2,058 Incident Response jobs in the United Kingdom
Senior Cyber Security Analyst - Incident Response
Posted 1 day ago
Job Viewed
Job Description
At Aberdeen, our ambition is to be the UK’s leading Wealth & Investments group. Strengthening talent and culture is a strategic priority to attract and retain the industry’s best talent. Our people put stakeholders at the heart of everything we do, helping to make a positive difference to the lives of our clients, customers, colleagues, shareholders and society. We are focused on growing our direct and advised wealth platforms and repositioning our specialist asset management business to meet client demand, supported by leading technology and talent.nAberdeen comprises three businesses, interactive investor (ii), Investments, and Adviser, each focused on meeting and adapting to our clients’ evolving needs.ninteractive investor, the UK’s second largest direct-to-consumer investment platform, enables individuals in the UK to plan, save, and invest in the way that works for them.nOur Adviser business provides financial planning solutions and technology for UK financial advisers, enabling them to create value for their customers.nOur Investments business is a specialist asset manager that focuses on areas where we have both strength and scale to capitalise on key market themes, through either public markets or alternative asset classes.nAbout the role
The Senior Cyber Security Analyst role is an integral part of the Cyber Security Operations team. This role is technical and will support the Cyber Response Lead in responding to escalated security alerts from L1 and L2 analysts, and in proactively developing and tuning detection rules. The role reports to the Cyber Response Lead and is based in Edinburgh. The role holder will work closely with the Cyber Security Operations Centre, other security functions, specialist 3rd party security suppliers, and the global IT and business teams.nKey Responsibilities
Conduct thorough investigations to determine root cause, scope and impact of security alerts escalated from L1 and L2 security analysts.nMonitor detection and response KPIs.nSupport detection rule management, implementing new rules and tuning out false positives.nMaintain incident response plans and playbooks.nSupport in documenting incidents and response actions in detailed post-incident reporting.nManage the Information Security Queue in relation to Cyber Response tickets.nCoordinate and collaborate with internal and external stakeholders, such as IT, business and audit teams on security-related matters.nRecommend and implement security posture improvements, collaborating with IT teams to ensure security measures are integrated into systems.nAbout the Candidate
Experience in Cyber Security , ideally within an international asset management or similar large organisations.nPassion for security and self-development
to keep up to date with the evolving threat and vulnerability landscape, new technologies and service improvements.nAble to work in an international matrix organisation
with complex and dynamic drivers and constraints.nComfortable with a fast-paced multi-threaded working environment .nProficiency in Microsoft Security Stack
– Strong hands-on experience with Microsoft’s security ecosystem, including the Defender suite and related identity protection technologies.nProficiency with Microsoft Sentinel
(SIEM/SOAR) for security monitoring, detection and incident response, including configuring, tuning, maintaining, analysing alerts and incidents, developing hunting queries (KQL), automation playbooks, and integration with other security controls.nExperience with security tools outside the Microsoft ecosystem , such as IDS/IPS, vulnerability scanners, web and email filtering, web application firewalls, DDoS protections, proxies, host-based protections and malware analysis engines.nGood understanding of Cyber Detection and Response Concepts
such as MITRE ATT&CK framework for mapping adversary behaviours and improving detection coverage.nInclusion and Benefits
We are proud to be a Disability Confident Committed employer. If you have a disability and would like to apply to UK roles under the Disability Confident Scheme, notify us in the candidate questionnaire so we can support your application process.nOur benefitsnWe offer an environment where you can learn, get involved and be supported. Rewards include 40 days’ annual leave, 16% employer pension contribution, a discretionary performance-based bonus (where applicable), private healthcare and flexible benefits such as gym discounts and season ticket loans. More about our benefits is available in the candidate materials.nOur businessnOur business is structured around three areas focusing on client needs. You can find out more about what we do in our candidate materials.nAn inclusive way of working
Aberdeen supports a blended working approach, combining office collaboration with the flexibility of working from home. We value an inclusive culture where diverse perspectives drive our actions. If you need assistance with your application or an adjustment to interview arrangements due to a disability, please let us know and we will help. We are committed to an inclusive workplace where all forms of difference are valued and where meritocracy, fairness and transparency guide our actions.
#J-18808-Ljbffrn
Senior Cyber Security Analyst - Incident Response
Posted 1 day ago
Job Viewed
Job Description
At Aberdeen, our ambition is to be the UK's leading Wealth & Investments group. Strengthening talent and culture is one of our strategic priorities. We strive to make Aberdeen a great place to work so that we can attract and retain the industry's best talent. Our people put our stakeholders at the heart of everything they do by helping us to make a positive difference to the lives of our clients, customers, colleagues, shareholders, and society. We are focused on growing our direct and advised wealth platforms and repositioning our specialist asset management business to meet client demand. We are committed to providing excellent client service, supported by leading technology and talent.
Aberdeen comprises three businesses, interactive investor (ii), Investments, and Adviser, each of which focuses on meeting and adapting to our clients' evolving needs:
interactive investor, the UK's second largest direct-to-consumer investment platform, enables individuals in the UK to plan, save, and invest in the way that works for them.
Our Adviser business provides financial planning solutions and technology for UK financial advisers, enabling them to create value for their customers.
Our Investments business is a specialist asset manager that focuses on areas where we have both strength and scale to capitalise on the key themes shaping the market, through either public markets or alternative asset classes.
About the rolenThe Senior Cyber Security Analyst role is an exciting and integral part of the Cyber Security Operations team. This role is technical and will support the Cyber Response Lead in responding to escalated security alerts from L1 and L2 analysts, and proactively developing and tuning detection rules. The role reports directly to the Cyber Response Lead and is based in Edinburgh. The role holder will work closely with our Cyber Security Operation Centre and with other security functions as well as specialist 3rd party security suppliers and the global IT and business teams.
Key Responsibilities
Conduct thorough investigations to determine the root cause, scope, and impact of security alerts escalated from L1 and L2 security analysts.
Monitor detection and response KPIs
Support detection rule management, implementing new rules and tuning out false positives
Maintain incident response plans and playbooks
Support in documenting incidents and response actions in detailed post incident reporting
Manage the Information Security Queue in relation to Cyber Response tickets
Coordinate and collaborate with internal and external stakeholders, such as IT, business, and audit teams on security-related matters.
Recommend and implement security posture improvements, collaborating with IT teams to ensure security measures are integrated into systems
About the Candidate
Experience in Cyber Security , ideally within an international asset management or similar large organisations.
Passion for security and self-development
to keep up to date with the evolving threat and vulnerability landscape, new technologies and service improvements
Able to work in an international matrix organisation
with complex and dynamic drivers and constraints
Comfortable with a fast paced
multi-threaded working environment
Proficiency in Microsoft Security Stack
- Strong hands-on experience with Microsoft's security ecosystem, including the Microsoft Defender suite (MDE, MDO, MDA, MDI) and related identity protection technologies (Azure AD Identity Protection, Conditional Access).
Proficiency with Microsoft Sentinel
(SIEM/SOAR) for security monitoring, detection, and incident response. The ideal candidate will have practical experience configuring, tuning, and maintaining these solutions, analysing alerts and incidents, developing advanced hunting queries (KQL), developing automation playbooks, and integrating with other security controls and solutions.
Experience with security tools outside of the Microsoft eco-system , such as IDS/IPS, vulnerability scanners, web and email filtering, webapp firewalls and DDoS protections, proxies, host-based protections and malware analysis engines
Good understanding of Cyber Detection and Response Concepts
such as the MITRE ATT&CK framework for mapping adversary behaviours and improving detection coverage
Disability and inclusionnWe are proud to be a Disability Confident Committed employer. If you have a disability and would like to apply to one of our UK roles under the Disability Confident Scheme, please notify us by completing the relevant section in our candidate questionnaire. One of our team will reach out to support you through your application process.
Our benefitsnThere's more to working life than coming home with a good salary. We have an environment where you can learn, get involved and be supported.
When you join us, your reward will be one of the best around. This includes 40 days' annual leave, a 16% employer pension contribution, a discretionary performance-based bonus (where applicable), private healthcare and a range of flexible benefits - including gym discounts, season ticket loans and access to an employee discount portal. You can read more about our benefits here.
Our businessnEnabling our clients to be better investors drives everything we do. Our business is structured around three distinct areas - our vectors of growth - focused on our clients' changing needs. You can find out more about what we do here.
An inclusive way of workingnWhatever way you like to work, if you have the talent and commitment to join our team, we'd like to hear from you.
At Aberdeen we've adopted a 'blended working' approach. This approach combines the benefits of face-to-face collaboration, coaching and connecting in our offices with the flexibility of working from home. It enables colleagues to find a balance that works for their roles, their teams, our clients and our business.
An inclusive culture, where diverse perspectives drive our actions, is at the core of who we are and what we do. If you need assistance with your application, or a reasonable adjustment to your interview arrangements - for example, because you are neurodivergent, or have a physical, sensory, cognitive, mental, visible or invisible disability - please let us know and we'll be happy to help.
We're committed to providing an inclusive workplace where all forms of difference are valued and which is free from any form of unfair or unlawful treatment. We define diversity in its broadest sense - this includes but is not limited to our diversity of educational and professional backgrounds, experience, cognitive and neurodiversity, age, gender, gender identity, sexual orientation, disability, religion or belief and ethnicity and geographical provenance. We support a culture that values meritocracy, fairness and transparency and welcomes enquiries from everyone.
If you need assistance or an adjustment due to a disability please let us know as part of your application and we will assist.
#J-18808-Ljbffrn
Information Security Analyst - SIEM & Incident Response
Posted 16 days ago
Job Viewed
Job Description
Responsibilities:
- Monitor security alerts and events generated by the SIEM system in real-time.
- Analyze security incidents, identify root causes, and perform detailed investigations.
- Develop and implement effective incident response procedures and playbooks.
- Conduct forensic analysis of security breaches and compromised systems.
- Configure and tune SIEM rules, correlation logic, and dashboards to enhance threat detection capabilities.
- Stay up-to-date with the latest cybersecurity threats, vulnerabilities, and attack vectors.
- Collaborate with IT teams to implement security controls and remediate vulnerabilities.
- Participate in security awareness training initiatives.
- Maintain accurate documentation of security incidents, investigations, and resolutions.
- Contribute to the continuous improvement of the SOC's operational processes and tools.
- Assist in vulnerability assessments and management activities.
- Provide support for security audits and compliance activities.
Qualifications:
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
- Minimum of 3-5 years of experience in information security, with a focus on SIEM operations and incident response.
- Hands-on experience with SIEM platforms (e.g., Splunk, QRadar, ArcSight).
- Strong understanding of common cyber threats, attack techniques, and mitigation strategies.
- Familiarity with network protocols, operating systems (Windows, Linux), and security technologies (firewalls, IDS/IPS, endpoint protection).
- Experience with forensic tools and techniques is a plus.
- Excellent analytical, problem-solving, and critical-thinking skills.
- Effective communication and interpersonal skills, with the ability to work collaboratively within a team.
- Relevant security certifications such as CompTIA Security+, CEH, GCIH are advantageous.
- Ability to work under pressure and respond effectively to security incidents.
- Must be eligible to work in the UK.
This is an exciting opportunity to join a critical function within a leading financial institution and make a tangible contribution to its security posture. If you are a proactive and skilled security professional, we encourage you to apply. The role is based in Bradford, West Yorkshire, UK .
Incident Response Operative
Posted 5 days ago
Job Viewed
Job Description
We provide maintenance and response across a vast area of some of the UK's busiest motorways and strategic highways across the east midlands and north of England. As many as 180,000 vehicles a day use certain sections of this vital network.
Our 200+ Amey people provide vital maintenance and respond to incidents to keep the travelling public moving.
The standard hours of work are on a 4 on 4 off pattern, rotating days and nights, averaging 42 hrs per week.
As part of a two-man crew across a wider team, you will be responsible for :
- All aspects of highway maintenance and response works including acting as first response dealing with incidents, Find and Fix, lamp scouting, routine and cyclic maintenance activities, litter picking, etc.
- Winter maintenance operations
- Attending project and safety briefings as required
- Driving/operating vehicles/plant requiring general and specialist skills including daily checks, reporting and recording any defects.
- Taking responsibility for the safety of yourself and others within your team to ensure compliance with relevant health and safety legislation and safe operation to protect members of the public, making use of our close call procedure and following our Zero code targets.
- Carrying out vehicle checks on all vehicles prior to use and at the end of each shift, correctly reporting and recording any defects.
- Keeping records and completing all necessary job packs and paperwork.
- Assessment, deployment, and removal of suitable pedestrian and traffic management
- Liaise with other employees of Amey, sub-contractors, emergency services, the police, the public, clients and customers.
- Covering callout/standby and absences such as annual leave.
At Amey, we don't just offer jobs, we offer opportunities to build fulfilling careers. As one of the top 1% of employers recognised by Investors in People, we are committed to your professional growth and wellbeing. Here's what you can expect when you join our team:
- Competitive Salary: Enjoy a competitive annual salary with the potential for yearly reviews to ensure you're rewarded for your contributions.
- Career Growth: Propel your career with clear, dynamic advancement opportunities to roles like Team Leader
- Training Opportunities: Unlock your potential with comprehensive training tailored to your growth.
- Personal Development Opportunities: Advance your personal growth through mentorship and access to our award-winning programs like our Leadership Development, , and Multicultural Leadership programs.
- Pension: Benefit from a generous pension scheme with company contributions for your future peace of mind.
- Holidays: Enjoy at least 24 days of holiday plus bank holidays, and the opportunity to buy further 5 days! Giving you plenty of time to relax and recharge.
- Flexible Benefits: Customise your benefits package with options like additional leave, cycle-to-work schemes, charitable giving, and gym memberships.
- Exclusive Discounts: Access our online portal filled with discounts from leading retailers, healthcare services, and more, helping you save on the things that matter.
- Social Impact: Take part in our community initiatives with 2x paid volunteering days a year, plus other opportunities to support fundraising and local projects.
- Full driving licence, with Class C HGV with Drivers CPC
- Experience on highways
- Experienced working outdoors in challenging weather conditions
- CSCS card (desirable)
Application Guidance
At Amey, we value a culture ff diversity and inclusion. We encourage applications from individuals who are passionate about making a positive impact, no matter their background, gender, race, or personal circumstances. We believe everyone deserves the opportunity to shine.
As a Disability Confident leader, we're proud to offer applicants with a disability an interview if they meet the minimum requirements for the role.
If you have any questions or need any adjustments during the recruitment process, don't hesitate to reach out to Kayla Caruth, our recruiter for this role, at (url removed)
#CVL #LI-KC1
Incident Response Operative
Posted 2 days ago
Job Viewed
Job Description
We provide maintenance and response across a vast area of some of the UK's busiest motorways and strategic highways across the east midlands and north of England. As many as 180,000 vehicles a day use certain sections of this vital network.
Our 200+ Amey people provide vital maintenance and respond to incidents to keep the travelling public moving.
The standard hours of work are on a 4 on 4 off pattern, rotating days and nights, averaging 42 hrs per week.
As part of a two-man crew across a wider team, you will be responsible for :
- All aspects of highway maintenance and response works including acting as first response dealing with incidents, Find and Fix, lamp scouting, routine and cyclic maintenance activities, litter picking, etc.
- Winter maintenance operations
- Attending project and safety briefings as required
- Driving/operating vehicles/plant requiring general and specialist skills including daily checks, reporting and recording any defects.
- Taking responsibility for the safety of yourself and others within your team to ensure compliance with relevant health and safety legislation and safe operation to protect members of the public, making use of our close call procedure and following our Zero code targets.
- Carrying out vehicle checks on all vehicles prior to use and at the end of each shift, correctly reporting and recording any defects.
- Keeping records and completing all necessary job packs and paperwork.
- Assessment, deployment, and removal of suitable pedestrian and traffic management
- Liaise with other employees of Amey, sub-contractors, emergency services, the police, the public, clients and customers.
- Covering callout/standby and absences such as annual leave.
At Amey, we don't just offer jobs, we offer opportunities to build fulfilling careers. As one of the top 1% of employers recognised by Investors in People, we are committed to your professional growth and wellbeing. Here's what you can expect when you join our team:
- Competitive Salary: Enjoy a competitive annual salary with the potential for yearly reviews to ensure you're rewarded for your contributions.
- Career Growth: Propel your career with clear, dynamic advancement opportunities to roles like Team Leader
- Training Opportunities: Unlock your potential with comprehensive training tailored to your growth.
- Personal Development Opportunities: Advance your personal growth through mentorship and access to our award-winning programs like our Leadership Development, , and Multicultural Leadership programs.
- Pension: Benefit from a generous pension scheme with company contributions for your future peace of mind.
- Holidays: Enjoy at least 24 days of holiday plus bank holidays, and the opportunity to buy further 5 days! Giving you plenty of time to relax and recharge.
- Flexible Benefits: Customise your benefits package with options like additional leave, cycle-to-work schemes, charitable giving, and gym memberships.
- Exclusive Discounts: Access our online portal filled with discounts from leading retailers, healthcare services, and more, helping you save on the things that matter.
- Social Impact: Take part in our community initiatives with 2x paid volunteering days a year, plus other opportunities to support fundraising and local projects.
- Full driving licence, with Class C HGV with Drivers CPC
- Experience on highways
- Experienced working outdoors in challenging weather conditions
- CSCS card (desirable)
Application Guidance
At Amey, we value a culture ff diversity and inclusion. We encourage applications from individuals who are passionate about making a positive impact, no matter their background, gender, race, or personal circumstances. We believe everyone deserves the opportunity to shine.
As a Disability Confident leader, we're proud to offer applicants with a disability an interview if they meet the minimum requirements for the role.
If you have any questions or need any adjustments during the recruitment process, don't hesitate to reach out to Kayla Caruth, our recruiter for this role, at (url removed)
#CVL #LI-KC1
Incident Response Analyst
Posted 2 days ago
Job Viewed
Job Description
Incident Response Analyst
Permanent - 52k - 57k + strong benefits
Location: Hybrid - South Wales
Your new company
I am looking to recruit an Incident Response Analyst to join a leader in the utilities space. The business have been investing in their cyber security and IT estate and are continuing to grow and enhance their security posture. The company has a strong reputation, and we have placed numerous people into careers there, with strong feedback.
Your new role
This is an interesting opportunity to help deliver strategy which will enhance the organisation's security resilience, proactively contributing to mitigating threats, at a good time when the company is expanding and investing in its IT and cyber security estate. Working alongside the SOC, the primary responsibility of an incident responder is to rapidly investigate and document cybersecurity incidents within the organisation. Key parts of the role:
- Monitor and analyse network traffic, system logs, and other data sources to identify potential security incidents.
- Investigate alerts and suspicious activity to determine if an incident has occurred.
- Contain affected systems and networks to prevent the incident from spreading.
- Implement temporary measures to mitigate the impact of the incident.
- Work with other teams, such as IT and security operations, to develop and implement a containment strategy.
- Analyse incident data to determine the root cause of the incident and identify recommendations for improvement.
- Document and report incidents to the incident response team and other relevant stakeholders.
- Stay informed about emerging cyber threats and vulnerabilities.
What you'll need to succeed
- Experience in a similar role, ideally around CNI and OT, with exposure to cyber plans.
- Proven experience operating in a SOC or a related cyber security role.
- In-depth knowledge of cyber threats, threat intelligence frameworks and cyber security best practice.
- Strong analytical and problem-solving skills.
- Ability to work independently and as part of a team.
- Excellent communication and interpersonal skills.
- Ability to obtain UK Security Clearance
What you'll get in return
- Salary of between 52k-57k
- Hybrid working 2/3 days in South Wales per week
- Possible bonus
- 5% pension contribution from you, the company pays 10%
- Enhanced pay for parental leave
- And more!
What you need to do now
If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV.
If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion about your career.
Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
Incident Response Engineer
Posted today
Job Viewed
Job Description
With more than 45,000 employees and partners worldwide, the Customer Experience and Success (CE&S) organization is on a mission to empower customers to accelerate business value through differentiated customer experiences that leverage Microsoftu2019s products and services, ignited by our people and culture.
Within CE&S, the Customer Service & Support (CSS) organization builds trust and confidence for every person and organization through delivering a seamless support experience. In CSS, we are powered by Microsoftu2019s AI technology to help consumers, businesses, partners, and more, resolve their issues quickly and securely, helping prevent future problems from occurring and achieving more from their Microsoft investment.
As an Incident Response engineer, you will be an elite member of a customer facing security support team leading incident response investigations for Microsoftu2019s enterprise customers. You have experience in analysing, triaging, scoping, containing, providing guidance for remediation, and determining the root cause of security incidents. You are familiar with collecting and analysing security incident related data to identify indicators of attack and compromise.
In the Customer Service & Support (CSS) team we are looking for people with a passion for delivering customer success. As an Incident Response Engineer, you will own, troubleshoot, and solve complex customer technical issues. This opportunity will allow you to accelerate your career growth, hone your problem-solving, collaboration and research skills, and deepen your technical proficiency.
This role is flexible in that you can work up to 100% from home.
Microsoftu2019s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
**Responsibilities**
**Responsibilities:**
Scope customer security incidents.
Understand and identify indicators of attack and indicators of compromise.
Investigate root cause of complex security incidents.
Analyse incident data from threat analytics tools.
Collaborate with the Security and Threat Intelligence teams by providing indicators of compromise and samples of malware from the customeru2019s environment.
Coordinate a response to the security incident with other Microsoft security and consulting teams.
Develop, document, and implement runbooks, capabilities, and techniques for Incident Response.
Perform security triage and analysis on endpoint, server, and network infrastructure.
Perform activities necessary for immediate containment and short-term resolution of incidents.
Maintain current knowledge and understanding of the threat landscape, emerging security threats, and vulnerabilities.
Maintain a high level of confidentiality.
Participate in the on-call rotation as required.
**Qualifications**
**Required/Minimum Qualifications (RQs/MQs)**
Demonstrated experience in customer-facing roles (Customer support experience is preferred).
Practical experience managing and troubleshooting Network, Windows Server, Windows Client, and Active Directory environments.
Working knowledge of Entra ID and Microsoft 365 management and troubleshooting experience.
Experience or passion in Cybersecurity and Security Incident Response.
Ability to manage complex Incident Response situations with a focus on deep technical troubleshooting and empathetic customer engagement.
Experience supporting large and complex geographically distributed enterprise environments with 1000+ users.
Bachelor's degree in Computer Science, Information Technology (IT), or related field AND demonstrated experience of technical support, technical consulting experience, or information technology experience.
**Additional or Preferred Qualifications (PQs)**
Experience in Security Incident Response with recent operational security experience (Indicator of Attack / Indicator of Compromise deep investigation, On-Premises data and Cloud log investigation, Malware Analysis, Threat Analytics, Threat Intelligence, endpoint security, etc.)
Experience in Network Security Administration, and/or Systems Administration with experience in Windows Server, Windows Client, and Active Directory Administration
Experience in Cloud investigations with Entra ID, Microsoft 365 and Microsoft Defender solutions
Experience with any Microsoft Defender solutions
Experience in Azure Identity management and troubleshooting
Kusto Query Language knowledge
Cloud experience with any of the major cloud providers, including cloud security, networking, and migration of multi-cloud or hybrid deployments
Automation (PowerShell and/or Python, Java, or a similar language, can be a beginner to intermediate level)
Preferred IT Industry certifications (Microsoft Certifications On-Prem or Cloud, SANS GCIH, CISSP, CEH, Amazon AWS, etc.)
Preferred Bacheloru2019s degree or higher in a technical field, or relevant work experience
**Language Qualification**
English Language: fluent in reading, writing and speaking.
Ability to meet Microsoft, customer and / or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud Background Check upon hire / transfer and every two years thereafter.
Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations ( .
Be The First To Know
About the latest Incident response Jobs in United Kingdom !
Incident Response Engineer
Posted today
Job Viewed
Job Description
With more than 45,000 employees and partners worldwide, the Customer Experience and Success (CE&S) organization is on a mission to empower customers to accelerate business value through differentiated customer experiences that leverage Microsoftu2019s products and services, ignited by our people and culture.
Within CE&S, the Customer Service & Support (CSS) organization builds trust and confidence for every person and organization through delivering a seamless support experience. In CSS, we are powered by Microsoftu2019s AI technology to help consumers, businesses, partners, and more, resolve their issues quickly and securely, helping prevent future problems from occurring and achieving more from their Microsoft investment.
As an Incident Response engineer, you will be an elite member of a customer facing security support team leading incident response investigations for Microsoftu2019s enterprise customers. You have experience in analysing, triaging, scoping, containing, providing guidance for remediation, and determining the root cause of security incidents. You are familiar with collecting and analysing security incident related data to identify indicators of attack and compromise.
In the Customer Service & Support (CSS) team we are looking for people with a passion for delivering customer success. As an Incident Response Engineer, you will own, troubleshoot, and solve complex customer technical issues. This opportunity will allow you to accelerate your career growth, hone your problem-solving, collaboration and research skills, and deepen your technical proficiency.
This role is flexible in that you can work up to 100% from home.
Microsoftu2019s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
**Responsibilities**
**Responsibilities:**
Scope customer security incidents.
Understand and identify indicators of attack and indicators of compromise.
Investigate root cause of complex security incidents.
Analyse incident data from threat analytics tools.
Collaborate with the Security and Threat Intelligence teams by providing indicators of compromise and samples of malware from the customeru2019s environment.
Coordinate a response to the security incident with other Microsoft security and consulting teams.
Develop, document, and implement runbooks, capabilities, and techniques for Incident Response.
Perform security triage and analysis on endpoint, server, and network infrastructure.
Perform activities necessary for immediate containment and short-term resolution of incidents.
Maintain current knowledge and understanding of the threat landscape, emerging security threats, and vulnerabilities.
Maintain a high level of confidentiality.
Participate in the on-call rotation as required.
**Qualifications**
**Required/Minimum Qualifications (RQs/MQs)**
Demonstrated experience in customer-facing roles (Customer support experience is preferred).
Practical experience managing and troubleshooting Network, Windows Server, Windows Client, and Active Directory environments.
Working knowledge of Entra ID and Microsoft 365 management and troubleshooting experience.
Experience or passion in Cybersecurity and Security Incident Response.
Ability to manage complex Incident Response situations with a focus on deep technical troubleshooting and empathetic customer engagement.
Experience supporting large and complex geographically distributed enterprise environments with 1000+ users.
Bachelor's degree in Computer Science, Information Technology (IT), or related field AND demonstrated experience of technical support, technical consulting experience, or information technology experience.
**Additional or Preferred Qualifications (PQs)**
Experience in Security Incident Response with recent operational security experience (Indicator of Attack / Indicator of Compromise deep investigation, On-Premises data and Cloud log investigation, Malware Analysis, Threat Analytics, Threat Intelligence, endpoint security, etc.)
Experience in Network Security Administration, and/or Systems Administration with experience in Windows Server, Windows Client, and Active Directory Administration
Experience in Cloud investigations with Entra ID, Microsoft 365 and Microsoft Defender solutions
Experience with any Microsoft Defender solutions
Experience in Azure Identity management and troubleshooting
Kusto Query Language knowledge
Cloud experience with any of the major cloud providers, including cloud security, networking, and migration of multi-cloud or hybrid deployments
Automation (PowerShell and/or Python, Java, or a similar language, can be a beginner to intermediate level)
Preferred IT Industry certifications (Microsoft Certifications On-Prem or Cloud, SANS GCIH, CISSP, CEH, Amazon AWS, etc.)
Preferred Bacheloru2019s degree or higher in a technical field, or relevant work experience
**Language Qualification**
English Language: fluent in reading, writing and speaking.
Ability to meet Microsoft, customer and / or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud Background Check upon hire / transfer and every two years thereafter.
Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations ( .
Incident Response Engineer
Posted today
Job Viewed
Job Description
With more than 45,000 employees and partners worldwide, the Customer Experience and Success (CE&S) organization is on a mission to empower customers to accelerate business value through differentiated customer experiences that leverage Microsoft's products and services, ignited by our people and culture.
Within CE&S, the Customer Service & Support (CSS) organization builds trust and confidence for every person and organization through delivering a seamless support experience. In CSS, we are powered by Microsoft's AI technology to help consumers, businesses, partners, and more, resolve their issues quickly and securely, helping prevent future problems from occurring and achieving more from their Microsoft investment.
As an Incident Response engineer, you will be an elite member of a customer facing security support team leading incident response investigations for Microsoft's enterprise customers. You have experience in analysing, triaging, scoping, containing, providing guidance for remediation, and determining the root cause of security incidents. You are familiar with collecting and analysing security incident related data to identify indicators of attack and compromise.
In the Customer Service & Support (CSS) team we are looking for people with a passion for delivering customer success. As an Incident Response Engineer, you will own, troubleshoot, and solve complex customer technical issues. This opportunity will allow you to accelerate your career growth, hone your problem-solving, collaboration and research skills, and deepen your technical proficiency.
This role is flexible in that you can work up to 100% from home.
Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
**Responsibilities**
**Responsibilities:**
+ Scope customer security incidents.
+ Understand and identify indicators of attack and indicators of compromise.
+ Investigate root cause of complex security incidents.
+ Analyse incident data from threat analytics tools.
+ Collaborate with the Security and Threat Intelligence teams by providing indicators of compromise and samples of malware from the customer's environment.
+ Coordinate a response to the security incident with other Microsoft security and consulting teams.
+ Develop, document, and implement runbooks, capabilities, and techniques for Incident Response.
+ Perform security triage and analysis on endpoint, server, and network infrastructure.
+ Perform activities necessary for immediate containment and short-term resolution of incidents.
+ Maintain current knowledge and understanding of the threat landscape, emerging security threats, and vulnerabilities.
+ Maintain a high level of confidentiality.
+ Participate in the on-call rotation as required.
**Qualifications**
**Required/Minimum Qualifications (RQs/MQs)**
+ Demonstrated experience in customer-facing roles (Customer support experience is preferred).
+ Practical experience managing and troubleshooting Network, Windows Server, Windows Client, and Active Directory environments.
+ Working knowledge of Entra ID and Microsoft 365 management and troubleshooting experience.
+ Experience or passion in Cybersecurity and Security Incident Response.
+ Ability to manage complex Incident Response situations with a focus on deep technical troubleshooting and empathetic customer engagement.
+ Experience supporting large and complex geographically distributed enterprise environments with 1000+ users.
+ Bachelor's degree in Computer Science, Information Technology (IT), or related field AND demonstrated experience of technical support, technical consulting experience, or information technology experience.
**Additional or Preferred Qualifications (PQs)**
+ Experience in Security Incident Response with recent operational security experience (Indicator of Attack / Indicator of Compromise deep investigation, On-Premises data and Cloud log investigation, Malware Analysis, Threat Analytics, Threat Intelligence, endpoint security, etc.)
+ Experience in Network Security Administration, and/or Systems Administration with experience in Windows Server, Windows Client, and Active Directory Administration
+ Experience in Cloud investigations with Entra ID, Microsoft 365 and Microsoft Defender solutions
+ Experience with any Microsoft Defender solutions
+ Experience in Azure Identity management and troubleshooting
+ Kusto Query Language knowledge
+ Cloud experience with any of the major cloud providers, including cloud security, networking, and migration of multi-cloud or hybrid deployments
+ Automation (PowerShell and/or Python, Java, or a similar language, can be a beginner to intermediate level)
+ Preferred IT Industry certifications (Microsoft Certifications On-Prem or Cloud, SANS GCIH, CISSP, CEH, Amazon AWS, etc.)
+ Preferred Bachelor's degree or higher in a technical field, or relevant work experience
**Language Qualification**
English Language: fluent in reading, writing and speaking.
Ability to meet Microsoft, customer and / or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud Background Check upon hire / transfer and every two years thereafter.
Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations ( .
Senior Information Security Analyst (SIEM & Incident Response)
Posted 4 days ago
Job Viewed
Job Description
Responsibilities:
- Manage, configure, and optimize the SIEM platform to effectively detect, analyze, and report on security threats and incidents.
- Develop and tune correlation rules, alerts, and dashboards to identify malicious activity and anomalies.
- Lead and coordinate incident response activities, including investigation, containment, eradication, and recovery.
- Perform forensic analysis of security incidents to determine root cause and impact.
- Conduct vulnerability assessments and penetration testing, and work with relevant teams to remediate findings.
- Develop and maintain incident response plans, playbooks, and standard operating procedures.
- Monitor security logs and threat intelligence feeds to stay ahead of emerging threats.
- Provide technical expertise and guidance on security best practices to IT and business units.
- Collaborate with internal teams and external stakeholders during security investigations.
- Stay current with the latest cybersecurity threats, vulnerabilities, and defense techniques.
- Contribute to the continuous improvement of the organization's overall security posture.
- Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field.
- Minimum of 5 years of experience in information security, with a strong focus on SIEM management and incident response.
- Hands-on experience with leading SIEM solutions (e.g., Splunk, QRadar, LogRhythm, Microsoft Sentinel).
- Proficiency in log analysis, threat hunting, and security event correlation.
- Strong understanding of network security, endpoint security, and cloud security principles.
- Experience with forensic tools and techniques for incident investigation.
- Knowledge of common attack vectors, malware, and intrusion techniques.
- Relevant security certifications such as CISSP, GCIA, GCIH, CEH, or equivalent are highly desirable.
- Excellent analytical, problem-solving, and critical thinking skills.
- Strong communication and interpersonal skills, with the ability to work effectively under pressure.