Cyber Security Engineer

About DFT Operator

DFTO is the government’s public sector rail owning group. Its purpose is to bring all currently privately-owned train operators into public ownership in advance of the creation of Great British Railways in 2027 – and deliver improvements in the here and now by unifying and integrating train operations under common public ownership. DFTO has over 30,000 employees, runs over 8,500 services a day and delivers over 640 million customer journeys across its networks every year. Major improvements are being delivered by DFTO train operators (TOCs) that are already under public ownership – these are LNER, Northern, TransPennine Express (TPE), Southern, South Western Railway (SWR), c2c, Greater Anglia and WM Trains. We work closely with the DfT but operate independently with our own governance and leadership teams. Our priority is ensuring efficient, dependable rail services for everyone.

Primary Purpose of Job

This role is responsible for leading the design, implementation, continual improvement and monitoring of cyber security solutions across DFTO and supporting Group Operators to protect the business from security threat whilst adhering to industry cyber security standards. As a subject matter expert in multiple cyber security technologies the post holder will be responsible for the management, maintenance and improvement of cyber security across multiple platforms, networks and applications. The key focus being to ensure the DFTO Group is protected from cyber and information security risk. The post holder will act as a point of contact for the cyber security technical teams across the DFTO Group as well as being responsible for supporting central DTFO colleagues. This position will ensure robust, scalable, and high-quality IT services that support the DFTO group’s strategic objectives.

Key Responsibilities

• Support the DFTO Group Head of Cyber Security to oversee the delivery and support of cyber security applications and platforms.
• Manage the continued review, research, and development of current security controls, ensuring their effectiveness and efficiency.
• Contribute to the Cyber Security Risk Register working with business and solution owners to identify, mitigate, treat and remediate risk in accordance with the DFTO Group risk appetite, ensuring alignment to industry best practice.
• Proactively identify weaknesses in hardware, software and applications through vulnerability assessments, penetration testing, and managing any required remediation processes.
• Providing security patch deployment methodologies to all core infrastructures.
• Monitor networks and systems for critical security breaches, using software that detects intrusions and anomalous system behaviour.
• Ensures cyber security requirements are met and service quality maintained when introducing new security services.
• Provide expert technical guidance when developing and carry out information security plans, policies and procedures.
• Manage the technical installation and monitoring use of security products, including data encryption and other security products and procedures.
• Actively ensure appropriate administrative, physical and technical up to date safeguards are in place to protect information assets from internal and external threats e.g. vulnerability patching, AV, Firewalls, DLP.
• Participate in peer reviews of deliverables and carries out formal and informal reviews of technical designs, standards, documentation and/or implementations.
• Lead cyber security projects as assigned, following a recognised methodology, through specification, testing, implementation and documentation, including ongoing support strategy.
• Provide expert technical guidance across the DFTO Group when investigating security breaches.
• Provide support for any incident response, including steps to minimize the impact and then conducting a technical and forensic investigation into how the breach happened and the extent of the damage.
• Manage the development of technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks.
• Produce comprehensive reports including assessment-based findings, outcomes and propositions for current security effectiveness and further system security enhancement.
• Support awareness training on cyber security standards, policies and best practices.

Key Competencies

• Detailed technical knowledge of application and operating system security.
• Thorough understanding of the latest security principles, techniques, and protocols.
• A deep understanding and best practice mitigation of current OWASP Top Ten Risks (and remain current as these change).
• Strong understanding of network and endpoint security solutions, including File Integrity Monitoring, Data Loss Prevention, and Data Encryption.
• Knowledge of achieving and maintaining compliance with the ISO27001, GDPR, Cybersecurity and other security Standards.
• Effective team player experienced at dealing at all levels with effective influencing and negotiating skills.
• Ability to form constructive and proactive working relationships at all levels with all stakeholders whether internal or external.
• Good project management skills: able to demonstrate ability to deliver projects to time, budget and objectives in partnership with stakeholders.
• Good communications and presentation skills both verbal and written.
• Good level of numeracy and sound analytical skills, problem-solving skills and ability to stay calm under pressure.
• Thrives with accountability and responsibility and is self-reliant.
• An ability to work well under pressure in a rapidly evolving environment.

Knowledge, Skills, Experience & Technical Qualifications

• Educated to degree level or equivalent.
• Significant current experience in a Cyber Security Technical Support role, that includes relevant experience in information security.
• Recognised industry security certification such as CISSP, SSCP, CEH, Security+, CASP+ or equivalent.
• Proven technical background well versed in current Microsoft Products (including Server and workstation OS, Active Directory, Office 365 and Azure), Endpoint Protection technologies, AWS cloud solutions and Email security systems.
• Proven work experience as a system security engineer or information security engineer with experience of successfully leading technical evaluations and project management of new Information Security solutions.
• Experience in building and maintaining security systems.
• Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.

This role reports to the Group Head of Cyber Security and will work closely with DFTO Cyber/Information Security colleagues across business units and external TOC stakeholders. The postholder will work at the core in shaping DFTO’s IT security landscape as the organisation expands its public ownership footprint and delivers secured services across the Group.

Vacancy Details

• Duration: Permanent
• Location: London Waterloo/Hybrid
• Salary: up to £70,000
• Closing date: 2nd June 2026
• Report To: Head of Cyber Security

DFTO Benefits

• Annual Leave: Starting at 25 days and rising to an additional day per year of service completed within the first 5 completed years up to a maximum of 5 additional (30 days).
• DC Pension Scheme: 10% Employer contribution, 5% Employee contribution.
• Opportunities to learn and network across the wider industry.

Additional Information

Disclaimer: Candidates applying for this position on a secondment basis must inform their line manager prior to submitting their application. This is to ensure transparency and facilitate any necessary discussions regarding workload and responsibilities.

Contact: For reasonable adjustments, please contact Jason.blakemore@dftoperator.co.uk