382 Incident Response Team Lead jobs in the United Kingdom

Location:
North Greenwich, London/ Remote working

2 positions Available

Salary £36,500 - £42,000 plus fantastic benefits

About Us
As cyber threats continue to diversify and grow, so too does TfL's need to develop our cyber security culture and capabilities to ensure we continue to protect the services and systems which keep London moving. TfL's cyber security professionals play a critical and ever-increasing role in protecting these services and systems, safeguarding our customers as they travel across London's Transport network

About The Role
The purpose of this role is to deliver technical cyber security support. This support includes the security of TfL's fixed, mobile and virtual environments and associated data contained in these environments. The role will be responsible and accountable for the initial investigation and triaging of Cyber Security events escalating where necessary to senior analysts in the security operations team.

You will Identify, track and document existing and emerging threats for their capabilities and risk which will be used to inform TFL's threat detection capabilities, threat hunting and internal customers. Your role will ensure that all TfL functions are informed about their risks to cyber threats and that TFL are well positioned to identify attacks.

Key Accountabilities

• Responsible for proactively monitoring TfL systems for malicious activity and intrusions using real time data and alerting from various data sources measured against agreed SLAs.
• Responsible for ensuring processes and operational documentation is maintained, fit for purpose and updated regularly to reflect changing business needs.
• Responsible for implementing the TfL Incident Response process for Cyber Security Incidents, in collaboration with key stakeholder across the organisation
• Responsible for the triaging and investigation of notable events before elevating them to an incident and executing the incident response process.
• Responsible for investigating and handling escalated events and incidents in collaboration with key stakeholders and seeing them through to closure
• Responsible for tuning detection and monitoring tooling to provide high fidelity alerting worthy of further investigation and mitigating false positives.
• Responsible for keeping up to date with current cyber developments and trends, and maintaining your skills through continuous personal development and working collaboratively with colleagues, both internal and external to the team.

Skills

• Demonstrable skills in using security tooling to provide contextual data to allow for a thorough assessment of an event.
• Ability to communicate effectively written and verbally and influence others in order to minimise TfL's Cyber Risk through effective monitoring, detection and where necessary mitigation
• Ability to effectively use a SIEM solution to identify events that warrant further investigation
• Ability to prioritise tasks according to the risk posed to the TfL environment.
• Ability to use Threat Intelligence to aid the detection of potential cyber security events and incidents.
• Ability to work under pressure.

Knowledge

• Educated to Degree level or equivalent - industry recognised qualifications such as CEH, GCIH, GPEN, GDAT, CISSP
• Knowledge of cyber security and information security controls best practice with supporting qualifications where possible - such as Security+, Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), CPNI 10 and SANS 20.
• Knowledge of relevant legislation and government standards - including Security Policy Framework, Information Assurance Maturity Model, Security Essentials, Data Protection Act, Freedom of Information Act, EU Procurement Directives.
• A broad understanding of network and computer system architecture, operations and protocols.
• Understanding of information security management concepts to support solutions and processes.

Experience

• Experience of implementing and managing security monitoring and response in a complex organisation
• Experience of working in an operational environment such as a SOC, CSIRT or CERT function.
• Experience on leading the response to a Cyber Security incident or event
• Experience of mentoring junior analysts
• Knowledge of the Mitre ATTA&CK and NIST framework and how this can used to further improve security monitoring and detection.
• Knowledge of the Cyber Kill Chain
• Technical knowledge of computer network and systems and the necessary controls that can be used to prevent unauthorised access.

Advert closes Wednesday 10th September 2025 at 23.59
Excellent Benefits Include

• Final salary pension scheme
• Free travel for you on the TfL network
• Reimbursement of 75% of the cost of a standard class Ticket for National Rail travel from home or 75% reimbursement on a 28-day flexi ticket
• 30 days annual leave plus public and bank holidays
• TfL is committed to work-life balance, operating a hybrid working approach where business and role requirements allow
• Private healthcare discounted scheme (optional)
• Tax-efficient cycle-to-work programme
• Retail, health, leisure and travel offers
• Discounted Eurostar travel

Additional Information
Please apply supplying your CV preferably in ".docx" format. This document should be A4, in Arial 12 font, and a maximum of 2 pages per document.

If you are shortlisted you may be invited to take part in a Video interview. We endeavour to give candidates as much notice as possible however some interviews/ assessments will be organised at short notice and will require a degree of flexibility. We reserve the right to close the application window early if we receive a high volume of suitable applications.

Equality, diversity and inclusion
We are committed to equality, diversity and inclusion. We want to represent the city we serve, which will help us become a more innovative and efficient organisation. Our goal is to make our recruitment as inclusive as possible. We are a disability confident employer who guarantee an interview to any disabled candidate who meets all of the essential criteria. We also use anonymising software that removes identifying information from CVs and cover letters to make the process fair.

Many of our staff work flexibly in many different ways. Please talk to us at interview about the flexibility you need. We'll see what we can do.

We understand a confidence gap can get in the way of meeting spectacular candidates. So please don't hesitate to apply if you think you have what it takes even if you feel you don't meet all the criteria. We'd love to hear from you.

About Us
We are the tech company with people at heart.

At Advania, we believe in empowering people to create sustainable value through the clever use of technology. As one of Microsoft's leading partners in the UK, specialising in Azure, Security, Dynamics 365, and Microsoft 365, we have a proven track record of success in delivering transformational IT services.

Position Overview
We are looking for a Cyber Security Operations Manager to join our team in Manchester. This is a key role in terms of managing the Cyber Security services that we offer across our managed services portfolio.

You'll be at the forefront of managing, governing, and evolving the CSOC services, which operate around the clock, every day of the year. Your primary goal will be to ensure that the CSOC runs smoothly, efficiently, and is always prepared to meet the needs of an expanding client base.

Responsibilities

• Team Leadership: You'll coordinate and monitor the CSOC team while managing individual performance through KPIs and SLAs. Mentorship is vital here, so you'll guide senior technical staff and foster their professional growth.
• Project Management: You'll oversee various Cyber CSOC projects, ensuring they meet targets for efficiency and delivery timelines.
• Operational Oversight: Your expertise will come into play as you identify and respond to security incidents, improving processes to align with broader customer success goals.
• Customer Engagement: Engaging with clients is a big part of your job. You'll work closely with the Cyber sales team to retain existing clients and attract new ones.
• Resource Planning: You'll ensure that the team has the right resources at the right times, including managing schedules and on-call rotations
• Continuous Improvement: Identifying operational risks and driving improvements in services will be essential to maintain high standards and meet customer expectations
• Reporting & Communication: Regular reporting on service delivery and maintaining effective communication with both customers and internal teams will be part of your routine.

Qualifications & Experience
The right candidate will have:

• Professional experience in a cyber-focused operational management role that enables you to demonstrate the capabilities needed to lead our CSOC operation.
• Experience in building, managing and motivating a high-performance team of security focused individuals who can operate efficiently; effectively; productively and cost effectively driving individual and collective team performance and continual service improvement.
• Experience leading common security practices including incident detection and response, threat hunting, threat intelligence and major incident services
• Strong written and verbal communication skills with the ability to tailor communication to technical and non-technical audiences, with experience in comprehensive report writing and delivery of client facing meetings and presentations to internal and external stakeholders
• Experience working with SIEM platforms, primarily Microsoft Sentinel, including new to market and early-stage development and security products
• Awareness of cyber-attack techniques and how protective monitoring systems can be used for detection, mitigation, remediation and protection

Click here
for the list of benefits.

The budgeted salary for this role is between
£75,000 and £90,000
base salary, depending on experience.

Please note you also need to be eligible to obtain Security Clearance (SC). The criteria for this is stipulated by the UK government. It normally requires you to be a British national and resident in the UK for the last 5 years.

Hybrid Working
Our current hybrid working policy necessitates being in the office or at a client site 1 day per week. Each team within our organisation can decide how to implement this policy. If you have any questions after applying, please reach out to our recruitment team.

Our Selection Process
We are committed to ensuring an equitable experience for all candidates, regardless of race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, gender identity, or any other basis as protected by applicable law.

Please do let us know if you'll need any reasonable adjustments as part of the selection process by highlighting these on your application form.

As part of our commitment to our clients we will need to carry out background checks, including a criminal record check, for all offers of employment. If you have any unspent criminal convictions or questions about the screening process, please notify your recruiter once the application has been submitted.

We are
the
tech company with people at heart.
Tech is created for people. Our services impact every part of life. We are passionate about understanding your issues, your business, your needs. Our business is built around understanding people, and our employees are empowered to act on this understanding every day.

About the Role

We are seeking an experienced Operations Manager to join our security team. The successful candidate will be responsible for managing day-to-day operations across multiple security contracts, ensuring high standards of service delivery, compliance, and client satisfaction.

Key Responsibilities

• Oversee security operations across assigned sites.
• Manage and support security officers, supervisors, and site managers.
• Ensure compliance with company policies, SIA regulations, and contractual requirements.
• Conduct site visits, audits, and inspections to maintain service standards.
• Liaise with clients regularly, resolving any issues and ensuring strong working relationships.
• Produce reports on performance, incidents, and staffing.
• Support recruitment, training, and performance management of staff.
• Participate in rota planning and ensure sufficient cover for all sites.

Requirements

• Previous experience as an Operations Manager in the security industry is essential.
• Strong knowledge of SIA standards and security operations.
• Excellent communication and client relationship management skills.
• Ability to lead, motivate, and manage teams.
• Strong organisational and problem-solving abilities.
• Full UK driving licence and flexibility to travel to sites as required.

Job Type: Full-time

Pay: £33,000.00 per year

Language:

• English (preferred)

Work Location: In person

Company Description
Come join us and make a difference in the world

Discover more at

Job Description
We're on the lookout for someone with expertise in VMware Infrastructure based on Dell/HP server hardware with an emphasis on maintaining the environment to the latest security releases. The individual will be involved in providing high quality Infrastructure management to a large multi-client community as part of a focused security team. This individual will play a pivotal role, alongside the rest of the security team, to ensure environments are protected from known vulnerabilities, hardware is kept up to recommended BIOS/Firmware, ensuring contractual accreditation obligations are met. The individual will also require a strong background in the Windows server environment, and a working knowledge of Linux operation systems and NetApp SAN environments.

Essentially, We're Looking For An Individual Who Can Technically Manage The Security Of The VMware Infrastructure, Organise The Application Of Any Security Fixes And Schedule Routine Patching. This Will Involve Communication With Other Parts Of The NEC Business Units To Coordinate Implementations As Often This Is Performed In Parallel With Other Works. We Are Looking For Someone Who Could Work 2-3 Days Per Week From One Of Our Main Offices – And The Rest From Home. Our Offices Include

• Bracknell
• Hemel Hempstead
• Nottingham
• Hartlepool
• Alderley Edge
• Worcester

Roles & Responsibilities
VMWARE

• Implement scheduled updates to the multiple VMware vSphere Infrastructure environments across our datacentres.
• Ensure that the Dell/HP server hardware BIOS/Firmware is maintained to vendor recommended versions and in alignment with the VMware interoperability matrix.
• Implement updates to various VMware Aria Suite appliances (Automation, Operations, etc).
• Assist the wider security team to assess and resolve any known CVE's (Common Vulnerabilities and Exposures).

Qualifications
Qualifications
Essential

• Recent experience in a role focused on VMware vSphere Infrastructure environments.
• Extensive hands-on expertise with VMware platforms (GUI and CLI).
• Experience working with NetApp storage systems, alongside strong proficiency in Windows environments and exposure to Linux operating systems.
• A strong background working with Dell & HP server hardware.
• Eligible for Security Clearance

Desirable

• Experience working within an ITIL Environment
• Experience working within a large-scale Data Centre Environment
• Basic Understanding of Network Infrastructure – i.e. Routing, DNS.

Additional Information

Benefits
We pride ourselves in offering an excellent benefits package, including an above average pension scheme. When you join the team at NEC Software Solutions, you are provided with the following:

• Private Medical Cover funded by NEC for Employees (with the option to add family members at an additional cost)
• 25 days paid holiday with the option to buy/sell (FTE)
• 4 x basic salary life assurance cover funded by NEC (with the option to increase cover at an additional cost)
• A Group Pension Plan with fantastic employer contributions up to a maximum of 8.5%
• A selection of flexible benefits to suit your individual needs
• All colleagues get free access to LinkedIn Learning. Over 15000 courses covering a huge breadth of subjects. Learn about what you like, when you like, how you like.

Other Information

• Candidates must be able to demonstrate a pre-existing right to work and travel within the UK. Documentary evidence will be required.
• All offers are subject to satisfactory vetting, references and occupational health checks.
• Depending on the nature of the role a Disclosure Barring Service (DBS) check may also be required along with further vetting checks like SC and NPPV3

NEC Software Solutions is an equal opportunities employer, welcoming applications from all communities. If you require any reasonable adjustments or have specific accessibility needs during the recruitment or interview process, please feel free to share these with us. We are committed to ensuring an inclusive and accommodating experience for all candidates.

Who We Are
We're NEC Software Solutions (part of global tech giant NEC Corporation). While you read this ad, our software is helping to dispatch ambulances, support families, keep trains on the move, locate missing people and even test the hearing of newborn babies.

Working with us, you'll be helping our 3,000+ employees push the boundaries of what's possible and support amazing public services.

We work with governments, hospitals, police forces, housing providers, local authorities and more. We help them pay financial support faster, speed up treatments for patients and respond to emergencies in the right way. The more we do, the more our customers can do for others. And together, we make a world of difference.

We'd love your help. And we'll support you all the way.

MAN Commercial Protection are looking for full time Security Operations Administrators to join our Head Office Team in Solihull.

Shift pattern: 4 on 4 off 12 hour day shift.

Shift timings will be: 06:30-18:30.

Payrate: £13.50ph

Main Responsibilities:

• Manage a high volume of calls from colleagues and customers, ensuring issues are resolved in a prompt/efficient manner
• Assisting colleagues across the UK with booking on/off processes
• Report writing/completing incident forms
• Rostering/ scheduling, regularly communicating with site leaders and making required changes and updates
• Ensure any health & safety or HR issues are escalated accordingly
• Problem solving by liaising with contract managers regarding workplace issues, activity reports, complaints, and queries.
• Handling a high volume of both inbound and outbound calls from all levels throughout the organisation.
• Proactively keep up to date on new procedures, systems and information regarding the standard operation protocols of the company.
• Maintaining and sustaining an updated knowledge of all aspects of the company.

The ideal candidate will:

• Be passionate about delivering excellent customer service
• Have experience of a workforce management system
• Have a genuine desire to help push the business forward, looking at ways to continuously improve processes
• Have excellent communication skills
• Be able to work within a team as well as on their own and unsupervised
• Possess excellent communication and IT systems skills
• Can work under pressure whilst maintaining a positive attitude
• Have good time management skills
• Be able to work shift patterns and provide flexibility, where required

Qualifications and experience:

• Experience in the security industry would be advantageous but not essential
• Call centre / Helpdesk experience advantageous
• Experience using a time and attendance or workforce management system
• Knowledge of MS Office, Excel and Outlook advantage but not essential
• Experience of working on the telephones essential
• Experience of working with Timegate or similar roster management/time management software is preferred however not essential.
• SIA DS and CCTV are advantageous but not essential as training can be provided

Skills Required.

• A valid SIA SG or DS Licence - (CCTV Licence is advantageous but not essential as training will be provided)
• Competent computer skills with a good knowledge of computer systems.
• Excellent communication skills
• Ability to create comprehensive incident reports
• Ability to work independently and as part of a team
• A 5-year checkable work/education history is required
• Happy to help others attitude

Benefits:

• Full uniform supplied.
• Access to in-house training CCTV and First Aid
• Free International Professional Security Association (IPSA) membership
• Perks at Work High Street Discount Scheme
• Access to 24-hour counselling helpline through IPSA
• Access to 24-hour legal helpline through IPSA
• Double pay on Bank Holidays
• Full training provided
• Free parking
• Overtime available on request

If this sounds like the ideal role for you, please apply with your CV. We look forward to hearing from you

IND10

Senior SecOps Specialist

Location – Fully Remote

Salary - £80-90k + Bonus + Benefits

Currently working with a UK HealthTech firm who are in the process of building out their Cyber Defence capability and looking to bring in a cloud-based Security Operations Specialist.

This is a wide ranging role where you’ll be responsible for both Engineering and Analysis; monitoring and responding to incidents whilst also developing new detection rules and enhancing their monitoring infrastructure and tooling.

This is an incredible opportunity for an experienced SecOps specialist with experience of both SecOps Analysis and Engineering to join a growing yet established firm at a crucial point as they completely build out their Information and Cyber Security capability. Whilst they have the fundamentals in place, this is a relatively greenfield SOC buildout, where you will work alongside the SOC Manager to shape their SOC monitoring, detection and response function.

Key Responsibilities:

• Act as a lead and technical escalation point on the most complex incidents and investigations.
• Develop and engineer new detection rules, automating monotonous tasks where possible.
• Proactively research emerging and potential threat actors as a way of developing rules to safeguard against potential future threats.
• Mentor and train junior team members through complex incident response investigations.

Key Requirements:

• Significant experience working in a SOC environment (5 years minimum) , dealing with and responding to escalated and most high profile incidents.
• Comprehensive knowledge and experience utilising/fine-tuning the Microsoft Security stack – Defender, Sentinel, KQL, etc.
• Experience working in hybrid-cloud SOC environments – Azure/AWS preferably.
• Ability to articulate specific projects that you have built, developed or led on, specific to SecOps Engineering and Automation.

If you’re an experienced SecOps Specialist, looking to shape how one of the most innovative HealthTech firms build out their cyber defence capability and leave a lasting impact on one of the most reputable organisations whilst working alongside a team of genuine Cyber Security SMEs, click the to apply or get in touch directly –

Senior SecOps Specialist

Location – Fully Remote

Salary - £80-90k + Bonus + Benefits

Currently working with a UK HealthTech firm who are in the process of building out their Cyber Defence capability and looking to bring in a cloud-based Security Operations Specialist.

This is a wide ranging role where you’ll be responsible for both Engineering and Analysis; monitoring and responding to incidents whilst also developing new detection rules and enhancing their monitoring infrastructure and tooling.

This is an incredible opportunity for an experienced SecOps specialist with experience of both SecOps Analysis and Engineering to join a growing yet established firm at a crucial point as they completely build out their Information and Cyber Security capability. Whilst they have the fundamentals in place, this is a relatively greenfield SOC buildout, where you will work alongside the SOC Manager to shape their SOC monitoring, detection and response function.

Key Responsibilities:

• Act as a lead and technical escalation point on the most complex incidents and investigations.
• Develop and engineer new detection rules, automating monotonous tasks where possible.
• Proactively research emerging and potential threat actors as a way of developing rules to safeguard against potential future threats.
• Mentor and train junior team members through complex incident response investigations.

Key Requirements:

• Significant experience working in a SOC environment (5 years minimum) , dealing with and responding to escalated and most high profile incidents.
• Comprehensive knowledge and experience utilising/fine-tuning the Microsoft Security stack – Defender, Sentinel, KQL, etc.
• Experience working in hybrid-cloud SOC environments – Azure/AWS preferably.
• Ability to articulate specific projects that you have built, developed or led on, specific to SecOps Engineering and Automation.

If you’re an experienced SecOps Specialist, looking to shape how one of the most innovative HealthTech firms build out their cyber defence capability and leave a lasting impact on one of the most reputable organisations whilst working alongside a team of genuine Cyber Security SMEs, click the to apply or get in touch directly –