Cyber Security Testing Lead

Permanent Role Location: North Greenwich, London, 50% Office Attendance Model. This role does not offer UK Sponsorship.

Help safeguard one of the world’s most critical transport networks.

About us

At Transport for London (TfL), we keep a global city moving. Behind the scenes, a powerful and complex technology landscape supports millions of journeys every day—spanning customer platforms, corporate systems, and safety‑critical IT and operational technology (OT). Security Operations leads the proactive detection and response to threats, while our OT and IT Cyber Security Advisory teams partner with the business to manage and reduce cyber risk across critical infrastructure and IT systems. Security Engineering strengthens our defences through tooling strategy and technical expertise, and Assurance ensures strong governance, policies, and compliance. Our evolving Engagement capability also plays a key role in building awareness and a strong security culture across TfL. Join us and you’ll be at the forefront of protecting critical national infrastructure, working on cutting‑edge IT and OT initiatives in a fast‑paced, high‑stakes environment. This is your chance to tackle sophisticated threats, build in‑demand skills, and be part of something bigger. You’ll be supported with industry‑leading training, a collaborative team culture, and the opportunity to shape the future of cyber security in transport.

About the role

This role leads and manages the Cyber Security Testing function within the Cyber Security Architecture, Product and Testing team. It provides strategic direction, expert guidance and comprehensive security testing capabilities through a blended model of internal resources and trusted external partners. As the Security Testing Lead, you will set the direction for security testing services and build and lead a team within the Architecture, Product and Testing function. You will oversee the delivery of security testing services to risk owners, projects, internal teams and business units, supporting a wide range of IT and Operational Technology (OT) systems and services across the organisation. In addition to overseeing testing activities, you will be expected to maintain sufficient technical expertise to undertake security testing where required. The role will also ensure that the outcomes of security testing are effectively managed and addressed, working closely with other functions such as GRC and security advisory teams to ensure that identified risks are tracked, remediated and appropriately governed.

About you

• Current knowledge and understanding of cyber security and information security practices, principles, tools and techniques.
• Qualifications and certifications from information security bodies such as GIAC, ISC2, ISACA, ISA, CompTIA.
• Knowledge of relevant legislation and regulation such as Data Protection Act (DPA), Network and Information Systems (NIS) Regulation, Payment Card Industry Data Security Standard (PCI DSS).
• Knowledge of industry best practice and frameworks such as ISO27001, IEC62443, NIST Cyber Security Framework, CIS Critical Security Controls, PTES, OWASP, MITRE ATT&CK.
• Knowledge in telecommunications and IP networking, network and computer system architecture, network infrastructure, enterprise‑level cyber security technologies for use in complex environments.
• Degree level education or equivalent experience, ideally in science, engineering, technology, computing, cyber security or a related field.
• Knowledge of pen testing / red teaming methodologies including tooling, techniques and procedures.

Skills

• Highly effective verbal and written communication skills, with the ability to translate complex technical vulnerabilities and risks into clear, business‑focused language for diverse audiences.
• Strong capability to review, challenge, and influence technology and engineering designs at a strategic and architectural level.
• Proven ability to analyse cyber security risks and recommend appropriate security controls and testing approaches aligned with organisational requirements.
• Demonstrated leadership skills, with the ability to lead and coordinate a team across a diverse and concurrent portfolio of penetration testing and red team activities.
• Excellent analytical and problem‑solving skills, applying a pragmatic and risk‑based approach to identifying and addressing security weaknesses.
• A constructive and collaborative leadership style, with a strong focus on mentoring, coaching, and developing team members.

Experience

• Demonstrated experience leading penetration testing and red team functions within complex IT and Operational Technology (OT) environments, including industrial control systems and safety‑critical infrastructure.
• Proven experience planning and executing offensive security engagements that simulate real‑world threat scenarios while maintaining operational safety and regulatory compliance.
• Experience building, developing, and managing high‑performing penetration testing and red team teams, including the effective use of specialist external providers.
• Experience integrating penetration testing and red team outcomes into organisational risk management, security architecture, and assurance processes.
• Strong experience translating complex technical vulnerabilities and attack paths into clear, risk‑based insights for senior leadership and non‑technical stakeholders.
• Demonstrated experience collaborating with architecture, engineering, and operational teams to influence secure design and implementation.

Excellent Benefits include:

• Final salary pension scheme
• Free travel for you on the TfL network
• Reimbursement of 75% of the cost of a standard class Ticket for National Rail travel from home or 75% reimbursement on a 28‑day flexi ticket
• 30 days annual leave plus public and bank holidays
• TfL is committed to work‑life balance, operating a hybrid working approach where business and role requirements allow
• Tax‑efficient cycle‑to‑work programme
• Retail, health, leisure and travel offers
• Discounted Eurostar travel

Equality, diversity and inclusion

We are committed to equality, diversity and inclusion. We want to represent the city we serve, which will help us become a more innovative and efficient organisation. Our goal is to make our recruitment as inclusive as possible. We are a disability confident employer who guarantee an interview to any disabled candidate who meets all of the essential criteria. We also use anonymising software that removes identifying information from CVs and cover letters to make the process fair.