At a Glance
- Tasks: Lead and manage Cyber Security Testing to protect critical transport networks.
- Company: Join Transport for London, a key player in keeping the city moving.
- Benefits: Enjoy free travel, generous leave, and a final salary pension scheme.
- Other info: Embrace a hybrid work model and be part of an inclusive, diverse team.
- Why this job: Make a real impact on national infrastructure while developing in-demand cyber security skills.
- Qualifications: Experience in cyber security, with relevant certifications and knowledge of industry standards.
The predicted salary is between 60000 - 75000 £ per year.
Permanent Role
Location: North Greenwich, London, 50% Office Attendance Model.
This role does not offer UK Sponsorship.
Help safeguard one of the world’s most critical transport networks.
About us
At Transport for London (TfL), we keep a global city moving. Behind the scenes, a powerful and complex technology landscape supports millions of journeys every day—spanning customer platforms, corporate systems, and safety‑critical IT and operational technology (OT). Security Operations leads the proactive detection and response to threats, while our OT and IT Cyber Security Advisory teams partner with the business to manage and reduce cyber risk across critical infrastructure and IT systems. Security Engineering strengthens our defences through tooling strategy and technical expertise, and Assurance ensures strong governance, policies, and compliance. Our evolving Engagement capability also plays a key role in building awareness and a strong security culture across TfL.
Join us and you’ll be at the forefront of protecting critical national infrastructure, working on cutting‑edge IT and OT initiatives in a fast‑paced, high‑stakes environment. This is your chance to tackle sophisticated threats, build in‑demand skills, and be part of something bigger. You’ll be supported with industry‑leading training, a collaborative team culture, and the opportunity to shape the future of cyber security in transport.
About the role
This role leads and manages the Cyber Security Testing function within the Cyber Security Architecture, Product and Testing team. It provides strategic direction, expert guidance and comprehensive security testing capabilities through a blended model of internal resources and trusted external partners. As the Security Testing Lead, you will set the direction for security testing services and build and lead a team within the Architecture, Product and Testing function. You will oversee the delivery of security testing services to risk owners, projects, internal teams and business units, supporting a wide range of IT and Operational Technology (OT) systems and services across the organisation. In addition to overseeing testing activities, you will be expected to maintain sufficient technical expertise to undertake security testing where required. The role will also ensure that the outcomes of security testing are effectively managed and addressed, working closely with other functions such as GRC and security advisory teams to ensure that identified risks are tracked, remediated and appropriately governed.
About you
Current knowledge and understanding of cyber security and information security practices, principles, tools and techniques.
Qualifications and certifications from information security bodies such as GIAC, ISC2, ISACA, ISA, CompTIA.
Knowledge of relevant legislation and regulation such as Data Protection Act (DPA), Network and Information Systems (NIS) Regulation, Payment Card Industry Data Security Standard (PCI DSS).
Knowledge of industry best practice and frameworks such as ISO27001, IEC62443, NIST Cyber Security Framework, CIS Critical Security Controls, PTES, OWASP, MITRE ATT&CK.
Knowledge in telecommunications and IP networking, network and computer system architecture, network infrastructure, enterprise‑level cyber security technologies for use in complex environments.
Degree level education or equivalent experience, ideally in science, engineering, technology, computing, cyber security or a related field.
Knowledge of pen testing / red teaming methodologies including tooling, techniques and procedures.
Skills
Highly effective verbal and written communication skills, with the ability to translate complex technical vulnerabilities and risks into clear, business‑focused language for diverse audiences.
Strong capability to review, challenge, and influence technology and engineering designs at a strategic and architectural level.
Proven ability to analyse cyber security risks and recommend appropriate security controls and testing approaches aligned with organisational requirements.
Demonstrated leadership skills, with the ability to lead and coordinate a team across a diverse and concurrent portfolio of penetration testing and red team activities.
Excellent analytical and problem‑solving skills, applying a pragmatic and risk‑based approach to identifying and addressing security weaknesses.
A constructive and collaborative leadership style, with a strong focus on mentoring, coaching, and developing team members.
Experience
Demonstrated experience leading penetration testing and red team functions within complex IT and Operational Technology (OT) environments, including industrial control systems and safety‑critical infrastructure.
Proven experience planning and executing offensive security engagements that simulate real‑world threat scenarios while maintaining operational safety and regulatory compliance.
Experience building, developing, and managing high‑performing penetration testing and red team teams, including the effective use of specialist external providers.
Experience integrating penetration testing and red team outcomes into organisational risk management, security architecture, and assurance processes.
Strong experience translating complex technical vulnerabilities and attack paths into clear, risk‑based insights for senior leadership and non‑technical stakeholders.
Demonstrated experience collaborating with architecture, engineering, and operational teams to influence secure design and implementation.
Excellent Benefits include:
Final salary pension scheme
Free travel for you on the TfL network
Reimbursement of 75% of the cost of a standard class Ticket for National Rail travel from home or 75% reimbursement on a 28‑day flexi ticket
30 days annual leave plus public and bank holidays
TfL is committed to work‑life balance, operating a hybrid working approach where business and role requirements allow
Tax‑efficient cycle‑to‑work programme
Retail, health, leisure and travel offers
Discounted Eurostar travel
Equality, diversity and inclusion
We are committed to equality, diversity and inclusion. We want to represent the city we serve, which will help us become a more innovative and efficient organisation. Our goal is to make our recruitment as inclusive as possible. We are a disability confident employer who guarantee an interview to any disabled candidate who meets all of the essential criteria. We also use anonymising software that removes identifying information from CVs and cover letters to make the process fair.
Cyber Security Testing Lead in London employer: Future of London
Transport for London (TfL) is an exceptional employer, offering a dynamic work environment where you can play a crucial role in safeguarding one of the world's most critical transport networks. With a strong commitment to employee growth, TfL provides industry-leading training, a collaborative culture, and generous benefits including free travel on the TfL network and a final salary pension scheme. Join us in North Greenwich, London, and be part of a forward-thinking team dedicated to shaping the future of cyber security in transport.
StudySmarter Expert Advice🤫
We think this is how you could land Cyber Security Testing Lead in London
✨Tip Number 1
Network like a pro! Get out there and connect with folks in the cyber security field. Attend meetups, webinars, or even local events. You never know who might have the inside scoop on job openings or can put in a good word for you.
✨Tip Number 2
Show off your skills! Create a portfolio showcasing your projects, certifications, and any relevant experience. This is your chance to demonstrate what you can bring to the table, especially in a technical role like Cyber Security Testing Lead.
✨Tip Number 3
Prepare for interviews by brushing up on common questions and scenarios related to cyber security. Practice explaining complex concepts in simple terms—this will help you connect with non-technical interviewers and show your communication skills.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, it shows you’re genuinely interested in joining our team at TfL.
We think you need these skills to ace Cyber Security Testing Lead in London
Some tips for your application 🫡
Tailor Your CV:Make sure your CV is tailored to the Cyber Security Testing Lead role. Highlight relevant experience, skills, and certifications that match the job description. We want to see how your background aligns with our needs!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you're passionate about cyber security and how you can contribute to TfL. Keep it concise but impactful—show us your personality!
Showcase Your Technical Skills:Don’t forget to mention your technical expertise in cyber security practices and tools. We’re looking for someone who can translate complex vulnerabilities into clear insights, so make sure to highlight your communication skills too!
Apply Through Our Website:We encourage you to apply directly through our website. It’s the best way to ensure your application gets seen by the right people. Plus, it shows us you’re serious about joining our team at TfL!
How to prepare for a job interview at Future of London
✨Know Your Cyber Security Stuff
Make sure you brush up on the latest cyber security practices, tools, and techniques. Familiarise yourself with relevant legislation like the Data Protection Act and industry frameworks such as ISO27001 and NIST. This knowledge will not only help you answer questions confidently but also show your genuine interest in the field.
✨Showcase Your Leadership Skills
As a Cyber Security Testing Lead, you'll need to demonstrate your ability to lead and mentor a team. Prepare examples of how you've successfully managed teams or projects in the past, especially in high-pressure environments. Highlight your collaborative approach and how you’ve influenced secure design in previous roles.
✨Communicate Clearly
You’ll be translating complex technical vulnerabilities into business-focused language, so practice explaining your past experiences in simple terms. Think about how you can convey your insights to non-technical stakeholders, as this will be crucial in your role at Transport for London.
✨Prepare for Scenario-Based Questions
Expect to face scenario-based questions that test your problem-solving skills in real-world situations. Think through potential threats and how you would address them, particularly in IT and Operational Technology environments. Being able to articulate your thought process will impress the interviewers.
