee post-incident reviews. Documentation & Governance: Maintain hardening guides, architecture diagrams, and lead working groups. Cross-Regional Alignment: Foster collaboration … global cybersecurity efforts. What You Bring Essential: Degree or equivalent experience in Information Security. Certifications such as Security+, CEH, CySA+, or Cloud Security Engineer. Extensive experience in cybersecurity, especially incident response and technical operations. Strong understanding of AWS and Azure cloud platforms. Familiarity with frameworks like NIST, ISO, COBIT, and OWASP. Proven success in leading and delivering security More ❯

cyber security incidents by analyzing logs, threat intel, and other sources of information. Functions as a liaison between the Technical Security team and business units to track and monitor incident response and provide status updates as needed. Analyzes alerts generated by various security tools to reduce false positives and increase alert effectiveness. Reviews audit trails for unauthorized access … management and tuning of security tools. Assists in identifying gaps in the current state of security operations and recommending ways to improve its effectiveness. Determines ways to automate the incident response process and implement improvements, with security engineering assistance. Resolves security tickets not related to incident response. Documents and tracks security incidents and breaches using the corporate More ❯

with Key Vault, SBOM and image scanning, policy-as-code and least privilege IAM. Drive reliability using SRE practices: define SLIs/SLOs, error budgets, capacity planning, chaos testing, incident response and blameless post-incident reviews. Partner with application squads to remove toil, improve developer experience (DX), and reduce lead time for changes through automation and platform … service catalog entries; contribute to onboarding guides and demo sessions for consumers of the platform. Participate in an on-call rota for critical platform services and lead/coordinate incident response when required. About you Strong hands-on experience with Microsoft Azure core services (networking, compute, storage) and platform services (AKS, App Services, API Management, Event Hub/… GitOps, and container build pipelines (e.g., ACR, OPA policies, image scanning). Working knowledge of observability tooling (Azure Monitor, Log Analytics, Application Insights, Datadog/Grafana) and alerting/response workflows. Understanding of the Microsoft Cloud Adoption Framework, Azure Landing Zones and the Well-Architected Framework. Familiarity with DevSecOps practices: threat modelling, dependency and container scanning, SBOM management, and More ❯

e.g., firewalls, SIEM, IDS/IPS, endpoint protection) Oversee access controls and identity management systems Conduct penetration testing and routine vulnerability scans Monitor networks and systems for threats; lead incident response efforts Perform root cause analysis and maintain incident response protocols Recommend enhancements to improve overall security posture Deliver security awareness training and ensure compliance with … segmentation Knowledge of Zero Trust architecture and cloud-native security practices Proficiency in identity and access management (Azure AD, MFA, SSO, RBAC) Skilled in log analysis, threat detection, and incident handling Excellent communication and stakeholder engagement abilities Certifications such as CEH, OSCP, CISSP, Security+, or GSEC are advantageous Benefits: 4% Pension Life Insurance 3 x salary 25 days annual More ❯