SecOps Engineer

SecOps Engineer

Full-Time 55000 - 65000 £ / year (est.) No working from home possible
Trainline

At a Glance

  • Tasks: Monitor and respond to security events while enhancing threat detection capabilities.
  • Company: Join Trainline, a leading tech company revolutionising travel with a focus on sustainability.
  • Benefits: Enjoy private healthcare, flexible work options, and generous career growth opportunities.
  • Other info: Diverse and inclusive workplace with a commitment to personal development.
  • Why this job: Make a real impact in cybersecurity while working with cutting-edge technology.
  • Qualifications: Experience with Splunk and a passion for improving security operations.

The predicted salary is between 55000 - 65000 £ per year.

About Us

We are champions of rail, inspired to build a greener, more sustainable future of travel. Trainline enables millions of travellers to find and book the best value tickets across carriers, fares, and journey options through our highly rated mobile app, website, and B2B partner channels. As a FTSE 250 company driven by our incredible team of over 1,000 Trainliners from 50+ nationalities, based across London, Paris, Barcelona, Milan, Edinburgh and Madrid, we collaborate with 270+ rail and coach companies in over 40 countries. With a focus on growth in the UK and Europe, now is the perfect time to join us on this high‑speed journey.

Role Overview

Our Security Operations team plays a vital role in protecting Trainline’s people, platforms and data. As a Security Operations Engineer you will primarily work on monitoring, investigating and responding to security events while helping to strengthen our detection and response capabilities through continuous engineering and automation improvements. Working closely with Security, Engineering and Technology teams you will combine operational analysis with hands‑on engineering, using Splunk, automation and AI to improve threat detection, streamline investigations and enhance our overall security posture.

Responsibilities

  • Monitor, triage and investigate security alerts, leading technical investigations and working with stakeholders to contain, remediate and learn from security incidents.
  • Use Splunk Search Processing Language (SPL) to investigate security events, identify patterns of malicious activity and support incident response.
  • Design, develop, automate and continuously tune Splunk detection rules, improving alert fidelity, reducing false positives and expanding visibility across our technology estate.
  • Build and enhance automation and AI‑driven workflows to improve threat detection, investigation and alert triage, enabling the team to respond more effectively and efficiently at scale.
  • Perform proactive threat hunting using threat intelligence and security telemetry to identify emerging threats, improve detection capabilities and help shape our Security Operations roadmap.
  • Support the administration, configuration and continuous optimisation of our SIEM platform (Splunk), ensuring it remains resilient, up to date, cost effective and aligned with industry best practice.
  • Partner with Engineering and Technology teams to embed security best practices into systems, tooling and operational processes, while supporting vulnerability management activities, including the assessment and response to critical and zero‑day vulnerabilities.
  • Participate in the On‑Call Rota with the team.
  • Produce clear documentation, dashboards and reporting that provide operational insight, support knowledge sharing and enable stakeholders to make informed security decisions.
  • Contribute to the wider Security function by supporting compliance and certification activities, including GDPR, PCI DSS and ISO 27001.

Qualifications

  • Hands‑on experience with Splunk, including developing and tuning detection rules, log management and investigating security events using Splunk Search Processing Language (SPL).
  • Experience designing, automating and continuously improving threat detection capabilities using automation and AI to enhance Security Operations.
  • Experience applying AI, whether through vendor‑provided capabilities or custom workflows, to improve threat detection, investigations or operational efficiency would be highly beneficial.
  • Strong technical knowledge across cybersecurity, infrastructure, networking or cloud technologies, with the ability to investigate security events and make informed, risk‑based decisions.
  • Experience working with security technologies such as Microsoft Defender, endpoint detection and response (EDR) solutions and SIEM platforms.
  • Experience working with Web Application Firewalls (WAF), including creating, tuning and maintaining WAF rules to protect internet‑facing applications would be highly beneficial.
  • Experience with vulnerability management, including assessing, prioritising and responding to critical vulnerabilities and zero‑day exploits, would be beneficial.
  • Experience working within an e‑commerce or high‑traffic digital environment would be highly beneficial, with an understanding of the unique security challenges associated with customer‑facing platforms.
  • Excellent analytical, communication and documentation skills, with the ability to collaborate effectively across teams and explain technical concepts clearly to both technical and non‑technical stakeholders.
  • Experience supporting compliance frameworks such as GDPR, PCI DSS or ISO 27001 would be helpful but isn’t essential.

Benefits

Enjoy private healthcare and dental insurance, a generous work‑from‑abroad policy, 2‑for‑1 share purchase plans, an EV scheme, extra festive time off and excellent family‑friendly benefits. We prioritise career growth with clear career paths, transparent pay bands, personal learning budgets and regular learning days. We operate a hybrid model requiring Trainliners to work from the office a minimum of 60% of their time over a 12‑week period and have a 28‑day work‑from‑abroad policy.

Diversity & Inclusion

We know that having a diverse team makes us better and helps us succeed. We are committed to creating inclusive places to work, where everyone belongs and differences are valued and celebrated. We value diversity in gender, ethnicity, sexuality, disability, nationality and thought.

Our Values

  • Think Big – We’re building the future of rail
  • Own It – We focus on every customer, partner and journey
  • Travel Together – We’re one team
  • Do Good – We make a positive impact

How to Learn More

Interested in finding out more about what it’s like to work at Trainline? Check us out on LinkedIn, Instagram and Glassdoor.

Trainline

Contact Details:

Trainline Recruitment Team

We think you need these skills to ace SecOps Engineer

Splunk
Splunk Search Processing Language (SPL)
Threat Detection
Automation
AI Integration
Cybersecurity
Vulnerability Management