Cyber Security Analyst

About DFT Operator DFTO is the government’s public sector rail owning group. It aims to unify train operations under common public ownership, previously owned privately, in advance of the creation of Great British Railways in 2027. DFTO runs more than 8,500 services a day and delivers over 640 million customer journeys each year, employing over 30,000 people.

Primary Purpose of the Job

As part of the Cyber Security team, the role supports maintaining the security and integrity of all company data (customer, employee, corporate and financial) by analysing security measures and determining their effectiveness against industry standards. The role identifies and recommends changes to improve cyber security, working with DFTO colleagues, Operator TOC’s and external stakeholders to communicate specific measures that can improve the company’s overall security posture. It manages and ensures security solutions stay up to date, creates documentation, and supports the definition and implementation of security related processes and plans, including incident response and disaster recovery plans. Responsible for generating reports for the Cyber Security team and the wider business to evaluate the efficiency of cyber security policies in place.

Key Responsibilities

• In support to the Group Head of Cyber Security, develop relevant cyber security dashboards that provide a view of DFTO specifically, TOC cyber security metrics and an overall DFTO Group cyber security posture.
• Monitor the performance of network, system and application security solutions across the DFTO Group to identify and bring to attention breaches and potential intrusion incidents using software that detects intrusions and anomalous system behaviour.
• Forensically investigate security breaches within a defined area of responsibility to maintain compliance with internal security policies.
• If appropriate, liaise with authorities to support breach investigation and any legal process as a consequence.
• Analyse security breaches to identify the root cause, ensuring remediation activities are undertaken to protect the DFTO Group networks, data and information as required.
• Lead the day-to-day business information security requests, investigating routine security related incidents, such as malware detections, DLP violations and phishing emails and provide general cyber security support.
• Produce comprehensive reports including assessment based findings, outcomes and propositions for current security effectiveness and further system security enhancement.
• Develop and carry out information security plans, policies and procedures.
• Monitor use of security products, data encryption and other security products and procedures.
• Ensure appropriate administrative, physical and technical safeguards are up to date to protect information assets from internal and external threats such as OS patches, AV and DLP.
• Review IDS, log files for legal and regulatory compliance to detect security events and suspicious behaviour.

Group Focussed Activities

• Serve as a point of expert advice and contact for all Operators across the DFTO Group, providing support to TOCs across the group and working in a collegiate manner with local cyber analysts as appropriate.
• Be the point of contact for DFTO TOC Analyst activity.
• Work with local TOC Analysts as needed to identify, mitigate and remediate local risks and incidents to prevent wider spread across the DFTO group of Operators.
• Manage the shared cyber incident documentation portal, identify common risk, articulate those risks and likelihood of exploit, and mitigation required to the Cyber Security Governance, Risk and Compliance Manager.

Key Competencies

• Understanding of database and operating system security.
• Understanding of the latest security principles, techniques and protocols.
• Understanding of network and endpoint security solutions.
• Basic knowledge of compliance with ISO27001, PCI DSS, GDPR and other security standards.
• Effective team player experienced at dealing at all levels with influencing and negotiating skills.
• Ability to form constructive and proactive working relationships at all levels with stakeholders, whether DFTO (including TOCs), Network Rail or external stakeholders.
• Effective interpersonal skills and an ability to use influence to gain buy‑in to enable change to happen through others.
• A drive to deliver tangible outcomes that meet business requirements.
• Thrives with accountability and responsibility and is self‑reliant.
• Ability to work well under pressure in a rapidly evolving environment.

Knowledge, Skills, Experience and Technical Qualifications

• Current experience in an IT role, preferably within Information or Cyber Security.
• Hands‑on experience in security systems such as firewalls, intrusion detection systems, anti‑virus software, authentication systems and log management.
• Sound technical background in current Microsoft Active Directory, VMWare, server and PC standard builds, configuration concepts and technologies ideally to certification level.
• Experience with system, security and network monitoring tools.
• Recognised industry security certification such as CISMP, CompTIA CySA+, Security+ or equivalent is desirable.
• Experience providing written and verbal presentations across all levels of a company.
• Demonstrated knowledge and understanding of basic financial and technical information.
• Hands‑on experience of problem‑solving and the ability to stay calm under pressure.
• ITIL Foundation certification desirable.

This role reports to the Group Head of Cyber Security, and will work closely with DFTO business units and external TOC stakeholders. The postholder will provide essential support to colleagues and will be working at the core in shaping DFTO’s IT security landscape as the organisation expands its public ownership footprint and delivers secured services across the Group.

Vacancy Details

• Duration: Permanent
• Location: London Waterloo/Hybrid
• Salary: up to £58,000
• Closing date: 2nd June 2026
• Reports To: Head of Cyber Security.

DFTO Benefits

• Annual Leave: Starting at 25 days and rising to an additional day per year of service completed within the first five years up to a maximum of 30 days.
• DC Pension Scheme: 10% Employer contribution, 5% Employee contribution.
• Opportunities to learn and network across the wider industry.

Contact

If you have any questions or require reasonable adjustments, please contact Jason.blakemore@dftoperator.co.uk