Security Analyst in London

Location: UK remote with travel as and when required

Shift Pattern: 24/7 shift rota

Grow Your Career with GTT! Join GTT to be part of a global mission to simply and securely connect people and data through innovative, AI-driven solutions. We empower curious, adaptive professionals to take ownership of their work, offering a culture where your ideas have a visible, real-world reach. If you are energized by complex challenges and a supportive team that lifts each other up, GTT is the place to build a rewarding career.

Role Summary

The CSOC team at GTT specializes in providing Managed Detection and Response (MDR) services that meet and exceed government and certification body standards. Collaborating closely with our high-value customer base, the team delivers a wide range of security services, including Security Incident & Event Management, ensuring top‑notch protection and peace of mind for our clients. The GTT SIEM platform is essential for identifying customer security incidents. One of the primary tasks of our security analysts is to deeply analyse the outputs of the SIEM environment and guide our customers toward effective remediation actions, successfully mitigating risks to their corporate and hosted environments.

Duties and Responsibilities

• Providing analysis of SIEM alerts to enhance customer security.
• Working with customers to enhance security incident response procedures.
• Enhancing internal investigation processes and identifying additional toolsets required for rapid incident turnaround.
• Being part of a 24/7 customer support team providing first-level diagnosis for hosting and network customers.
• Identifying improvements and advising on best practice.
• Managing 3rd party vendor support as required.
• Adhering to team processes and direction.
• Working with senior analysts/engineers to implement platform optimizations and tuning through a structured change process.
• Performing upgrades to the SIEM environment from operating system to application to ensure the highest level of platform security.

Required Experience/Qualifications

• Proficiency in Security Information and Event Management (SIEM) platforms, particularly Splunk.
• Demonstrated experience in analysing and responding to security incidents.
• Strong understanding of cybersecurity principles and best practices.
• Experience in threat detection, analysis, and mitigation.
• Familiarity with incident response procedures and playbooks.
• Excellent analytical and problem-solving skills.
• Strong communication skills to collaborate effectively with stakeholders and customers.
• Relevant security qualifications are a plus.

Hours/Travel/Shift

Varied shift hours: occasional extended hours may be required during critical incidents and platform upgrades. SC clearance will be required.

Core Competencies

• Accuracy and Attention to Detail: understanding the necessity and value of accuracy; ability to complete tasks with high levels of precision.
• Managing Multiple Priorities: knowledge of effective self-management practices; ability to manage multiple concurrent objectives, projects, groups, or activities, making effective judgments as to prioritizing and time allocation.
• Problem Solving: knowledge of approaches, tools, and techniques for recognizing, anticipating, and resolving organizational, operational, or process problems; ability to apply knowledge of problem-solving appropriately to diverse situations.
• Root Cause Analysis: knowledge of the concepts, principles, and techniques of root cause analysis (RCA); ability to use a structured approach to identify the underlying causes of problems in a particular environment and the changes needed to prevent recurrences.
• Cybersecurity Practices: understanding of cybersecurity principles, protocols, and best practices; ability to apply security measures to protect network and data assets.
• IP Technologies and Protocols: basic theoretical knowledge of IP technologies and protocols.