83 Incident Response jobs in the United Kingdom

We are representing a consultancy that are a leader in the Cyber Security and Incident response space. If you have experience leading the legal aspects of Data Breach case this could be the role for you. This role is open to any of the multiple offices my client has across the UK.

The client is looking for a Principal Associate to support and shape the delivery of expert incident response, digital risk, and cyber advisory services for a broad portfolio of global clients, from tech innovators and major insurers to public sector bodies and emergency services.

This award-winning cyber group is uniquely positioned at the intersection of law, digital forensics, and strategic response. With capabilities that span incident response, regulatory strategy, privacy law, threat intelligence, security controls, and tech litigation, they’re rewriting how legal support is delivered in high-pressure digital environments.

What You’ll Be Doing

You’ll play a critical role across matters ranging from real-time cyber incidents to regulatory investigations, and ongoing advisory support. Key responsibilities include:

• Leading and managing a caseload of cyber security incidents and data breaches
• Supporting strategic response plans for clients and helping them build resilience
• Providing coverage advice and monitoring counsel support for insurer clients
• Developing junior team members and helping grow our cyber legal offering
• Engaging directly with regulators, forensic experts, insurers, and corporate stakeholders
• Driving client solutions across legal, technical, and commercial dimensions

Ideal Candidate

• UK-qualified solicitor with 4+ years’ PQE
• Demonstrable experience in cyber and data protection law and experience working on Live Incidents
• Calm under pressure, especially in crisis situations and time-sensitive incident response
• Ideally experienced within the UK cyber insurance market (policy and claims exposure a bonus)
• Outstanding communicator, credible with clients, colleagues, and counterparties
• Familiar with SLA-driven work and high standards of compliance and reporting

Apply to start the conversation today.

Cyber Incident Response Lead

60,000 - 70,000 + bonus + extensive benefits

Full Time / Permanent

Hybrid / West Midlands - minimum 1 day a month in the office

The Role and Company:

I am looking for a driven Cyber Incident Response Lead to join a large nationally recognised brand head quartered in the West Midlands.

As the Cyber Incident Response Lead you will be responsible for protection of system assets and people from Cyber Security threats. You will work as part of a world class Cyber Security Incident Response Team ensuring that the business is prepared to respond in a coordinated manner to any Cyber Security incidents the organisation may face.

We are ideally looking for someone Midlands based who can be on site in Warwickshire 1-2 days a month on average.

Key Responsibilities:

• Lead and mentor a small but growing team of Incident Responders.
• Lead the coordination of incident response efforts related to Cyber Security incidents.
• Plan and deliver incident readiness activities such as exercises.
• Facilitate and manage relationships with required stakeholders.
• Lead in-depth post incident reviews to understand root cause and identify improvement opportunities.
• Work with the appropriate stakeholders to ensure all improvement opportunities identified during incident response are remediated accordingly.
• Own Incident Response documentation ensuring its regularly reviewed and updated where required.
• Prepare and deliver incident reports to required stakeholders.

Experience required:

• Proven experience coordinating complex Cyber Security Incident Response in an enterprise organisation.
• Extensive experience leading post incident review and root cause analysis efforts.
• Experience leading a small team is preferred but are open to developing the right person looking to move into leadership.
• Experience implementing ITIL best practices within an enterprise organisation is preferred.

Please apply via the link or contact (url removed) for more information

Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law.

Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers.

By applying for this role your details will be submitted to Modis International Ltd and/ or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.

Cyber Incident Response Lead

60,000 - 70,000 + bonus + extensive benefits

Full Time / Permanent

Hybrid / West Midlands - minimum 1 day a month in the office

The Role and Company:

I am looking for a driven Cyber Incident Response Lead to join a large nationally recognised brand head quartered in the West Midlands.

As the Cyber Incident Response Lead you will be responsible for protection of system assets and people from Cyber Security threats. You will work as part of a world class Cyber Security Incident Response Team ensuring that the business is prepared to respond in a coordinated manner to any Cyber Security incidents the organisation may face.

We are ideally looking for someone Midlands based who can be on site in Warwickshire 1-2 days a month on average.

Key Responsibilities:

• Lead and mentor a small but growing team of Incident Responders.
• Lead the coordination of incident response efforts related to Cyber Security incidents.
• Plan and deliver incident readiness activities such as exercises.
• Facilitate and manage relationships with required stakeholders.
• Lead in-depth post incident reviews to understand root cause and identify improvement opportunities.
• Work with the appropriate stakeholders to ensure all improvement opportunities identified during incident response are remediated accordingly.
• Own Incident Response documentation ensuring its regularly reviewed and updated where required.
• Prepare and deliver incident reports to required stakeholders.

Experience required:

• Proven experience coordinating complex Cyber Security Incident Response in an enterprise organisation.
• Extensive experience leading post incident review and root cause analysis efforts.
• Experience leading a small team is preferred but are open to developing the right person looking to move into leadership.
• Experience implementing ITIL best practices within an enterprise organisation is preferred.

Please apply via the link or contact (url removed) for more information

Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law.

Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers.

By applying for this role your details will be submitted to Modis International Ltd and/ or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.

Cyber Security Manager | Financial Services | Hybrid

Do you want to be a driving force in my client's DFIR team?

About the Role:

As a Cyber Security Manager, you will be responsible for monitoring, analyzing, and improving the security posture of the organization. You will drive the maturity of security monitoring, incident response, and threat intelligence capabilities, working closely with technical and business teams.

Key Responsibilities:

• Develop and refine security monitoring controls and use-cases to detect threats and anomalies.
• Investigate security incidents, conduct forensics analysis, and manage incident response processes.
• Collaborate with independent penetration testing programs and support risk assessment processes.
• Implement and mature threat intelligence capabilities and integrate with security monitoring frameworks.
• Develop and oversee vulnerability management programs, ensuring alignment with industry standards.
• Provide subject matter expertise on cyber security frameworks, including NIST, MITRE ATT&CK, and Kill Chain methodologies.

About You:

• Proven experience in Cyber Security, with a focus on incident response, security monitoring, and threat intelligence.
• Strong knowledge of security technologies, including SIEM tools, network security, IAM solutions, and DLP tools.
• Hands-on experience with incident investigation tools and network protocol analysis (e.g., Wireshark).
• Familiarity with cloud security assessments and industry benchmarks such as CIS.
• Experience with security frameworks such as NIST, MITRE ATT&CK, and the Cyber Kill Chain.
• Certifications such as GCIA, GCIH, or GCFA are highly desirable.

Package:

• £70,000 - £5,000 Junior
• 0,000 - 0,000 Senior (I need some man management experince here)
• Bonus
• Hybrid: 3 days on site (London) 2 days WFH

If you'd like to hear more I encourage you to apply today!

Cyber Security Manager | Financial Services | Hybrid

Do you want to be a driving force in my client's DFIR team?

About the Role:

As a Cyber Security Manager, you will be responsible for monitoring, analyzing, and improving the security posture of the organization. You will drive the maturity of security monitoring, incident response, and threat intelligence capabilities, working closely with technical and business teams.

Key Responsibilities:

• Develop and refine security monitoring controls and use-cases to detect threats and anomalies.
• Investigate security incidents, conduct forensics analysis, and manage incident response processes.
• Collaborate with independent penetration testing programs and support risk assessment processes.
• Implement and mature threat intelligence capabilities and integrate with security monitoring frameworks.
• Develop and oversee vulnerability management programs, ensuring alignment with industry standards.
• Provide subject matter expertise on cyber security frameworks, including NIST, MITRE ATT&CK, and Kill Chain methodologies.

About You:

• Proven experience in Cyber Security, with a focus on incident response, security monitoring, and threat intelligence.
• Strong knowledge of security technologies, including SIEM tools, network security, IAM solutions, and DLP tools.
• Hands-on experience with incident investigation tools and network protocol analysis (e.g., Wireshark).
• Familiarity with cloud security assessments and industry benchmarks such as CIS.
• Experience with security frameworks such as NIST, MITRE ATT&CK, and the Cyber Kill Chain.
• Certifications such as GCIA, GCIH, or GCFA are highly desirable.

Package:

• £70,000 - £5,000 Junior
• 0,000 - 0,000 Senior (I need some man management experince here)
• Bonus
• Hybrid: 3 days on site (London) 2 days WFH

If you'd like to hear more I encourage you to apply today!

Incident Response Assistant Manager (Client facing)

Hybrid/ flexible on location - London, Manchester, Birmingham, ect

£50k – £60k

A global Risk consultancy is looking for Strong Incident Response professionals to join their Cyber Response Team, within an area of huge growth and investment.

This is an excellent opportunity for exposure and growth! If you’re looking for the next step in your incident response career, we’d love to talk to you.

Day to day Responsibilities of an Incident Response Assistant Manager

• Manage cyber security incidents for clients, including digital forensics of relevant data
• Act as an advisor to clients on current cyber threats
• Liaise with clients on delivery and implementation

Requirements for an Incident Response Assistant Manager

• Broad knowledge and understanding across the cyber security landscape to be able to act as an advisor on the threat landscape
• Strong technical background (networks and programming knowledge)
• Proven experience working within Incident management and response
• Excellent communication both written and verbal.
• Incident Management Certifications are not necessary but are a nice to have! Such as CREST certified incident manager (CCIM) or GIAC Certified Incident Handler (GCIH)

If this looks interesting to you, please apply or reach out to Georgia at

Incident Response Assistant Manager (Client facing)

Hybrid/ flexible on location - London, Manchester, Birmingham, ect

£50k – £60k

A global Risk consultancy is looking for Strong Incident Response professionals to join their Cyber Response Team, within an area of huge growth and investment.

This is an excellent opportunity for exposure and growth! If you’re looking for the next step in your incident response career, we’d love to talk to you.

Day to day Responsibilities of an Incident Response Assistant Manager

• Manage cyber security incidents for clients, including digital forensics of relevant data
• Act as an advisor to clients on current cyber threats
• Liaise with clients on delivery and implementation

Requirements for an Incident Response Assistant Manager

• Broad knowledge and understanding across the cyber security landscape to be able to act as an advisor on the threat landscape
• Strong technical background (networks and programming knowledge)
• Proven experience working within Incident management and response
• Excellent communication both written and verbal.
• Incident Management Certifications are not necessary but are a nice to have! Such as CREST certified incident manager (CCIM) or GIAC Certified Incident Handler (GCIH)

If this looks interesting to you, please apply or reach out to Georgia at