Cyber Security Operations Analyst

The purpose of this role is to deliver technical cyber security support. This support includes the security of TfL's fixed, mobile and virtual environments and associated data contained in these environments. The role will be responsible and accountable for the initial investigation and triaging of Cyber Security events escalating where necessary to senior analysts in the security operations team. Advert closes Wednesday 10th September 2025 at 23.59.

• Responsible for proactively monitoring TfL systems for malicious activity and intrusions using real time data and alerting from various data sources measured against agreed SLAs.
• Responsible for ensuring processes and operational documentation is maintained, fit for purpose and updated regularly to reflect changing business needs.
• Responsible for implementing the TfL Incident Response process for Cyber Security Incidents, in collaboration with key stakeholder across the organisation.
• Responsible for the triaging and investigation of notable events before elevating them to an incident and executing the incident response process.
• Responsible for investigating and handling escalated events and incidents in collaboration with key stakeholders and seeing them through to closure.
• Responsible for tuning detection and monitoring tooling to provide high fidelity alerting worthy of further investigation and mitigating false positives.
• Responsible for keeping up to date with current cyber developments and trends, and maintaining your skills through continuous personal development and working collaboratively with colleagues, both internal and external to the team.
• Demonstrable skills in using security tooling to provide contextual data to allow for a thorough assessment of an event.
• Ability to communicate effectively written and verbally and influence others in order to minimise TfL's Cyber Risk through effective monitoring, detection and where necessary mitigation.
• Ability to effectively use a SIEM solution to identify events that warrant further investigation.
• Ability to prioritise tasks according to the risk posed to the TfL environment.
• Ability to use Threat Intelligence to aid the detection of potential cyber security events and incidents.
• Ability to work under pressure.

• Ability to communicate effectively written and verbally and influence others in order to minimise TfL's Cyber Risk through effective monitoring, detection and where necessary mitigation.
• Ability to effectively use a SIEM solution to identify events that warrant further investigation.
• Ability to prioritise tasks according to the risk posed to the TfL environment.
• Ability to use Threat Intelligence to aid the detection of potential cyber security events and incidents.
• Ability to work under pressure.

• Educated to Degree level or equivalent - industry recognised qualifications such as CEH, GCIH, GPEN, GDAT, CISSP.
• Knowledge of cyber security and information security controls best practice with supporting qualifications where possible.
• Knowledge of relevant legislation and government standards - including Security Policy Framework, Information Assurance Maturity Model, Security Essentials, Data Protection Act, Freedom of Information Act, EU Procurement Directives.
• A broad understanding of network and computer system architecture, operations and protocols.
• Understanding of information security management concepts to support solutions and processes.

• Experience of implementing and managing security monitoring and response in a complex organisation.
• Experience of working in an operational environment such as a SOC, CSIRT or CERT function.
• Experience on leading the response to a Cyber Security incident or event.
• Experience of mentoring junior analysts.
• Knowledge of the Mitre ATT&CK and NIST framework and how this can be used to further improve security monitoring and detection.
• Knowledge of the Cyber Kill Chain.
• Technical knowledge of computer network and systems and the necessary controls that can be used to prevent unauthorised access.

• Final salary pension scheme.
• Free travel for you on the TfL network.
• Reimbursement of 75% of the cost of a standard class Ticket for National Rail travel from home or 75% reimbursement on a 28-day flexi ticket.
• 30 days annual leave plus public and bank holidays.
• TfL is committed to work-life balance, operating a hybrid working approach where business and role requirements allow.
• Private healthcare discounted scheme (optional).
• Tax-efficient cycle-to-work programme.
• Retail, health, leisure and travel offers.
• Discounted Eurostar travel.

Please apply with your CV. We are an equal opportunities employer.