Senior Cyber Security Operations Analyst - Threat Hunting

Apply now »

Date: 21 Jul 2025

Location: Pier Walk, TfL Corporate

Company: TfL, GLA or OPDC

Location: North Greenwich, London/ 50% office attendance model

Salary: £65,000 - £70,000 plus fantastic benefits like free travel on Underground and bus networks, Final Salary Pension Scheme, 30 days holiday and flexible working

2 Positions available

UK Sponsorship available although candidates are responsible for their own application fees

 

About us:
As cyber threats continue to diversify and grow, so too does TfL’s need to develop our cyber security culture and capabilities to ensure we continue to protect the services and systems which keep London moving.  TfL’s cyber security professionals play a critical and ever-increasing role in protecting these services and systems, safeguarding our customers as they travel across London’s Transport network.

 

About the role
The purpose of this role is to deliver technical cyber security support. This support includes the security of TfL's fixed, mobile and virtual environments and associated data contained in these environments.  The role will be responsible and accountable for the initial investigation and triaging of Cyber Security events escalating where necessary to senior analysts in the security operations team.


You will Identify, track and document existing and emerging threats for their capabilities and risk which will be used to inform TFL’s threat detection capabilities, threat hunting and internal customers. Your role will ensure that all TfL functions are informed about their risks to cyber threats and that TFL are well positioned to identify attacks.

 

Key accountabilities

  • Responsible for proactively monitoring TfL systems for malicious activity and intrusions using real time data and alerting from various data sources measured against agreed SLAs.
  • Responsible for ensuring processes and operational documentation is maintained, fit for purpose and updated regularly to reflect changing business needs.
  • Responsible for implementing the TfL Incident Response process for Cyber Security Incidents, in collaboration with key stakeholder across the organisation
  • Responsible for the triaging and investigation of notable events before elevating them to an incident and executing the incident response process.
  • Responsible for investigating and handling escalated events and incidents in collaboration with key stakeholders and seeing them through to closure
  • Responsible for tuning detection and monitoring tooling to provide high fidelity alerting worthy of further investigation and mitigating false positives.
  • Responsible for keeping up to date with current cyber developments and trends,  and maintaining your skills through continuous personal development and working collaboratively with colleagues, both internal and external to the team.

 

Skills

  • Demonstrable skills in using security tooling to provide contextual data to allow for a thorough assessment of an event.
  • Ability to communicate effectively written and verbally and influence others in order to minimise TfL's Cyber Risk through effective monitoring, detection and where necessary mitigation
  • Ability to effectively use a SIEM solution to identify events that warrant further investigation
  • Ability to prioritise tasks according to the risk posed to the TfL environment.
  • Ability to use Threat Intelligence to aid the detection of potential cyber security events and incidents.
    to work under pressure.

 

Knowledge

  • Educated to Degree level or equivalent - industry recognised qualifications such as CEH, GCIH, GPEN, GDAT, CISSP
  • Knowledge of cyber security and information security controls best practice with supporting qualifications where possible - such as Security+, Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), CPNI 10 and SANS 20.
  • Knowledge of relevant legislation and government standards - including Security Policy Framework, Information Assurance Maturity Model, Security Essentials, Data Protection Act, Freedom of Information Act, EU Procurement Directives.
  • A broad understanding of network and computer system architecture, operations and protocols.
    Understanding of information security management concepts to support solutions and processes.

 

Experience

  • Experience of implementing and managing security monitoring and response in a complex organisation
  • Experience of working in an operational environment such as a SOC, CSIRT or CERT function.
  • Experience on leading the response to a Cyber Security incident or event
  • Experience of mentoring junior analysts 
  • Knowledge of the Mitre ATTA&CK and NIST framework and how this can used to further improve security monitoring and detection.
  • Knowledge of the Cyber Kill Chain
  • Technical knowledge of computer network and systems and the necessary controls that can be used to prevent unauthorised access.

 

Closing date: Monday 4th August  2023 at 23.59

 

Excellent Benefits include:

  • Final salary pension scheme
  • Free travel for you on the TfL network
  • Reimbursement of 75% of the cost of a standard class Ticket for National Rail travel from home or 75% reimbursement on a 28-day flexi ticket
  • 30 days annual leave plus public and bank holidays
  • TfL is committed to work-life balance, operating a hybrid working approach where business and role requirements allow
  • Private healthcare discounted scheme (optional)
  • Tax-efficient cycle-to-work programme
  • Retail, health, leisure and travel offers
  • Discounted Eurostar travel


Additional Information
Please apply supplying your CV preferably in “.docx” format. This document should be A4, in Arial 12 font, and a maximum of 2 pages per document.


If you are shortlisted you may be invited to take part in a Video interview. We endeavour to give candidates as much notice as possible however some interviews/ assessments will be organised at short notice and will require a degree of flexibility. We reserve the right to close the application window early if we receive a high volume of suitable applications.

 

Equality, diversity and inclusion

We are committed to equality, diversity and inclusion. We want to represent the city we serve, which will help us become a more innovative and efficient organisation. Our goal is to make our recruitment as inclusive as possible. We are a disability confident employer who guarantee an interview to any disabled candidate who meets all of the essential criteria. We also use anonymising software that removes identifying information from CVs and cover letters to make the process fair.

 

Many of our staff work flexibly in many different ways. Please talk to us at interview about the flexibility you need. We'll see what we can do.

We understand a confidence gap can get in the way of meeting spectacular candidates. So please don’t hesitate to apply if you think you have what it takes even if you feel you don’t meet all the criteria. We’d love to hear from you.