Trainline Logo

Trainline

SecOps Engineer

Posted 4 Days Ago
Be an Early Applicant
Hybrid
London, Greater London, England, GBR
Mid level
Hybrid
London, Greater London, England, GBR
Mid level
Monitor, triage and investigate security alerts; develop and tune Splunk detection rules; build automation and AI-driven workflows; perform threat hunting; administer and optimise SIEM; support vulnerability management, incident response and compliance activities; produce dashboards and documentation; participate in on-call rota.
The summary above was generated by AI

About us

We are champions of rail, inspired to build a greener, more sustainable future of travel. Trainline enables millions of travellers to find and book the best value tickets across carriers, fares, and journey options through our highly rated mobile app, website, and B2B partner channels. 

Great journeys start with Trainline 🚄 

Now Europe’s number 1 downloaded rail app, with over 135 million monthly visits and £6.3 billion in annual ticket sales, we collaborate with 270+ rail and coach companies in over 40 countries. We want to create a world where travel is as simple, seamless, eco-friendly and affordable as it should be. 

Today, we're a FTSE 250 company driven by our incredible team of over 1,000 Trainliners from 50+ nationalities, based across London, Paris, Barcelona, Milan, Edinburgh and Madrid. With our focus on growth in the UK and Europe, now is the perfect time to join us on this high-speed journey. 

Introducing Security Operations @ Trainline 👋

Our Security Operations team plays a vital role in protecting Trainline's people, platforms and data. As a Security Operations Engineer, you'll primarily working on monitoring, investigating and responding to security events while helping to strengthen our detection and response capabilities through continuous engineering and automation improvements.

Working closely with Security, Engineering and Technology teams, you'll combine operational analysis with hands-on engineering, using Splunk, automation and AI to improve threat detection, streamline investigations and enhance our overall security posture. You'll optimise our security tooling, improve detection capabilities and support incident response across the business through threat hunting, continuous improvement and meaningful reporting that enables informed security decisions. If you're passionate about cybersecurity and enjoy solving complex problems in a collaborative environment, we'd love to hear from you.

In this role as the Security Operations Engineer, you will... 🚄

  • Monitor, triage and investigate security alerts, leading technical investigations and working with stakeholders to contain, remediate and learn from security incidents.

  • Use Splunk Search Processing Language (SPL) to investigate security events, identify patterns of malicious activity and support incident response.

  • Design, develop, automate and continuously tune Splunk detection rules, improving alert fidelity, reducing false positives and expanding visibility across our technology estate.

  • Build and enhance automation and AI-driven workflows to improve threat detection, investigation and alert triage, enabling the team to respond more effectively and efficiently at scale.

  • Perform proactive threat hunting using threat intelligence and security telemetry to identify emerging threats, improve detection capabilities and help shape our Security Operations roadmap.

  • Support the administration, configuration and continuous optimisation of our SIEM platform (Splunk), ensuring it remains resilient, up to date, cost effective and aligned with industry best practice.

  • Partner with Engineering and Technology teams to embed security best practices into systems, tooling and operational processes, while supporting vulnerability management activities, including the assessment and response to critical and zero-day vulnerabilities.

  • Participate in the On-Call Rota with the Team.

  • Produce clear documentation, dashboards and reporting that provide operational insight, support knowledge sharing and enable stakeholders to make informed security decisions. You'll also contribute to the wider Security function by participating in the on-call rota (once established in the role) and supporting compliance and certification activities, including GDPR, PCI DSS and ISO 27001.

We'd love to hear from you if you have... 🔍

  • Hands-on experience with Splunk, including developing and tuning detection rules, log management and investigating security events using Splunk Search Processing Language (SPL).

  • Experience designing, automating and continuously improving threat detection capabilities using automation and AI to enhance Security Operations.

  • Experience applying AI, whether through vendor-provided capabilities or custom workflows, to improve threat detection, investigations or operational efficiency would be highly beneficial.

  • Strong technical knowledge across cybersecurity, infrastructure, networking or cloud technologies, with the ability to investigate security events and make informed, risk-based decisions.

  • Experience working with security technologies such as Microsoft Defender, endpoint detection and response (EDR) solutions and SIEM platforms.

  • Experience working with Web Application Firewalls (WAF), including creating, tuning and maintaining WAF rules to protect internet-facing applications, would be highly beneficial.

  • Experience with vulnerability management, including assessing, prioritising and responding to critical vulnerabilities and zero-day exploits, would be beneficial.

  • Experience working within an e-commerce or high-traffic digital environment would be highly beneficial, with an understanding of the unique security challenges associated with customer-facing platforms.

  • Excellent analytical, communication and documentation skills, with the ability to collaborate effectively across teams and explain technical concepts clearly to both technical and non-technical stakeholders. Experience supporting compliance frameworks such as GDPR, PCI DSS or ISO 27001 would be helpful but isn't essential.

More information:

Enjoy fantastic perks like private healthcare & dental insurance, a generous work from abroad policy, 2-for-1 share purchase plans, an EV Scheme to further reduce carbon emissions, extra festive time off, and excellent family-friendly benefits. 

We prioritise career growth with clear career paths, transparent pay bands, personal learning budgets, and regular learning days. Jump on board and supercharge your career from day one! 

We're operating a hybrid model and ask that Trainliners work from the office a minimum of 60% of their time over a 12-week period. We also have a 28-day Work from Abroad policy.

Our values represent the things that matter most to us and what we live and breathe everyday, in everything we do: 

  • 💭 Think Big - We're building the future of rail 

  • ✔️ Own It - We focus on every customer, partner and journey 

  • 🤝  Travel Together - We're one team 

  • ♻️ Do Good - We make a positive impact 

We know that having a diverse team makes us better and helps us succeed. And we mean all forms of diversity - gender, ethnicity, sexuality, disability, nationality and diversity of thought. That's why we're committed to creating inclusive places to work, where everyone belongs and differences are valued and celebrated.

Interested in finding out more about what it's like to work at Trainline? Why not check us out on LinkedIn, Instagram and Glassdoor! 

HQ

Trainline London, England Office

3rd Floor, 120 Holborn, London, United Kingdom, EC1N 2TD

Similar Jobs

3 Days Ago
In-Office or Remote
United Kingdom
Mid level
Mid level
Blockchain • Fintech • Software • Financial Services • Cryptocurrency
Perform technical security assessments, embed security into development pipelines, run vulnerability scanning and penetration tests, develop incident response plans and playbooks, lead incident response, monitor alerts, and train teams on security practices while collaborating with development and operations.
Top Skills: Automated Security TestingBashGoIds/IpsJavaScriptPythonSIEMVulnerability Scanners
38 Minutes Ago
Easy Apply
Hybrid
London, Greater London, England, GBR
Easy Apply
Mid level
Mid level
AdTech • Artificial Intelligence • Machine Learning • Marketing Tech • Software • Sports • Big Data Analytics
Manage customer lifecycle for sportsbook clients across EMEA, driving retention, renewals, upsell/cross-sell, SLA monitoring, KPI reporting, and stakeholder coordination. Act as primary client contact, resolve technical and contractual issues, contribute to Customer Success projects, maintain CRM data and revenue forecasts, and provide actionable client feedback to internal teams.
Top Skills: CRMExcelSalesforce
49 Minutes Ago
Hybrid
London, Greater London, England, GBR
Senior level
Senior level
Fintech • Mobile • Payments • Software • Financial Services
Lead visual design for Wise Platform across web, marketing, events and sales materials. Translate brand into systemised guidelines, craft engaging product and marketing experiences, collaborate with cross-functional teams, and drive design quality end-to-end.

What you need to know about the London Tech Scene

London isn't just a hub for established businesses; it's also a nursery for innovation. Boasting one of the most recognized fintech ecosystems in Europe, attracting billions in investments each year, London's success has made it a go-to destination for startups looking to make their mark. Top U.K. companies like Hoptin, Moneybox and Marshmallow have already made the city their base — yet fintech is just the beginning. From healthtech to renewable energy to cybersecurity and beyond, the city's startups are breaking new ground across a range of industries.

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account