Cyber Security Analyst in London

DFTO is the government’s public sector rail owning group. Its purpose is to bring all currently privately-owned train operators into public ownership in advance of the creation of Great British Railways in 2027 and deliver improvements in the here and now by unifying and integrating train operations under common public ownership. DFTO has over 30,000 employees, runs over 8,500 services a day and delivers over 640 million customer journeys across its networks every year.

As part of the Cyber Security team, this role will support maintaining the security and integrity of all company data (including customer, employee, corporate and financial) by analysing the security measures of the business and determining how effective they are compared to industry standards. The role will identify and recommend changes that will improve cyber security by working with DFTO colleagues, Operator TOC’s and external stakeholders to communicate specific measures that can improve the company’s overall security posture.

The role will manage and take responsibility for keeping defined security solutions up to date, creating documentation and supporting the definition and implementation of security related processes and plans, including incident response and disaster recovery plans. Responsible for generating reports for the Cyber Security team and wider business to evaluate the efficiency of the cyber security policies in place.

• In support to the Group Head of Cyber Security, develop relevant cyber security dashboards that provide a view of DFTO specifically, TOC cyber security metrics and an overall DFTO Group cyber security posture.
• Monitor the performance of network, system and application security solutions across the DFTO Group to identify and bring to attention breaches and potential intrusion incidents using software that detects intrusions and anomalous system behaviour.
• Forensically investigate security breaches within a defined area of responsibility to maintain compliance with internal security policies.
• If appropriate, liaise with authorities to support breach investigation and any legal process as a consequence.
• Analyse security breaches to identify the root cause, ensuring remediation activities are undertaken to protect the DFTO Group networks/data/information as required.
• Lead the day-to-day business information security requests, investigating routine security related incidents, such as malware detections, DLP violations, phishing emails and provide general cyber security support.
• Produce comprehensive reports including assessment-based findings, outcomes and propositions for current security effectiveness and further system security enhancement.
• Develop and carry out information security plans, policies and procedures.
• Monitoring use of security products data encryption and other security products and procedures.
• Appropriate administrative, physical and technical monitoring up to date safeguards are in place to protect information assets from internal and external threats e.g. up to date OS patches, AV, DLP.
• Reviewing IDS, log files for legal/regulatory compliance to detect security events/suspicious behaviour.

• Be a point of expert advice and contact for all Operators across the DFTO Group.
• This will require providing support to TOCs across the group supporting local cyber security analyst activities working in a collegiate manner with local cyber analysts as appropriate.
• Be the point of contact for DFTO TOC Analyst activity.
• As needed work with local TOC Analysts to identify, mitigate and remediate local risks and/or incidents to prevent wider spread across the DFTO group of Operators.
• Manage the shared cyber incident documentation portal, identifying common risk.
• Articulate those risks and likelihood of exploit, and mitigation required, to the Cyber Security Governance, Risk & Compliance Manager.

• Understanding of database and operating system security.
• Understanding of the latest security principles, techniques, and protocols.
• Understanding of network/endpoint security solutions.
• Able to demonstrate and articulate basic knowledge of compliance with the ISO27001, PCI DSS, GDPR, Cybersecurity and other security Standards.
• Effective team player experienced at dealing at all levels with effective influencing and negotiating skills.
• Ability to form constructive and proactive working relationships at all levels with all stakeholders, whether DFTO (including TOC’s), Network Rail or External Stakeholders.
• Effective interpersonal skills and an ability to use influence to gain buy-in to enable change to happen through others.
• A drive to deliver tangible outcomes which meet business requirements.
• Thrives with accountability and responsibility and is self-reliant.
• An ability to work well under pressure in a rapidly evolving environment.

• Current experience in an IT role, preferably within Information/Cyber Security.
• Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.
• Sound technical background in current Microsoft Active Directory, VMWare, Server/PC standard builds, configuration concepts and technologies ideally to certification level.
• Experience with system, security, and network monitoring tools.
• Recognised industry security certification such as CISMP, CompTIA CySA+, Security+ or equivalent is desirable.
• Experience in providing written and verbal presentations across all levels of a company.
• Demonstrate their knowledge and understanding of basic financial/technical information.
• Hands on experience of problem-solving and ability to stay calm under pressure.
• ITIL Foundation certification desirable.

This role reports to the Group Head of Cyber Security, and will work closely with DFTO business units, and external TOC stakeholders. The postholder will provide essential support to colleagues and will be working at the core in shaping DFTO’s IT security landscape as the organisation expands its public ownership footprint and delivers secured services across the Group.

• Duration: Permanent
• Location: London Waterloo/Hybrid
• Salary: up to £58,000
• Closing date: 2nd June 2026

• Annual Leave: Starting at 25 days and rising to an additional day per year of service completed within the first 5 completed years up to a maximum of 5 additional (30 days).
• DC Pension Scheme: 10% Employer contribution, 5% Employee contribution.
• Opportunities to learn and network across the wider industry.

We are an inclusive employer of choice and we welcome applications from everyone! We encourage our colleagues to work flexibly, as we know traditional working patterns don't always fit. If you want to consider working flexibly, just let us know and we'll do our best to help and invest in your career with us, whilst you have a healthy work life balance.

If you have any questions or reasonable adjustments, please contact Name.Jason.blakemore@dftoperator.co.uk. Please do not email any CV's to us, your application must be made by clicking the 'Apply' button.