648 Incident Response Team Lead jobs in the United Kingdom

Cyber Incident Response Lead

60,000 - 70,000 + bonus + extensive benefits

Full Time / Permanent

Hybrid / West Midlands - 1 day a month in the office

The Role and Company:

I am looking for a driven Cyber Incident Response Lead to join a large nationally recognised brand head quartered in the West Midlands.

As the Cyber Incident Response Lead you will be responsible for protection of system assets and people from Cyber Security threats. You will work as part of a world class Cyber Security Incident Response Team ensuring that the business is prepared to respond in a coordinated manner to any Cyber Security incidents the organisation may face.

We are ideally looking for someone Midlands based who can be on site in Warwickshire 1 day a month on average.

Key Responsibilities:

• Lead and mentor a small but growing team of Incident Responders.
• Lead the coordination of incident response efforts related to Cyber Security incidents.
• Plan and deliver incident readiness activities such as exercises.
• Facilitate and manage relationships with required stakeholders.
• Lead in-depth post incident reviews to understand root cause and identify improvement opportunities.
• Work with the appropriate stakeholders to ensure all improvement opportunities identified during incident response are remediated accordingly.
• Own Incident Response documentation ensuring its regularly reviewed and updated where required.
• Prepare and deliver incident reports to required stakeholders.

Experience required:

• Proven experience coordinating complex Cyber Security Incident Response in an enterprise organisation.
• Extensive experience leading post incident review and root cause analysis efforts.
• Experience leading a small team is preferred but are open to developing the right person looking to move into leadership.
• Experience implementing ITIL best practices within an enterprise organisation is preferred.

Please apply via the link or contact (url removed) for more information

Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law.

Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers.

By applying for this role your details will be submitted to Modis International Ltd and/ or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.

Our client is a prominent energy services provider seeking an experienced and forward-thinking Cyber Security Operations Lead to join their established team. This role is based in Aberdeen, Scotland, UK , offering a hybrid work arrangement that blends essential on-site collaboration with remote flexibility. You will be pivotal in managing and evolving the Security Operations Center (SOC) functions, ensuring the continuous monitoring, detection, and rapid response to cyber threats. This position requires a deep understanding of security frameworks, incident response methodologies, and a proven ability to lead a team in safeguarding critical infrastructure.

Key Responsibilities:

• Lead, mentor, and develop a team of SOC analysts, fostering a high-performance culture and ensuring operational excellence.
• Oversee the 24/7 monitoring of security alerts and events using SIEM, IDS/IPS, EDR, and other security tools.
• Develop and refine incident response playbooks and procedures to ensure timely and effective mitigation of security incidents.
• Conduct in-depth analysis of security threats, vulnerabilities, and potential breaches, providing clear and actionable reports.
• Manage the lifecycle of security incidents from detection and containment to eradication and recovery.
• Collaborate with IT infrastructure and application teams to implement security controls and remediate vulnerabilities.
• Stay abreast of the latest cyber threats, attack vectors, and security technologies, integrating new defenses as necessary.
• Contribute to security awareness training programs for employees.
• Manage relationships with third-party security service providers and vendors.
• Drive continuous improvement initiatives within the SOC, enhancing detection capabilities and reducing response times.
• Ensure compliance with industry regulations and internal security policies.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent professional experience.
• Minimum of 5 years of experience in information security operations, with at least 2 years in a leadership or supervisory role.
• Strong understanding of SIEM technologies, network security principles, endpoint security, and cloud security concepts.
• Proficiency in incident response methodologies and digital forensics.
• Experience with vulnerability management and penetration testing concepts.
• Excellent analytical and problem-solving skills, with the ability to make sound decisions under pressure.
• Strong leadership, communication, and interpersonal skills.
• Relevant certifications such as CISSP, CEH, GIAC (e.g., GCIH, GCFA) are highly desirable.
• Experience working in a hybrid environment.

This is an excellent opportunity to take on a leadership role in a critical function within a major industry player. We offer a competitive salary, comprehensive benefits, and a supportive work environment.

**The team you'll be working with:**
**Security Operations Manager**
**About Us**
NTT DATA is one of the world's largest global security services providers, with over 7,500 security SMEs. We work with leading security technology vendors and pride ourselves on delivering innovative and effective solutions. Our people, clients, and communities are at the core of what we do. We're seeking individuals passionate about building a more secure and sustainable world.
**Role Purpose**
As a Security Operations Manager, you will oversee the day-to-day operations of the Security Operations Centre (SOC). You will lead a team of security analysts and engineers to deliver high-quality services, respond to incidents, and improve operational performance. This role focuses on managing service delivery, supporting incident response, and ensuring operational efficiency within established frameworks and guidelines.
**What you'll be doing:**
**What you'll be doing;**
**Service Delivery**
+ Manage and oversee SOC operations and delivery of managed security services to clients.
+ Monitor service performance against SLAs and KPIs, ensuring consistent and high-quality execution.
+ Implement standard procedures and best practices for incident management, threat monitoring, and vulnerability assessments.
+ Serve as the escalation point for client concerns and day-to-day operational issues.
+ Conduct regular reviews and contribute to client reports and communications.
**Incident Response Support**
+ Coordinate and manage incident response efforts in collaboration with senior SOC staff and technical teams.
+ Ensure timely detection, escalation, containment, and resolution of security incidents.
+ Support post-incident reviews and help implement recommendations for continuous improvement.
**Team Leadership & Development**
+ Lead and mentor a team of SOC analysts, providing regular feedback and training.
+ Organise team schedules to maintain 24/7 SOC coverage (if applicable).
+ Promote knowledge sharing and adherence to operational playbooks and standards.
**Operational Improvements**
+ Identify opportunities to streamline processes and improve SOC effectiveness.
+ Support implementation of tools and automation to enhance detection and response.
+ Assist with operational maturity assessments and track metrics like MTTD and MTTR.
**Collaboration and Reporting**
+ Work with internal stakeholders and technical teams to ensure smooth service delivery.
+ Provide input into customer-facing documentation, such as incident summaries and operational dashboards.
+ Maintain awareness of emerging threats and ensure appropriate measures are taken.
**Key Performance Indicators (KPIs)**
+ Reduction in MTTD and MTTR.
+ Adherence to SLA and KPI targets.
+ Client satisfaction and feedback scores.
+ Team performance and skills development.
+ Operational compliance and audit readiness.
**What experience you'll bring:**
**What you'll bring;**
We're looking for a hands-on, proactive professional with the following:
+ 5+ years in a Security Operations Centre or related security environment.
+ At least 2 years of experience in a team lead or supervisory role.
+ Strong understanding of incident detection, escalation, and resolution processes.
+ Experience with tools like SIEM, IDS/IPS, endpoint protection, and threat intelligence platforms.
+ Ability to manage team performance and guide junior staff in their development.
+ Excellent verbal and written communication skills.
+ Strong attention to detail and commitment to quality.
+ Relevant certifications (e.g., CompTIA Security+, GCIH, SSCP, CEH); CISSP or CISM is a plus but not mandatory.
+ Eligible for UK SC clearance.
**Who we are:**
We're a business with a global reach that empowers local teams, and we undertake hugely exciting work that is genuinely changing the world. Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects.
Our inclusive work environment prioritises mutual respect, accountability, and continuous learning for all our people. This approach fosters collaboration, well-being, growth, and agility, leading to a more diverse, innovative, and competitive organisation. We are also proud to share that we have a range of Inclusion Networks such as: the Women's Business Network, Cultural and Ethnicity Network, LGBTQ+ & Allies Network, Neurodiversity Network and the Parent Network.
For more information on Diversity, Equity and Inclusion please click here: Creating Inclusion Together at NTT DATA UK | NTT DATA ( we'll offer you:**
We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing. Our Learning and Development team ensure that there are continuous growth and development opportunities for our people. We also offer the opportunity to have flexible work options.
You can find more information about NTT DATA UK & Ireland here: are an equal opportunities employer. We believe in the fair treatment of all our employees and commit to promoting equity and diversity in our employment practices. We are also a proud Disability Confident Committed Employer - we are committed to creating a diverse and inclusive workforce. We actively collaborate with individuals who have disabilities and long-term health conditions which have an effect on their ability to do normal daily activities, ensuring that barriers are eliminated when it comes to employment opportunities. In line with our commitment, we guarantee an interview to applicants who declare to us, during the application process, that they have a disability and meet the minimum requirements for the role. If you require any reasonable adjustments during the recruitment process, please let us know. Join us in building a truly diverse and empowered team.
Back to search Email to a friend Apply now

**The team you'll be working with:**
**Security Operations Director JD**
We are currently recruiting for a dynamic Security Operations Director to join our growing Security Operations Centre business.
This vacancy is hybrid variable Birmingham or London
**About Us**
NTT DATA is one of the world's largest Global Security services providers with over 7500 Security SMEs and Integration partner to many of the worlds most recognised Security Technology providers. We strive to hire exceptional, innovative, and passionate individuals who want to grow with us. In a constantly changing world, we work together with our people, clients and communities to enable them to fulfil their potential to do great things. We believe that by bringing everyone together, we can solve problems using innovative technology that can create a world that is sustainable and secure.
This is a great opportunity for you to play a pivotal role in helping to shape our client's transformation journeys.
**What you'll be doing:**
**What you'll be doing;**
The Security Operations Director is responsible for overseeing security operations at both strategic and operational levels. The role ensures the effectiveness of security practices, manages incidents, drives operational maturity improvements, and oversees containment and recovery activities. Operating at SFIA Level 6, the role requires the initiation, definition, and oversight of high-impact security operations activities, including incident response, operational maturity improvement, containment, and recovery efforts. The Director is responsible for aligning security initiatives with business objectives and ensuring the organisation's resilience against evolving threats.
**What to expect:**
Using your background in SOC Service Delivery background and experience, you will:
+ **Pre-Sales Support and Business Development**
+ Partner with sales and business development teams to define and articulate the value proposition of the security offerings, including SOC services, incident response, threat intelligence, vulnerability management, and compliance.
+ Represent the security operations function in client engagements, pre-sales discussions, and technical assessments, positioning the organisation's capabilities to meet client needs.
+ Design and present tailored solutions and service models based on customer-specific challenges, industry regulations, and threat landscapes.
+ Collaborate with delivery teams to create accurate statements of work (SOWs) and ensure alignment between client requirements and achievable security operations deliverables.
+ Influence product roadmaps by providing feedback from client conversations, ensuring services meet market demands and technological advancements.
+ **Service Delivery Assurance**
+ Oversee the performance and quality of security services delivered to customers, ensuring compliance with agreed service-level agreements (SLAs) and adherence to key performance indicators (KPIs).
+ Implement governance mechanisms to standardise service delivery processes, ensuring scalability and operational consistency.
+ Drive the adoption of best practices, playbooks, and standardised methodologies to optimise efficiency and ensure repeatable, high-quality engagements across the MSSP space.
+ Act as the primary escalation point for high-profile or complex client engagements, resolving concerns effectively to maintain satisfaction and long-term partnerships.
+ Conduct regular client reviews to assess alignment with evolving business needs, strengthen relationships, and identify opportunities for service enhancements or upselling.
+ **Budget and Financial Management**
+ Develop and manage the overall financial plan for the security operations function, including budgeting, cost control, and profitability analysis.
+ Monitor operational expenses and identify opportunities for cost reduction through improved processes, technology adoption, and automation.
+ Ensure the profitability of MSSP services through meticulous financial forecasting, revenue tracking, and margin analysis.
+ Track the return on investment (ROI) of SOC tools, technologies, and team members, ensuring financial decisions support the organisation's strategic goals.
+ Collaborate with finance teams to refine MSSP pricing models, maintaining market competitiveness while ensuring profit margins meet or exceed targets.
+ Lead efforts to reduce non-billable activities and maximise the utilisation of SOC personnel for billable client engagements.
+ **Incident Response and Management**
+ Develop and implement incident response frameworks and playbooks in alignment with industry best practices (e.g., NIST CSF, MITRE ATT&CK, ISO 27035) to standardise and optimise response efforts.
+ Oversee the deployment, configuration, and utilisation of security tools such as SIEMs, IDS/IPS, endpoint protection systems, forensics tools, and threat intelligence feeds to enhance detection and response capabilities.
+ Direct teams during high-severity incidents, ensuring coordination between SOC teams, internal business units, and external stakeholders to minimise business disruption.
+ Act as the primary escalation point for operational challenges during incident response processes and ensure timely resolution of complex technical security incidents.
+ Supervise the execution of routine security operations, including monitoring, vulnerability assessments, penetration testing, and remediation, ensuring compliance with organisational and regulatory security policies.
+ Drive post-incident reviews to evaluate response effectiveness, extract insights, and implement lessons learned to improve future incident handling.
+ Leverage insights from incidents and operational metrics to identify weaknesses in existing systems or processes and recommend long-term improvements.
+ **Security Operations Maturity Improvement**
+ Assess the overall maturity of the Security Operations Center (SOC) against industry-accepted models (e.g., SOC-CMM) and implement improvements.
+ Drive automation and modernisation initiatives, such as deploying SOAR tools to improve response times and process efficiency.
+ Define and monitor metrics such as Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR), ensuring continuous operational improvement.
+ Strengthen SOC team capabilities through tailored training programs and coaching, promoting professional development.
**Key Performance Indicators (KPIs)**
+ Reduction in Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR).
+ Success rate of incident containment efforts within predefined response windows.
+ Time to full system recovery after incidents, aligned with BC/DR objectives.
+ SOC maturity improvements against established benchmarks (e.g., SOC-CMM).
+ Satisfaction levels of stakeholders during significant incidents and operational reviews.
+ Operation of the Security Operations in line with financial revenue, growth and profitability targets
**What experience you'll bring:**
**What you'll be doing;**
It starts with amazing people, challenging projects and a work environment that supports the creation of tangible solutions that make an impact. You will need to have a broad experience of security service delivery management and have evidence of experience in a number of the following fields of expertise:
+ At least 10 years of experience in providing technical support and advice for a Security Operations Centre and 5 years in leadership role managing SOC's and Security Operations.
+ Proven success in managing large-scale incident response, enhancing operational maturity, and aligning security strategies with organisational goals.
+ Excellent communication and client relationship skills to interface with clients, stakeholders, and senior leadership.
+ Significant experience and ability to manage and lead in crisis situations, ensuring a swift and effective response.
+ Demonstrable experience in leading and coordinating diverse teams effectively.
+ Excellent English writing skills for technical documents and improving processes (such as policies and reports).
+ Outstanding English verbal communication skills with the ability to explain things in a clear and non-technical way.
+ Strong attention to detail and the ability to deliver high quality work and build high performing teams.
+ A relevant and recognised professional Security / Risk / Compliance certification supporting the role, such as CISSP, CISM, CCISO, GCIH, CRISC, etc.
+ A valid right to work in the UK.
+ Have held UK SC clearance or be eligible for obtaining UK SC clearance.
**Who we are:**
We're a business with a global reach that empowers local teams, and we undertake hugely exciting work that is genuinely changing the world. Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects.
Our inclusive work environment prioritises mutual respect, accountability, and continuous learning for all our people. This approach fosters collaboration, well-being, growth, and agility, leading to a more diverse, innovative, and competitive organisation. We are also proud to share that we have a range of Inclusion Networks such as: the Women's Business Network, Cultural and Ethnicity Network, LGBTQ+ & Allies Network, Neurodiversity Network and the Parent Network.
For more information on Diversity, Equity and Inclusion please click here: Creating Inclusion Together at NTT DATA UK | NTT DATA ( we'll offer you:**
We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing. Our Learning and Development team ensure that there are continuous growth and development opportunities for our people. We also offer the opportunity to have flexible work options.
You can find more information about NTT DATA UK & Ireland here: are an equal opportunities employer. We believe in the fair treatment of all our employees and commit to promoting equity and diversity in our employment practices. We are also a proud Disability Confident Committed Employer - we are committed to creating a diverse and inclusive workforce. We actively collaborate with individuals who have disabilities and long-term health conditions which have an effect on their ability to do normal daily activities, ensuring that barriers are eliminated when it comes to employment opportunities. In line with our commitment, we guarantee an interview to applicants who declare to us, during the application process, that they have a disability and meet the minimum requirements for the role. If you require any reasonable adjustments during the recruitment process, please let us know. Join us in building a truly diverse and empowered team.
Back to search Email to a friend Apply now

Security Operations Manager - Central London

Hybrid Working:

A market leading professional services company based in London are looking for a Security Operations Manager to join their Information Security department on a permanent basis.

The post holder will work closely with the Group Chief Information Security Officer on the companies Information Security Strategy.

The role will see you splitting your time between being technically hands on and leading a team of security specialists.

Responsibilities:

• Design, build and manage the security operations systems.
• Help maintain, support and improve systems, tools and processes.
• Manage and mentor a team of Security Specialists.
• Create detailed Security documentation and best practise material.
• Develop incident response procedures.
• Be the escalation point for high level security issues.
• Work closely with Security Architecture, GRC and Technology teams.

Experience Required:

• Extensive experience in the information security field.
• Extensive experience leading and motivating teams of Security Engineers.
• Deep understanding of Security Operations, DevOps, Automation, Cloud and Incident Response Tools.
• A degree in Computer Science or Information Security would be beneficial but not essential.

In line with the Conduct Regulations 2003, when advertising permanent vacancies JNC Recruitment are acting as an Employment Agency, and when advertising temporary/contract vacancies JNC Recruitment are acting as an Employment Business

Senior Specialist - Cyber Security Operations
Location: Witham, Essex (full-time, office based)

Are you ready to put on the superhero cape of IT? This role is all about keeping digital baddies at bay, strengthening defences, and making sure security operations run like clockwork in a global business.

What's in it for you?

• 30+ days off each year (including your birthday)

• A flexible benefits pot worth up to 20% of your salary

• Genuine career growth opportunities - not just lip service

• Performance bonus, pensions, medical cover and more

• Charity days, matching donations and "Pay It Forward" initiatives

What you'll be doing
You'll join a collaborative Cyber Security Operations team and get involved with:

• Handling Tier II-IV incidents and troubleshooting

• Change and configuration management

• Policy optimisation and risk reduction

• Patch, OS and capacity management

• Event monitoring and vulnerability management

• Security incident response and project support

What we're looking for

• 5+ years in network security within large-scale operations

• Experience with technologies such as Cisco ASA, FirePower, Palo Alto, Zscaler, BlueCoat, F5 ASM and FireEye

• Strong skills in analysing network traffic using tools like Wireshark, tcpdump and Fiddler

• Confident in Unix/Linux CLI

• Excellent troubleshooting, communication and collaboration skills

Bonus points if you bring

• Certifications such as BlueCoat BCCPA/BCCPP, Palo Alto PCNSE, Cisco CCNA/CCNP Security, or SANS/GIAC

• Experience with AWS and/or Azure environments

• F5 ASM, FireEye HX & NX expertise

Why this role stands out
You'll be joining a truly global company where security operations are valued at the core of the business. Expect a vibrant, inclusive culture, supportive leadership, and the scale to grow your career while making a real impact.

How to apply
If your happy place is packet captures, firewalls and risk reduction, and you're ready to take on a global challenge right here in Witham, we'd love to hear from you. Apply now and let's see if this could be your next adventure.

Senior Specialist - Cyber Security Operations
Location: Witham, Essex (full-time, office based)

Are you ready to put on the superhero cape of IT? This role is all about keeping digital baddies at bay, strengthening defences, and making sure security operations run like clockwork in a global business.

What's in it for you?

• 30+ days off each year (including your birthday)

• A flexible benefits pot worth up to 20% of your salary

• Genuine career growth opportunities - not just lip service

• Performance bonus, pensions, medical cover and more

• Charity days, matching donations and "Pay It Forward" initiatives

What you'll be doing
You'll join a collaborative Cyber Security Operations team and get involved with:

• Handling Tier II-IV incidents and troubleshooting

• Change and configuration management

• Policy optimisation and risk reduction

• Patch, OS and capacity management

• Event monitoring and vulnerability management

• Security incident response and project support

What we're looking for

• 5+ years in network security within large-scale operations

• Experience with technologies such as Cisco ASA, FirePower, Palo Alto, Zscaler, BlueCoat, F5 ASM and FireEye

• Strong skills in analysing network traffic using tools like Wireshark, tcpdump and Fiddler

• Confident in Unix/Linux CLI

• Excellent troubleshooting, communication and collaboration skills

Bonus points if you bring

• Certifications such as BlueCoat BCCPA/BCCPP, Palo Alto PCNSE, Cisco CCNA/CCNP Security, or SANS/GIAC

• Experience with AWS and/or Azure environments

• F5 ASM, FireEye HX & NX expertise

Why this role stands out
You'll be joining a truly global company where security operations are valued at the core of the business. Expect a vibrant, inclusive culture, supportive leadership, and the scale to grow your career while making a real impact.

How to apply
If your happy place is packet captures, firewalls and risk reduction, and you're ready to take on a global challenge right here in Witham, we'd love to hear from you. Apply now and let's see if this could be your next adventure.

Infrastructure & Security Operations Lead

Slough (Onsite with Flexibility) | Up to £70,000 Basic + £6k Car Allowance + Up to 20% Bonus

An Infrastructure Manager role for a hands-on, multi-domain generalist who can take ownership of a live IT estate spanning network, infrastructure, and cybersecurity. You’ll be the operational glue – managing third-party vendors, owning high-priority incidents, and driving platform consistency, performance, and security across a complex multi-site business. Ideal for someone calm under pressure, confident managing internal and external teams, and comfortable switching between technical detail and high-level oversight.

What’s on offer:

Up to 20% performance bonus, private healthcare, generous Christmas hamper, optional car allowance, and entry into a company-wide partnership scheme after 12 months (profit share model).

What we’re looking for:

• 5–10 years in infrastructure or IT operations, ideally in a multi-site environment
li>Strong knowledge of Microsoft tech – Entra ID, Intune, Azure, Active Directory, Office 365 < i>Skilled in DNS, VPNs, Citrix, scripting (PowerShell), monitoring, and firewall management
• Calm and structured under pressure – a safe pair of hands for business-critical systems
< i>Proven experience leading incident response and owning service escalations
• Strong vendor management skills and a focus on cost, compliance, and documentation

This is a key role for a reliable, service-minded professional who takes pride in uptime, security, and continuous improvement.

Infrastructure & Security Operations Lead

Slough (Onsite with Flexibility) | Up to £70,000 Basic + £6k Car Allowance + Up to 20% Bonus

An Infrastructure Manager role for a hands-on, multi-domain generalist who can take ownership of a live IT estate spanning network, infrastructure, and cybersecurity. You’ll be the operational glue – managing third-party vendors, owning high-priority incidents, and driving platform consistency, performance, and security across a complex multi-site business. Ideal for someone calm under pressure, confident managing internal and external teams, and comfortable switching between technical detail and high-level oversight.

What’s on offer:

Up to 20% performance bonus, private healthcare, generous Christmas hamper, optional car allowance, and entry into a company-wide partnership scheme after 12 months (profit share model).

What we’re looking for:

• 5–10 years in infrastructure or IT operations, ideally in a multi-site environment
li>Strong knowledge of Microsoft tech – Entra ID, Intune, Azure, Active Directory, Office 365 < i>Skilled in DNS, VPNs, Citrix, scripting (PowerShell), monitoring, and firewall management
• Calm and structured under pressure – a safe pair of hands for business-critical systems
< i>Proven experience leading incident response and owning service escalations
• Strong vendor management skills and a focus on cost, compliance, and documentation

This is a key role for a reliable, service-minded professional who takes pride in uptime, security, and continuous improvement.