Cyber Security Engineer Operational Technology

About DFT Operator

Join Our Team at DFTO

DFTO is the government’s public sector rail owning group. Its purpose is to bring all currently privately-owned train operators into public ownership in advance of the creation of Great British Railways in 2027 - and deliver improvements in the here and now by unifying and integrating train operations under common public ownership.

DFTO has over 30,000 employees, runs over 8,500 services a day and delivers over 640 million customer journeys across its networks every year. 7,000 people joined the railway family in the last year

Major improvements are being delivered by DFTO train operators (TOCs) that are already under public ownership - these are LNER, Northern, TransPennine Express (TPE), Southeastern, South Western Railway (SWR), c2c, Greater Anglia and WM Trains.

We work closely with the DfT but operate independently with our own governance and leadership teams. Our priority is ensuring efficient, dependable rail services for everyone.

Primary Purpose Of Job

This role is responsible for supporting DFTO Operators manage their Operational Technology (OT) cyber security responsibilities through the design, implementation, continual improvement and monitoring of OT cyber security solutions. The post holder will play a key role in aligning OT cyber security practices across the DFTO Group working closely with industry colleagues across the whole of UK rail to protect the business from OT security threats whilst adhering to industry OT cyber security standards.

As a subject matter expert in multiple OT cyber security technologies the post holder will be responsible for the management, maintenance and improvement of OT cyber security across the DFTO Group. The key focus being to ensure the DFTO Group is protected from OT cyber and information security risk.

The post holder will act as a point of contact for the cyber security technical teams across the DFTO Group as well as being responsible for supporting central DTFO colleagues.

This role will ensure robust, scalable, and high-quality OT services that support the DFTO group’s strategic objectives.

Key Responsibilities

• Support the DFTO Group Head of Cyber Security to oversee the delivery and support of cyber security applications and platforms across all areas of the Group, with specific focus on OT Cyber Security provision within the Operator TOC’s. • Manage the continued review, research, and development of current OT security controls, ensuring their effectiveness and efficiency. • Contribute to the Cyber Security Risk Register working with business and solution owners to identify, mitigate, treat and remediate risk in accordance with the DFTO Group risk appetite, ensuring alignment to industry best practice • Proactively identify weaknesses in hardware, software and applications through vulnerability assessments, penetration testing, and managing any required remediation processes. Providing security patch deployment methodologies to all core infrastructures. • Monitor networks and systems for critical security breaches, using software that detects intrusions and anomalous system behaviour • Ensures cyber security requirements are met and service quality maintained when introducing new security services. Considers the cost effectiveness of proposed solution(s). • Promote and facilitate OT cyber security knowledge sharing and learning, sharing of best practice through engagement across the DFTO Group Operators • Actively ensure appropriate administrative, physical and technical up to date safeguards are in place to protect information assets from internal and external threats. • Participate in peer reviews of deliverables and carries out formal and informal reviews of technical designs, standards, documentation and/or implementations. • Lead cyber security projects as assigned, following a recognised methodology, through specification, testing, implementation and documentation, including ongoing support strategy. • Provide expert technical guidance across the DFTO Group when Investigating OT security breaches. • Provide support for any incident response, including steps to minimize the impact and then conducting a technical and forensic investigation into how the breach happened and the extent of the damage • Manage the development of technical OT cyber solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks. • Pro-actively plan and manage the configuration, documentation, installation of any OT cyber security services to achieve the level of performance needed by the business following established change management processes. • Produce comprehensive reports including assessment-based findings, outcomes and propositions for current security effectiveness and further system security enhancement.

Key Competencies

• Detailed technical knowledge of application and operating OT system security. • Thorough understanding of the latest security principles, techniques, and protocols. A deep understanding and best practice mitigation of current OWASP OT Top Ten Risks (and remain current as these change). • Knowledge of achieving and maintaining compliance with IEC62443, IEC63452, NIS Directive and CAF frameworks and other relevant OT security Standards. • Knowledge of core security principles e.g., Security by Design, Defence in depth and CIA Triad model. • Effective team player experienced at dealing at all levels with effective influencing and negotiating skills. Ability to form constructive and proactive working relationships at all levels with all stakeholders whether internal or external. An ability to use influence to gain buy-in to enable change to happen through others. • Proven track record of delivering change and continuous improvement. A drive to deliver tangible outcomes which meet business requirements. • Good project management skills: able to demonstrate ability to deliver projects to time, budget and objectives in partnership with stakeholders. • Good communications and presentation skills both verbal and written. • Good level of numeracy and sound analytical skills, problem-solving skills and ability to stay calm under pressure. • Thrives with accountability and responsibility and is self-reliant. • An ability to work well under pressure in a rapidly evolving environment • An ability to work closely with the wider DFTO Group TOC’s in the delivery of a robust, holistic suite of cyber security services providing appropriate levels of protection across the DFTO Group. • The post holder must be able to work collegiately with a range of external stakeholders, including, DfT, Network Rail, Rolling Stock Providers, OEM’s understanding the impact of change whilst keeping the core OT cyber security principles in mind.

Knowledge, Skills, Experience & Technical Qualifications

• Educated to degree level or equivalent in a relevant, related subject. • Significant current experience in a Cyber Security Technical Support role, that includes relevant experience in OT Cyber Security including SCADA systems • Recognised industry security certification such as GIAC, GICSP, IEC62443 Cyber Security Expert or equivalent. • Proven technical background implementing cyber security controls across a range of OT environments and working to industry standards such as IEC62443 and IEC63452, NIS Directive and NCSC CAF frameworks. • Proven work experience as an OT cyber security engineer with experience of successfully leading technical evaluations and project management of new OT Cyber Security solutions. • Current knowledge and experience in undertaking OT cyber security risk assessments and evaluating OT environments for vulnerabilities, identifying security gaps and working collaboratively to remediate • Hands on experience in OT cyber security systems, including intrusion detection systems, monitoring systems, authentication systems, log management, content filtering, etc. • Experience of working in an OT cyber security role within the UK Rail industry would be advantageous. • Experience of technical policy formation, direction and adoption.

This role reports to the Group Head of Cyber Security and will work closely with DFTO Cyber/Information Security and OT security colleagues across business units and external TOC stakeholders. The postholder will work at the core in shaping and securing DFTO’s OT security landscape as the organisation expands its public ownership footprint and delivers secured services across the Group.

Vacancy Details

Duration: Perm

Location: London Waterloo/Hybrid

Salary: up to £70,000

Closing date:2nd June 2026

Report to: Head of Cyber Security

DFTO Benefits

Annual Leave: Starting at 25 days and rising to an additional day per year of service completed within the first 5 completed years up to a maximum of 5 additional (30 days)

DC Pension Scheme: 10% Employer contribution, 5% Employee contribution

Opportunities to learn and network across the wider industry

Additional Information…

Disclaimer: Candidates applying for this position on a secondment basis must inform their line manager prior to submitting their application. This is to ensure transparency and facilitate any necessary discussions regarding workload and responsibilities.

About our people and the recruitment process - We're an inclusive employer of choice and we welcome applications from everyone! We encourage our colleagues to work flexibly, as we know traditional working patterns don't always fit. If you want to consider working flexibly, just let us know and we'll do our best to help and invest in your career with us, whilst you have a healthy work life balance.

Contact: If you have any questions or reasonable adjustments, please contact Jason.blakemore@dftoperator.co.uk

Please do not email any CV's to us, your application must be made by clicking the 'Apply' button.