SecOps Engineer in London

SecOps Engineer in London

London Full-Time 60000 - 80000 £ / year (est.) No working from home possible
Trainline plc

At a Glance

  • Tasks: Monitor and respond to security events while enhancing detection capabilities through automation.
  • Company: Join Trainline, a leading UK tech company transforming travel for millions.
  • Benefits: Enjoy private healthcare, generous work-from-abroad policy, and clear career paths.
  • Other info: Diverse and inclusive workplace with excellent growth opportunities.
  • Why this job: Make a real impact in cybersecurity while working with cutting-edge technology.
  • Qualifications: Experience with Splunk and strong knowledge of cybersecurity and cloud technologies.

The predicted salary is between 60000 - 80000 £ per year.

About Trainline

Trainline is a UK-based FTSE 250 company that enables millions of travellers to find and book the best value tickets across rail and coach carriers.

We have a highly rated mobile app, website and B2B partner channels and operate in over 40 countries.

Security Operations Engineer

The Security Operations team protects Trainline’s people, platforms and data.

As a Security Operations Engineer you will monitor, investigate and respond to security events while strengthening detection and response capabilities through engineering and automation improvements.

Responsibilities

  • Monitor, triage and investigate security alerts, leading technical investigations and working with stakeholders to contain, remediate and learn from security incidents.
  • Use Splunk Search Processing Language (SPL) to investigate security events, identify patterns of malicious activity and support incident response.
  • Design, develop, automate and continuously tune Splunk detection rules, improving alert fidelity, reducing false positives and expanding visibility across our technology estate.
  • Build and enhance automation and AI‑driven workflows to improve threat detection, investigation and alert triage, enabling the team to respond more effectively and efficiently at scale.
  • Perform proactive threat hunting using threat intelligence and security telemetry to identify emerging threats, improve detection capabilities and help shape our Security Operations roadmap.
  • Support the administration, configuration and continuous optimisation of our SIEM platform (Splunk), ensuring it remains resilient, up to date, cost‑effective and aligned with industry best practice.
  • Partner with Engineering and Technology teams to embed security best practices into systems, tooling and operational processes, while supporting vulnerability management activities, including the assessment and response to critical and zero‑day vulnerabilities.
  • Participate in the On‑Call Rota with the team.
  • Produce clear documentation, dashboards and reporting that provide operational insight, support knowledge sharing and enable stakeholders to make informed security decisions.

Contribute to the wider Security function by supporting compliance and certification activities, including GDPR, PCI DSS and ISO 27001.

Qualifications

  • Hands‑on experience with Splunk, including developing and tuning detection rules, log management and investigating security events using SPL.
  • Experience designing, automating and continuously improving threat detection capabilities using automation and AI.
  • Experience applying AI, whether through vendor‑provided capabilities or custom workflows, to improve threat detection, investigations or operational efficiency.
  • Strong technical knowledge across cybersecurity, infrastructure, networking or cloud technologies, with the ability to investigate security events and make informed, risk‑based decisions.
  • Experience working with security technologies such as Microsoft Defender, endpoint detection and response (EDR) solutions and SIEM platforms.
  • Experience working with Web Application Firewalls (WAF), including creating, tuning and maintaining WAF rules to protect internet‑facing applications.
  • Experience with vulnerability management, including assessing, prioritising and responding to critical vulnerabilities and zero‑day exploits.
  • Experience working within an e‑commerce or high‑traffic digital environment, with an understanding of the unique security challenges of customer‑facing platforms.
  • Excellent analytical, communication and documentation skills, with the ability to collaborate effectively across teams and explain technical concepts clearly to both technical and non‑technical stakeholders.

Experience supporting compliance frameworks such as GDPR, PCI DSS or ISO 27001 is helpful but not essential.

Benefits

  • Private healthcare and dental insurance.
  • Generous work‑from‑abroad policy and a 28‑day work‑from‑abroad window each year.
  • 2‑for‑1 share purchase plan.
  • EV Scheme to reduce carbon emissions.
  • Extra festive time off and excellent family‑friendly benefits.
  • Clear career paths, transparent pay bands, personal learning budgets and regular learning days.

EEO Statement

We believe that diversity and inclusion are essential to our success.

We are committed to creating an inclusive workplace where everyone belongs and differences—across gender, ethnicity, sexuality, disability, nationality and thought—are valued and celebrated.

#J-18808-Ljbffr

Trainline plc

Contact Details:

Trainline plc Recruitment Team

We think you need these skills to ace SecOps Engineer in London

Splunk Search Processing Language (SPL)
Threat Detection
Automation
AI-driven Workflows
Cybersecurity Knowledge
Vulnerability Management
Web Application Firewalls (WAF)