GTI - Cybersecurity Operations Engineer

About the role

Overall role purpose

In our Go Beyond network strategy 2025 our vision is to become ‘the most valued network in the profession’.

The Cybersecurity Operations Engineer plays a crucial role in managing the proactive, operational and reactive cybersecurity posture for GTIL and member firms globally.

This includes implementation, operations, maintenance and monitoring of key security services to provide the best insight, protection and value for the organisation.

The successful candidate will develop recommended operational tactics and procedures to enable GTIL, and their member firms, to effectively plan and execute cyber operations missions and cyber security cooperation programs. The candidate will conduct operational and systems engineering analysis of plans, capabilities, architectures, processes, and concepts to inform recommendations for GTIL, as well as member firms.

Main responsibilities

Cybersecurity Operations

+ Liaising with the firm’s MSSP to provide oversight of key monitoring services including but not limited to vulnerability management, EDR, secure email gateway and SIEM services.

+ Liaise with the various Business Unit stakeholders, MSSP, and cybersecurity vendors, with regards to provision and maintenance of operational and monitoring tools.

+ Respond to, redirect or escalate GTIL and Member Firm queries, in relation to impacting cybersecurity operations and potential threats, in a manner consistent with an understanding of impact and priority.

+ Oversee the security training and awareness programmes for GTIL.

+ Develop and maintain various levels of documentation of cybersecurity operations including but not limited to executive reports, summaries, memos, runbooks, policies, plans, and procedures.

+ Develop data-driven recommendations to define and guide technical and tactical assessments of information operations, processes, and architectures

+ Development of detailed test plans providing an understanding of information operational challenges and requirements to inform technical objectives.

+ Conduct technical and operational analysis of alternatives between multiple technical approaches and develop actionable courses of action.

+ Understand and communicate best practices and recommendations into time-phased implementation plans and roadmaps.

+ Support the Global Cybersecurity Operations Manager in new projects and other security initiatives as required.

Risk Monitoring

+ Assess the need to investigate potential security incidents and the degree to which the investigation must happen.

+ Determine the need to escalate a security incident to management.

+ Act as a technical advisor during a cybersecurity incident response invocation; liaise with other technical responders within GTIL, the Member Firms, forensic experts and associated MSSP’s.

+ Collaborate with GTIL and Member Firms (business stakeholders and remediation teams), to review and report on remedial actions.

+ Develop and maintain documentation on cyber security incident playbook and runbooks, process workflow, incident handling and response capabilities.

Person specification



Equivalent post high school education and/or work-related experience in Computer Science, Information Systems, or other Information Technology related field.



The successful candidate is data-driven, curious, an independent thinker, able to work autonomously, in an accountable, communicative, flexible, and creative fashion.

Experience – Essential



Minimum of 2-3 years working in IT Operations



Minimum of 2-3 years working in Information Security OR a combination of relevant experience



Demonstrated operational expertise:

o Vulnerability management o Endpoint Detection and Response o Logging and Monitoring (SIEM, User Behaviour Analytics) o Windows client, server and hyper-visor operating systems o Cloud architecture (security controls and configurations).



The job requires effective communication (verbal and written) and project management skills to work with various levels and divisions within the organization.

+ Strong organisational and communication skills

+ Ability to learn and adapt to a constantly changing technology and threat landscape.

+ This role scope of responsibility will, on occasion, extend to include member firms across the globe, communication and relationship building is a key requirement. o Provides expertise and solutions for complex initiatives and is capable of making independent decisions.



Cultural awareness, the ability to work well with people from different disciplines and backgrounds.



Ability to be agile, respond positively to change and contribute with an innovative and global mindset.

Experience - Desirable





Security Operations Centre (SOC) experience

CompTIA Security+ or CySA

+ 

Microsoft Azure AZ900, AZ500



Incident response experience

About Us

It’s what makes us different, and we think being different makes us better.

About the Team

GTIL and the member firms will continually improve the sustainability of their operations and strive to make a positive impact on clients, people, markets, and the communities in which we operate, in line with the UN’s Sustainable Development Goals (SDGs).

Our headquarters are based in London and we have around 160 employees and secondees in 20 different countries. All the employees hired outside of the UK are employed by the local member firm and assigned to GTIL through a specific agreement. Through a global assignment, you will have a chance for both professional and personal development- working with colleagues around the world and developing your global network across various boundaries and time zones.