Role OverviewA leading organisation specialising in cybersecurity and digital transformation is seeking a Principal OT Security Solution Architect... Read more
A leading organisation specialising in cybersecurity and digital transformation is seeking a Principal OT Security Solution Architect to join their team. The company delivers strategic advisory services and customised security solutions to large enterprises and public‑sector clients.
Develop high‑quality technical content for proposals, including diagrams, project plans, compliance documentation, and other formal submission materials.
Plan, coordinate, and oversee customer proof‑of‑concept (POC) engagements, defining scope, success criteria, technical requirements, timelines, and presenting outcomes.
Produce and maintain OT‑security‑related technical documentation such as design concepts, use cases, integration approaches, high‑ and low‑level designs, best practices, and POC reports.
Strong understanding of industrial cybersecurity standards (e.g., IEC 62443, IEC 62351, NERC CIP, NIST 800‑82).
Deep knowledge of OT cybersecurity principles and architectures.
Solid grounding in IT security technologies, including firewalls, IPS, DDoS protection, proxies, vulnerability management, endpoint security, data diodes, and related tools.
Proven consulting and pre‑sales capabilities, with both technical and commercial awareness.
Attractive tax‑free compensation package.
Opportunities for career development through complex and high‑impact projects.
A dynamic, professional environment with exposure to emerging technologies and product roadmaps.
Inclusive, diverse culture with flexible or hybrid working options.
GCS is acting as an Employment Agency in relation to this vacancy.
Read lessKey Accountabilities & ResponsibilitiesSOC Operations & Incident ResponseLead and manage 24×7 SOC operations, ensuring effective monitoring and rapid... Read more
Lead and manage 24×7 SOC operations, ensuring effective monitoring and rapid response to security events.
Oversee the full incident response lifecycle: detection, containment, eradication, recovery, and post‑incident analysis.
Serve as the primary escalation point for high‑severity (P1/P2) cybersecurity incidents.
Ensure all incidents are handled in line with defined SLAs, playbooks, and escalation procedures.
Maintain optimal configuration, tuning, and performance of security technologies such as SIEM, SOAR, EDR/XDR, NDR, and UEBA.
Lead the development and refinement of detection use cases, correlation logic, and alerting rules.
Drive proactive threat‑hunting and continuous monitoring activities aligned with evolving threat landscapes.
Ensure SOC operations follow MITRE ATT&CK methodologies, leverage threat intelligence, and align with industry best practices.
Ensure SOC operations adhere to regulatory and internal requirements, including:
National cyber risk regulations
Internal information security policies and standards
International frameworks (e.g., NIST, ISO 27001)
Support audits, regulatory reviews, and compliance assessments.
Maintain accurate and up‑to‑date SOC documentation, including SOPs, runbooks, incident reports, and dashboards.
Lead, mentor, and develop SOC analysts and incident responders across all levels (L1-L3).
Define shift schedules, competency matrices, training plans, and performance goals.
Drive continuous capability improvement through training, simulations, tabletop exercises, and lessons learned.
Foster a strong security culture and operational discipline within the SOC.
Manage relationships with SOC vendors, MSSPs, and technology partners.
Track vendor performance against SLAs and KPIs.
Coordinate vendor involvement during incidents, investigations, and forensic activities.
Support vendor assessments, renewals, and service improvement initiatives.
Deliver regular SOC performance and risk reports to senior leadership, covering:
Incident metrics and trends
SLA adherence
Threat landscape updates
Brief senior stakeholders during major incidents or crisis situations.
Collaborate closely with IT, Cloud, GRC, and business teams.
Mean Time to Detect (MTTD)
Mean Time to Respond (MTTR)
Incident SLA compliance
Reduction in recurring or high‑severity incidents
Audit and regulatory compliance outcomes
Education
Bachelor's degree in Cybersecurity, Information Security, Computer Science, IT, or a related field.
Experience
At least 10 years of cybersecurity experience, including 5+ years in SOC or Incident Response leadership roles.
Strong background operating SOC functions within banking or other regulated sectors.
Preferred Certifications
CISSP / CISM
GIAC certifications (e.g., GCIH, GCED, GCIA)
Cloud security certifications (AWS or Azure)
Strong knowledge of SIEM, SOAR, EDR/XDR, and threat intelligence platforms.
Deep understanding of cyber threats, malware, ransomware, and advanced persistent threats.
Hands‑on experience with incident handling, digital forensics, and log analysis.
Strong analytical, decision‑making, and crisis‑management capabilities.
Leadership and accountability
Ability to perform under pressure
Clear communication with senior stakeholders
Risk‑based decision‑making
Strong collaboration and stakeholder engagement
GCS is acting as an Employment Agency in relation to this vacancy.
Read lessRole: Cyber Threat and Controls Consultant - B2BDuration: 6-month rolling contractWorking Pattern: Krakow, Hybrid (handful of days per... Read more
Role: Cyber Threat and Controls Consultant - B2B
Duration: 6-month rolling contract
Working Pattern: Krakow, Hybrid (handful of days per month)
GCS Cyber are partnered with a global financial services organisation undergoing multiple large-scale transformation programmes across their Cyber Security division.
In this role you will perform threat and control assessments across the business, you'll partner with architects, developers and cloud specialists across the business to review designs, challenge assumptions, and ensure services are built with strong security foundations. You'll also contribute to improving the threat‑assessment process, sharing your expertise across a global community and helping uplift security practices across the organisation.
Must have:
Strong understanding of modern security principles and the ability to break down how systems really work under the hoodHands‑on background in identifying weaknesses, misconfigurations or attack paths across applications, infrastructure or integrated servicesFamiliarity with recognised analysis frameworks (e.g., threat identification or attack‑pattern libraries) and able to translate findings into clear, meaningful risk languageTo find out more, please apply now or send a copy of your CV to [email protected]
GCS is acting as an Employment Business in relation to this vacancy.
Read lessRole: Security Operations EngineerDuration: 6-month rolling contractWorking Pattern: Hybrid - multiple UK locationsGCS Cyber are partnered with a... Read more
Role: Security Operations Engineer
Duration: 6-month rolling contract
Working Pattern: Hybrid - multiple UK locations
GCS Cyber are partnered with a global organisation enhancing their Cyber Security Operations capability as part of a wider security transformation. They are now seeking a Security Operations Engineer with deep hands‑on experience across SecOps tooling, detection engineering and incident response enablement.
Key Responsibilities
Engineer and optimise SIEM, EDR/XDR, SOAR, PAM and vulnerability platforms.Develop and tune detections (KQL/Sigma) to improve visibility and reduce false positives.Support SOC teams with investigations, tooling improvements and root cause analysis.Build automation workflows and SOAR playbooks to streamline response.Improve logging, telemetry and threat‑hunting capabilities.Ensure platform health, performance and operational resilience.Required Experience
Strong background in SecOps, SOC engineering or technical cybersecurity roles.Hands‑on experience with SIEM (Splunk or Sentinel), EDR/XDR, SOAR and PAM tools.Proven ability to build/tune detections and optimise alerting.Familiar with incident response processes and threat detection methodologies.Solid technical knowledge across networks, endpoints, cloud, and security tooling.To find out more, please apply now or send a copy of your CV to [email protected]
GCS is acting as an Employment Business in relation to this vacancy.
Read lessRole: Security Architect (AppSec and Network Security) - B2BDuration: 6-month rolling contractWorking Pattern: Krakow, Hybrid (handful of days... Read more
Role: Security Architect (AppSec and Network Security) - B2B
Duration: 6-month rolling contract
Working Pattern: Krakow, Hybrid (handful of days per month)
GCS Cyber are partnered with a global financial services organisation undergoing multiple large-scale transformation programmes across their Cyber Security division. They are now looking for a Security Architect who has extensive experience managing end-to-end solution designs within large-scale transformation programmes with a heavy focus on Network Security and Application Security
Proven experience producing high-level solution designs in line with business requirements.Proven ability to conduct security assessments and threat modelling to inform design decisions.Strong background in cybersecurity, with deep expertise in network security and segmentation across data centers, cloud environments, and containerised platforms.Hands-on experience with technologies such as physical and virtual firewalls and MPLS/eVPNFamiliarity with macro- and micro-segmentation strategiesFinancial Services experience is an advantageTo find out more, please apply now or drop an email with a copy of your CV to [email protected]
GCS is acting as an Employment Agency in relation to this vacancy.
Read lessCyber Threat Intelligence Lead ContractIndustry: National Transport & Infrastructure Location: Hybrid (The Hague) Contract Length: 12 monthsAbout the... Read more
Cyber Threat Intelligence Lead
Contract
Industry: National Transport & Infrastructure
Location: Hybrid (The Hague)
Contract Length: 12 months
About the Role
A major transport infrastructure organisation is expanding its national cyber defence capability and seeks a Cyber Threat Intelligence Lead to build its CTI function from the ground up. You will provide strategic and operational intelligence across both IT and OT environments.
Key Responsibilities
Establish and lead the organisation's threat intelligence programme.Monitor, analyse, and disseminate intelligence on campaigns targeting OT and transport systems.Collaborate with government partners and private sector information‑sharing groups.Feed intelligence into SOC, IR, and vulnerability management functions.Produce high‑quality threat reports for executive and operational teams.Skills & Experience
Strong experience in CTI roles with OT or critical infrastructure exposure.Proficiency with MITRE ATT&CK, Diamond Model, malware analysis fundamentals, and OSINT.Ability to translate intelligence into actionable defensive measures.GCS is acting as an Employment Business in relation to this vacancy.
Read lessRole OverviewA leading organisation specialising in cybersecurity and digital transformation is seeking a Principal OT Security Solution Architect... Read more
A leading organisation specialising in cybersecurity and digital transformation is seeking a Principal OT Security Solution Architect to join their team. The company delivers strategic advisory services and customised security solutions to large enterprises and public‑sector clients.
Develop high‑quality technical content for proposals, including diagrams, project plans, compliance documentation, and other formal submission materials.
Plan, coordinate, and oversee customer proof‑of‑concept (POC) engagements, defining scope, success criteria, technical requirements, timelines, and presenting outcomes.
Produce and maintain OT‑security‑related technical documentation such as design concepts, use cases, integration approaches, high‑ and low‑level designs, best practices, and POC reports.
Strong understanding of industrial cybersecurity standards (e.g., IEC 62443, IEC 62351, NERC CIP, NIST 800‑82).
Deep knowledge of OT cybersecurity principles and architectures.
Solid grounding in IT security technologies, including firewalls, IPS, DDoS protection, proxies, vulnerability management, endpoint security, data diodes, and related tools.
Proven consulting and pre‑sales capabilities, with both technical and commercial awareness.
Attractive tax‑free compensation package.
Opportunities for career development through complex and high‑impact projects.
A dynamic, professional environment with exposure to emerging technologies and product roadmaps.
Inclusive, diverse culture with flexible or hybrid working options.
GCS is acting as an Employment Agency in relation to this vacancy.
Read lessKey Accountabilities & ResponsibilitiesSOC Operations & Incident ResponseLead and manage 24×7 SOC operations, ensuring effective monitoring and rapid... Read more
Lead and manage 24×7 SOC operations, ensuring effective monitoring and rapid response to security events.
Oversee the full incident response lifecycle: detection, containment, eradication, recovery, and post‑incident analysis.
Serve as the primary escalation point for high‑severity (P1/P2) cybersecurity incidents.
Ensure all incidents are handled in line with defined SLAs, playbooks, and escalation procedures.
Maintain optimal configuration, tuning, and performance of security technologies such as SIEM, SOAR, EDR/XDR, NDR, and UEBA.
Lead the development and refinement of detection use cases, correlation logic, and alerting rules.
Drive proactive threat‑hunting and continuous monitoring activities aligned with evolving threat landscapes.
Ensure SOC operations follow MITRE ATT&CK methodologies, leverage threat intelligence, and align with industry best practices.
Ensure SOC operations adhere to regulatory and internal requirements, including:
National cyber risk regulations
Internal information security policies and standards
International frameworks (e.g., NIST, ISO 27001)
Support audits, regulatory reviews, and compliance assessments.
Maintain accurate and up‑to‑date SOC documentation, including SOPs, runbooks, incident reports, and dashboards.
Lead, mentor, and develop SOC analysts and incident responders across all levels (L1-L3).
Define shift schedules, competency matrices, training plans, and performance goals.
Drive continuous capability improvement through training, simulations, tabletop exercises, and lessons learned.
Foster a strong security culture and operational discipline within the SOC.
Manage relationships with SOC vendors, MSSPs, and technology partners.
Track vendor performance against SLAs and KPIs.
Coordinate vendor involvement during incidents, investigations, and forensic activities.
Support vendor assessments, renewals, and service improvement initiatives.
Deliver regular SOC performance and risk reports to senior leadership, covering:
Incident metrics and trends
SLA adherence
Threat landscape updates
Brief senior stakeholders during major incidents or crisis situations.
Collaborate closely with IT, Cloud, GRC, and business teams.
Mean Time to Detect (MTTD)
Mean Time to Respond (MTTR)
Incident SLA compliance
Reduction in recurring or high‑severity incidents
Audit and regulatory compliance outcomes
Education
Bachelor's degree in Cybersecurity, Information Security, Computer Science, IT, or a related field.
Experience
At least 10 years of cybersecurity experience, including 5+ years in SOC or Incident Response leadership roles.
Strong background operating SOC functions within banking or other regulated sectors.
Preferred Certifications
CISSP / CISM
GIAC certifications (e.g., GCIH, GCED, GCIA)
Cloud security certifications (AWS or Azure)
Strong knowledge of SIEM, SOAR, EDR/XDR, and threat intelligence platforms.
Deep understanding of cyber threats, malware, ransomware, and advanced persistent threats.
Hands‑on experience with incident handling, digital forensics, and log analysis.
Strong analytical, decision‑making, and crisis‑management capabilities.
Leadership and accountability
Ability to perform under pressure
Clear communication with senior stakeholders
Risk‑based decision‑making
Strong collaboration and stakeholder engagement
GCS is acting as an Employment Agency in relation to this vacancy.
Read lessThe core cybersecurity function responsible for protecting systems, networks, and products across the business.This team plays a critical... Read more
The core cybersecurity function responsible for protecting systems, networks, and products across the business.
This team plays a critical role in:
Managing and responding to cybersecurity incidents (SOC environment)Onboarding newly acquired companies into security standardsDriving consistency across security controls, monitoring, and complianceThe role is highly cross-functional, working with Security Engineering, Operations, and GRC teams, with regular stakeholder interaction and visibility.
Key Skills
Strong incident response & SOC experience (alert triage, investigations, escalation)Hands-on experience with SIEM / log analysis tools (e.g. Splunk or similar)Ability to set up and tune monitoring & alerting for threat detectionExperience implementing security controls, vulnerability management, and compliance monitoringStrong stakeholder management - able to coordinate across engineering, ops, and business teamsComfortable working in Agile/Scrum environmentsExperience Required
5+ years in cybersecurity engineering or security operations Background in:SOC / Incident ResponseThreat detection or security monitoringExperience onboarding systems, environments, or ideally companies into a central security modelStrong understanding of risk, compliance, and working with GRC teamsNice to have:M&A (Mergers & Acquisitions) security integration experienceExposure to tools like Databricks or Power BICloud security experience (AWS, Azure, GCP)GCS is acting as an Employment Business in relation to this vacancy.
Read lessAll your saved jobs are no longer available or you've already applied.
for the following search criteria
