About us:
As cyber threats continue to diversify and grow, so too does TfL’s need to develop our cyber security culture and capabilities to ensure we continue to protect the services and systems which keep London moving.  TfL’s cyber security professionals play a critical and ever-increasing role in protecting these services and systems, safeguarding our customers as they travel across London’s Transport network

About the role
You will be responsible and accountable for defined aspects of the implementation and improvement of TfL's cyber security posture. This includes the identification and capture of requirements, engagement with stakeholders, the selection and delivery of solutions, and ensuring that solutions maintain their effectiveness in an ever-changing threat environment.
This means you will work with colleagues in the Cyber Security and Incident Response Team (CSIRT), delivering TfL’s cyber security strategy, as they continuously improve cyber security techniques that reduce the risk posed by cyber attack to TfL’s information, systems and operations.

Key accountabilities
•    Responsible for proactively monitoring TfL systems for malicious activity and intrusions using real time data and alerting from various data sources measured against agreed SLAs.
•    Responsible for ensuring processes and operational documentation is maintained, fit for purpose and updated regularly to reflect changing business needs.
•    Responsible for implementing the TfL Incident Response process for Cyber Security Incidents, in collaboration with key stakeholder across the organisation
•    Responsible for the triaging and investigation of notable events before elevating them to an incident and executing the incident response process.
•    Responsible for investigating and handling escalated events and incidents in collaboration with key stakeholders and seeing them through to closure
•    Responsible for tuning detection and monitoring tooling to provide high fidelity alerting worthy of further investigation and mitigating false positives.
•    Responsible for keeping up to date with current cyber developments and trends,  and maintaining your skills through continuous personal development and working collaboratively with colleagues, both internal and external to the team.

Skills
•    Demonstrable skills in using security tooling to provide contextual data to allow for a thorough assessment of an event.
•    Ability to communicate effectively written and verbally and influence others in order to minimise TfL's Cyber Risk through effective monitoring, detection and where necessary mitigation
•    Ability to effectively use a SIEM solution to identify events that warrant further investigation
•    Ability to prioritise tasks according to the risk posed to the TfL environment.
•    Ability to use Threat Intelligence to aid the detection of potential cyber security events and incidents.
•    Ability to work under pressure.

Knowledge
•    Educated to Degree level or equivalent - industry recognised qualifications such as CEH, GCIH, GPEN, GDAT, CISSP
•    Knowledge of cyber security and information security controls best practice with supporting qualifications where possible - such as Security+, Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), CPNI 10 and SANS 20.
•    Knowledge of relevant legislation and government standards - including Security Policy Framework, Information Assurance Maturity Model, Security Essentials, Data Protection Act, Freedom of Information Act, EU Procurement Directives.
•    A broad understanding of network and computer system architecture, operations and protocols.
•    Understanding of information security management concepts to support solutions and processes.

Experience
•    Experience of implementing and managing security monitoring and response in a complex organisation
•    Experience of working in an operational environment such as a SOC, CSIRT or CERT function.
•    Experience on leading the response to a Cyber Security incident or event
•    Experience of mentoring junior analysts 
•    Knowledge of the Mitre ATTA&CK and NIST framework and how this can used to further improve security monitoring and detection.
•    Knowledge of the Cyber Kill Chain
•    Technical knowledge of computer network and systems and the necessary controls that can be used to prevent unauthorised access.

Closing date: Monday 9th May 2022 at 23.59 

Excellent Benefits include: 
• Final salary pension scheme
• Free travel for you on the TfL network 
• A 75% discount on National Rail Season Ticket and interest free loan 
• 30 days annual leave plus public and bank holidays 
• Private Healthcare 
• Tax-efficient cycle-to-work programme 
• Retail, health, leisure and travel offers 
• Discounted Eurostar travel

Additional Information 
Please apply by using your CV and a covering letter. Please think carefully about the skills, knowledge and experience outlined in the job description and ensure your application reflects the requirements of the role. 

If you are shortlisted you will be invited to take part in a Video interview. We endeavour to give candidates as much notice as possible however some interviews/ assessments will be organised at short notice and will require a degree of flexibility. We reserve the right to close the application window early if we receive a high volume of suitable applications. 

We are committed to equality, diversity and inclusion. We want to represent the city we serve, which will help us become a more innovative and efficient organisation. Our goal is to make our recruitment as inclusive as possible. We are a disability confident employer who guarantee an interview to any disabled candidate who meets all of the essential criteria. We also use anonymising software that removes identifying information from CVs and cover letters to make the process fair.