Cyber Security Engineering and Product Lead

Salary: £80,000 – 85,000 plus fantastic benefits

Permanent Role

Location: North Greenwich, London, 50% Office Attendance Model.

Advert closes: Tuesday 9th June 2026 at 23.59

This role does not offer UK Sponsorship

Help safeguard one of the world’s most critical transport networks

About us:

At Transport for London (TfL), we keep a global city moving. Behind the scenes, a powerful and complex technology landscape supports millions of journeys every day—spanning customer platforms, corporate systems, and safety-critical IT and operational technology (OT).

Security Operations leads the proactive detection and response to threats, while our OT and IT Cyber Security Advisory teams partner with the business to manage and reduce cyber risk across critical infrastructure and IT systems. Security Engineering strengthens our defences through tooling strategy and technical expertise, and Assurance ensures strong governance, policies, and compliance. Our evolving Engagement capability also plays a key role in building awareness and a strong security culture across TfL.

Join us and you’ll be at the forefront of protecting critical national infrastructure, working on cutting-edge IT and OT initiatives in a fast-paced, high-stakes environment. This is your chance to tackle sophisticated threats, build in-demand skills, and be part of something bigger.  You’ll be supported with industry-leading training, a collaborative team culture, and the opportunity to shape the future of cyber security in transport.

About the role:

This role leads and manages the Cyber Security Engineering and Product function within the Cyber Security Architecture, Product and Testing team. It provides direction, expert guidance, and comprehensive engineering and product expertise, delivered through a blended model of internal resources and trusted external partners.

As the Cyber Security Engineering and Product lead, you will set the direction for security engineering services and lead a team within the Architecture, Product and Testing function. You will oversee the delivery of security tasks, assist projects, and business units, and support a wide range of IT and Operational Technology (OT) systems and services across the organisation to implement security controls. You will be the technical point of contact for the wider Cyber Security team as well as building, enhancing and developing the tools and solutions our Security Operations Centre use.

You will also be responsible for the day to day life cycle management of Cyber Security Tooling, including renewals.

About you:

Knowledge:

• Has current knowledge and understanding of cyber security and information security practices, principles, tools and techniques.

• Qualifications and certifications from information security bodies such as: GIAC, ISC2, ISACA, ISA, CompTIA.

• Knowledge of relevant legislation and Regulation such as: Data Protection Act (DPA), Network and Information Systems (NIS) Regulation, Payment Card Industry Data Security Standard (PCI DSS).

• Knowledge of industry best practice and frameworks such as: ISO27001, IEC62443, NIST Cyber Security Framework, CIS Critical Security Controls, MITRE ATT&CK

• Knowledge in telecommunications and IP networking, network and computer system architecture, network infrastructure, enterprise-level cyber security technologies for use in complex environments.

• Degree level education or equivalent experience, ideally in science, engineering, technology, computing, cyber security or a related field. • Knowledge of network and computer system architecture, including cloud.

Skills:

• Highly effective verbal and written communication skills, with the ability to translate complex technical challenges and risks into clear, business-focused language for diverse audiences.

• Strong capability to review, challenge, and influence technology and engineering designs at a strategic and architectural level.

• Proven ability to analyse cyber security risks and recommend appropriate security controls and testing approaches aligned with organisational requirements.

• Demonstrated leadership skills, with the ability to lead and coordinate a team across a diverse technology estate.

•  Excellent analytical and problem-solving skills, applying a pragmatic and risk-based approach to identifying and addressing security weaknesses.

•  A constructive and collaborative leadership style, with a strong focus on mentoring, coaching, and developing team members.

Experience:

•Demonstrated experience leading engineering functions within complex IT and Operational Technology (OT) environments, including safety-critical infrastructure.

•Proven experience planning and executing engineering pipelines and development whilst maintaining operational safety and regulatory compliance.

•Experience building, developing, and managing high-performing engineering teams, including the effective use of specialist external providers.

• Experience integrating engineering and product delivery outcomes into tangible risk reduction through security controls and engineering

•Strong experience translating complex technical vulnerabilities, engineering concepts into clear, risk-based insights for senior leadership and non-technical stakeholders. Demonstrated experience collaborating with other cyber security teams.

Excellent Benefits include: 

• Final salary pension scheme
• Free travel for you on the TfL network
• Reimbursement of 75% of the cost of a standard class Ticket for National Rail travel from home or 75% reimbursement on a 28-day flexi ticket
• 30 days annual leave plus public and bank holidays
• TfL is committed to work-life balance, operating a hybrid working approach where business and role requirements allow
• Private healthcare discounted scheme (optional)
• Tax-efficient cycle-to-work programme
• Retail, health, leisure and travel offers
• Discounted Eurostar travel

Additional Information
Please apply supplying your CV preferably in “.docx” format. This document should be A4, in Arial 12 font, and a maximum of 2 pages per document.

If you are shortlisted you may be invited to take part in a Video interview. We endeavour to give candidates as much notice as possible however some interviews/ assessments will be organised at short notice and will require a degree of flexibility. We reserve the right to close the application window early if we receive a high volume of suitable applications.

Equality, diversity and inclusion

We are committed to equality, diversity and inclusion. We want to represent the city we serve, which will help us become a more innovative and efficient organisation. Our goal is to make our recruitment as inclusive as possible. We are a disability confident employer who guarantee an interview to any disabled candidate who meets all of the essential criteria. We also use anonymising software that removes identifying information from CVs and cover letters to make the process fair.

Many of our staff work flexibly in many different ways. Please talk to us at interview about the flexibility you need. We'll see what we can do.

We understand a confidence gap can get in the way of meeting spectacular candidates. So please don’t hesitate to apply if you think you have what it takes even if you feel you don’t meet all the criteria. We’d love to hear from you.

At Transport for London, safety, trust and fairness sit at the heart of how we recruit. Our Vetting Charter (https://tfl.gov.uk/corporate/careers/our-vetting-process) explains the checks we carry out before you join us, helping ensure we create a safe, inclusive and reliable network for everyone who depends on our services. We simply ask that the information you provide is honest and accurate so we can progress your application smoothly. If something doesn’t match or can’t be verified, we may not be able to move forward with your application but we’ll always treat you with transparency, respect and clear communication throughout.