About this role
Phone numbers and emails in this ad are masked until you log in.
auto_translated_note
About usWe are champions of rail, inspired to build a greener, more sustainable future of travel. Trainline enables millions of travellers to find and book the best value tickets across carriers, fares, and journey options through our highly rated mobile app, website, and B2B partner channels. Great journeys start with Trainline 🚄 Now Europe’s number 1 downloaded rail app, with over 135 million monthly visits and £6.3 billion in annual ticket sales, we collaborate with 270+ rail and coach companies in over 40 countries.
We want to create a world where travel is as simple, seamless, eco-friendly and affordable as it should be. Today, we're a FTSE 250 company driven by our incredible team of over 1,000 Trainliners from 50+ nationalities, based across London, Paris, Barcelona, Milan, Edinburgh and Madrid. With our focus on growth in the UK and Europe, now is the perfect time to join us on this high-speed journey.
Introducing Security Operations @ Trainline 👋Our Security Operations team plays a vital role in protecting Trainline's people, platforms and data. As a Security Operations Engineer, you'll primarily working on monitoring, investigating and responding to security events while helping to strengthen our detection and response capabilities through continuous engineering and automation improvements.Working closely with Security, Engineering and Technology teams, you'll combine operational analysis with hands-on engineering, using Splunk, automation and AI to improve threat detection, streamline investigations and enhance our overall security posture. You'll optimise our security tooling, improve detection capabilities and support incident response across the business through threat hunting, continuous improvement and meaningful reporting that enables informed security decisions.
If you're passionate about cybersecurity and enjoy solving complex problems in a collaborative environment, we'd love to hear from you.In this role as the Security Operations Engineer, you will... 🚄Monitor, triage and investigate security alerts, leading technical investigations and working with stakeholders to contain, remediate and learn from security incidents.Use Splunk Search Processing Language (SPL) to investigate security events, identify patterns of malicious activity and support incident response.Design, develop, automate and continuously tune Splunk detection rules, improving alert fidelity, reducing false positives and expanding visibility across our technology estate.Build and enhance automation and AI-driven workflows to improve threat detection, investigation and alert triage, enabling the team to respond more effectively and efficiently at scale.Perform proactive threat hunting using threat intelligence and security telemetry to identify emerging threats, improve detection capabilities and help shape our Security Operations roadmap.Support the administration, configuration and continuous optimisation of our SIEM platform (Splunk), ensuring it remains resilient, up to date, cost effective and aligned with industry best practice.Partner with Engineering and Technology teams to embed security best practices into systems, tooling and operational processes, while supporting vulnerability management activities, including the assessment and response to critical and zero-day vulnerabilities.Participate in the On-Call Rota with the Team.Produce clear documentation, dashboards and reporting that provide operational insight, support knowledge sharing and enable stakeholders to make informed security decisions. You'll also contribute to the wider Security function by participating in the on-call rota (once established in the role) and supporting compliance and certification activities, including GDPR, PCI DSS and ISO 27001.We'd love to hear from you if you have... 🔍Hands-on experience with Splunk, including developing and tuning detection rules, log management and investigating security events using Splunk Search Processing Language (SPL).Experience designing, automating and continuously improving threat detection capabilities using automation and AI to enhance Security Operations. Experience applying AI, whether through vendor-provided capabilities or custom workflows, to improve threat detection, investigations or operational efficiency would be highly beneficial.Strong technical knowledge across cybersecurity, infrastructure, networking or cloud technologies, with the ability to investigate security events and make informed, risk-based decisions.Experience working with security technologies such as Microsoft Defender, endpoint detection and response (EDR) solutions and SIEM platforms.Experience working with Web Application Firewalls (WAF), including creating, tuning and maintaining WAF rules to protect internet-facing applications, would be highly beneficial.Experience with vulnerability management, including assessing, prioritising and responding to critical vulnerabilities and zero-day exploits, would be beneficial.Experience working within an e-commerce or high-traffic digital environment would be highly beneficial, with an understanding of the unique security challenges associated with customer-facing platforms.Excellent analytical, communication and documentation skills, with the ability to collaborate effectively across teams and explain technical concepts clearly to both technical and non-technical stakeholders.
Experience supporting compliance frameworks such as GDPR, PCI DSS or ISO 27001 would be helpful but isn't essential.More information:Enjoy fantastic perks like private healthcare & dental insurance, a generous work from abroad policy, 2-for-1 share purchase plans, an EV Scheme to further reduce carbon emissions, extra festive time off, and excellent family-friendly
Benefits
. We prioritise career growth with clear career paths, transparent pay bands, personal learning budgets, and regular learning days. Jump on board and supercharge your career from day one!
We're operating a hybrid model and ask that Trainliners work from the office a minimum of 60% of their time over a 12-week period. We also have a 28-day Work from Abroad policy.Our values represent the things that matter most to us and what we live and breathe everyday, in everything we do: 💭 Think Big - We're building the future of rail ✔️ Own It - We focus on every customer, partner and journey 🤝 Travel Together - We're one team ♻️ Do Good - We make a positive impact We know that having a diverse team makes us better and helps us succeed. And we mean all forms of diversity - gender, ethnicity, sexuality, disability, nationality and diversity of thought.
That's why we're committed to creating inclusive places to work, where everyone belongs and differences are valued and celebrated.Interested in finding out more about what it's like to work at Trainline? Why not check us out on LinkedIn, Instagram and Glassdoor!
Community Q&A
Anyone worked here? Ask before you apply.
No threads yet for this job or company.