GTI - Cybersecurity Operations Engineer

About the role 

Overall role purpose 

In our Go Beyond network strategy 2025 our vision is to become ‘the most valued network in the profession’. 

The Cybersecurity Operations Engineer plays a crucial role in managing the proactive, operational and reactive cybersecurity posture for GTIL and member firms globally.   

Reporting directly to the Global Cybersecurity Operations Manager and with key relationships to IT Operations and the Managed Security Service Provider (MSSP), this role provides operational expertise and orchestration across a wide range of cybersecurity solutions. This includes implementation, operations, maintenance and monitoring of key security services to provide the best insight, protection and value for the organisation. 

The successful candidate will develop recommended operational tactics and procedures to enable GTIL, and their member firms, to effectively plan and execute cyber operations missions and cyber security cooperation programs.  The candidate will conduct operational and systems engineering analysis of plans, capabilities, architectures, processes, and concepts to inform recommendations for GTIL, as well as member firms. 

               

 

Main responsibilities 

Cybersecurity Operations 

• Liaising with the firm’s MSSP to provide oversight of key monitoring services including but not limited to vulnerability management, EDR, secure email gateway and SIEM services. 
• Liaise with the various Business Unit stakeholders, MSSP, and cybersecurity vendors, with regards to provision and maintenance of operational and monitoring tools. 
• Respond to, redirect or escalate GTIL and Member Firm queries, in relation to impacting cybersecurity operations and potential threats, in a manner consistent with an understanding of impact and priority. 
• Oversee the security training and awareness programmes for GTIL. 
• Develop and maintain various levels of documentation of cybersecurity operations including but not limited to executive reports, summaries, memos, runbooks, policies, plans, and procedures. 
• Develop data-driven recommendations to define and guide technical and tactical assessments of information operations, processes, and architectures 
• Development of detailed test plans providing an understanding of information operational challenges and requirements to inform technical objectives. 
• Conduct technical and operational analysis of alternatives between multiple technical approaches and develop actionable courses of action. 
• Understand and communicate best practices and recommendations into time-phased implementation plans and roadmaps. 
• Support the Global Cybersecurity Operations Manager in new projects and other security initiatives as required. 

 

Risk Monitoring 

• Assess the need to investigate potential security incidents and the degree to which the investigation must happen. 
• Determine the need to escalate a security incident to management.   
• Act as a technical advisor during a cybersecurity incident response invocation; liaise with other technical responders within GTIL, the Member Firms, forensic experts and associated MSSP’s. 
• Collaborate with GTIL and Member Firms (business stakeholders and remediation teams), to review and report on remedial actions. 
• Develop and maintain documentation on cyber security incident playbook and runbooks, process workflow, incident handling and response capabilities. 

 

 

 

Person specification 

 

Equivalent post high school education and/or work-related experience in Computer Science, Information Systems, or other Information Technology related field. 

 

 

The successful candidate is data-driven, curious, an independent thinker, able to work autonomously, in an accountable, communicative, flexible, and creative fashion.  

Experience – Essential 

 

Minimum of 2-3 years working in IT Operations 

 

 

 

 

Minimum of 2-3 years working in Information Security OR a combination of relevant experience 

 

 

 

Demonstrated operational expertise: 

o Vulnerability management  o Endpoint Detection and Response  o Logging and Monitoring (SIEM, User Behaviour Analytics) o Windows client, server and hyper-visor operating systems o Cloud architecture (security controls and configurations). 

 

 

The job requires effective communication (verbal and written) and project management skills to work with various levels and divisions within the organization. 

• Strong organisational and communication skills 
• Ability to learn and adapt to a constantly changing technology and threat landscape. 
• This role scope of responsibility will, on occasion, extend to include member firms across the globe, communication and relationship building is a key requirement. o   Provides expertise and solutions for complex initiatives and is capable of making independent decisions. 

 

 

 

Cultural awareness, the ability to work well with people from different disciplines and backgrounds. 

 

 

 

Ability to be agile, respond positively to change and contribute with an innovative and global mindset. 

 

Experience - Desirable 

 

 

 

Security Operations Centre (SOC) experience 

CompTIA Security+ or CySA+ 

 

 

Microsoft Azure AZ900, AZ500 

 

 

 

Incident response experience 

At Grant Thornton, we believe in making business more personal and building trust into every result – for our clients and you. Here, we go beyond your expectations of a career in professional services by offering a career path with more: more opportunity, more flexibility, and more support. It’s what makes us different, and we think being different makes us better.