National AI Awards 2025Discover AI's trailblazers! Join us to celebrate innovation and nominate industry leaders.

Nominate & Attend

OT Cybersecurity Technical Lead - Rail Sector

Derby
3 weeks ago
Create job alert

In this role, you will lead the technical assurance and delivery of cybersecurity activities across a programme of work involving legacy and modern OT systems, rail-specific technologies, and industrial control components. You will work closely with engineering and operational teams to embed cybersecurity across the lifecycle, ensuring alignment with UK rail regulations, industry standards, and best practices.

Responsibilities

Act as the cybersecurity technical lead within a key UK rail sector client engagement, focusing on protecting operational technology (OT) and safety-critical systems.
Provide hands-on technical leadership to guide the secure delivery of client-specific systems and solutions, ensuring alignment with project requirements, sector standards, and regulatory obligations.
Collaborate with client engineering and programme teams to integrate cybersecurity into system design, deployment, and ongoing operations.
Define cybersecurity requirements within the client's environment, including rail-specific systems, legacy OT, and modern industrial platforms.
Support developing and delivering security risk assessments, threat models, and control frameworks following the relevant standards.
Contribute to the production and review of assurance artefacts, including security cases, risk registers, control implementation evidence, and compliance documentation.
Provide expertise on OT protocols, SCADA systems, field devices, and network architecture relevant to the client's operational landscape.
Engage regularly with client stakeholders, suppliers, and technical teams to ensure effective collaboration and secure outcomes across the delivery lifecycle.
Mentor and support other team members embedded within the client account, ensuring technical consistency and alignment to Expleo's delivery standards.
Participate in knowledge sharing and capability development activities within the Cybersecurity Practice, contributing insights from the client engagement. Qualifications

A degree (or equivalent experience) in Cybersecurity, Systems Engineering, Electrical/Electronic Engineering, or a related technical discipline.
Recognised cybersecurity certifications: CISSP, CISM, CISA, GICSP, SABSA, or equivalent.
Technical certifications or training aligned to OT security: IEC 62443, GIAC GRID/GICSP, SCADA/ICS security, or vendor-specific OT platforms.
Familiarity with rail sector security and safety standards is highly desirable.
Understanding of relevant UK regulatory frameworks, including NIS/NIS2 Regulations and UK CNI expectations.
Additional certifications or practical experience in Secure by Design, systems assurance, or control systems architecture are advantageous.
Evidence of continued professional development aligned with OT security trends, critical infrastructure resilience, and systems assurance practices. Essential skills

In-depth understanding of operational technology (OT) environments, including SCADA systems, field devices, industrial protocols, and control network architectures.
Firm grounding in cybersecurity principles for critical infrastructure, including threat modelling, risk analysis, defence-in-depth, and zero-trust architectures.
Demonstrated ability to define, implement, and assure security controls across complex OT/IT systems within large engineering or infrastructure programmes.
Experience integrating cybersecurity into engineering lifecycles, including Secure by Design practices, requirements definition, and traceability to technical controls.
Practical understanding of cybersecurity and safety standards.
Strong communication and stakeholder engagement skills, with the ability to liaise confidently across engineering, programme delivery, assurance, and regulatory audiences.
Ability to produce high-quality documentation, including risk assessments, technical guidance, assurance artefacts, and audit-ready deliverables.
Familiarity with UK cybersecurity regulations and sector guidance, including the NIS Regulations, CNI expectations, and industry-specific frameworks.
Capable of leading technical discussions and delivery planning across client, supplier, and internal teams.
Adaptable and delivery-focused, with the ability to balance long-term assurance needs with in-flight project delivery realities.
Knowledge of safety-critical system design and the interaction between safety and cybersecurity requirements.
Familiarity with tools and platforms used for engineering governance and requirement traceability.
Involvement in cybersecurity audits or regulatory reviews, including evidence preparation, control mapping, and client/regulator interaction.
Understanding supply chain security considerations, including software and hardware assurance, secure procurement, and third-party risk management.
Exposure to incident response planning, resilience testing, or crisis management in OT environments.
Ability to support or guide the creation of cybersecurity architecture documentation, reference models, or patterns for OT systems. Experience

Experience in cybersecurity roles, focused on operational technology (OT), control systems, or industrial environments.
Proven track record in delivering cybersecurity outcomes within complex infrastructure or engineering programmes, in the UK rail sector or other safety-critical transport domains.
Demonstrated experience leading or coordinating cybersecurity efforts across multidisciplinary teams involving engineering, IT, operations, and assurance.
Hands-on experience implementing and assuring security controls in OT environments, including legacy systems, SCADA platforms, and hybrid IT/OT networks.
Familiarity with UK cybersecurity regulations and sector-specific standards such as TS 50701, IEC 62443, and ISO/IEC 27001.
Experience integrating cybersecurity requirements into systems engineering lifecycles, design reviews, and programme governance frameworks.
Prior involvement in client or regulator-facing roles, including technical reviews, risk assessments, assurance documentation, and compliance submissions.
Background in working within secure or regulated delivery environments, including understanding of information classification, access control, and physical security interfaces.
Experience mentoring or supporting the development of junior cybersecurity engineers or consultants.
Experience contributing to internal capability development, including mentoring, methodology evolution, or pre-sales support.
Practical experience working within or alongside regulated Critical National Infrastructure (CNI) sectors. What do I need before I apply

You must have the right to work in the UK
A strong background in cybersecurity delivery within OT environments, ideally in the rail or wider transportation sector
Proven ability to lead technical cybersecurity workstreams, integrate with engineering teams, and engage confidently with clients and stakeholders
A collaborative mindset focusing on delivery excellence, quality assurance, and regulatory alignment in complex, safety-critical environments

Related Jobs

View all jobs

OT Cybersecurity Technical Lead - Rail Sector

Senior Cloud Security Architect (UK Nationals Only)

Senior Controls Systems Engineer

Cyber Transformation Lead

OT Cyber Security Analyst

Senior Operational Technology Consultant

National AI Awards 2025

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

LinkedIn Profile Checklist for Cybersecurity Jobs: 10 Tweaks to Supercharge Recruiter Engagement

In the ever-evolving realm of cybersecurity, having a LinkedIn profile that reflects both your technical prowess and threat-hunting acumen is vital. Organisations are on the lookout for professionals skilled in penetration testing, incident response, security architecture and compliance. With hiring managers scanning dozens of profiles daily, your profile needs to not just rank in searches but convey your expertise in safeguarding digital assets. This step-by-step LinkedIn for cybersecurity jobs checklist offers ten practical tweaks to supercharge recruiter engagement. Whether you’re an aspiring security analyst, a seasoned penetration tester or a chief information security officer aiming for board-level roles, these actionable optimisations will sharpen your LinkedIn presence and position you as a top infosec candidate.

Part-Time Study Routes That Lead to Cyber Security Jobs: Evening Courses, Bootcamps & Online Masters

The frequency and sophistication of cyber-attacks have exploded in recent years, making cyber security one of the UK’s most in-demand skill sets. From safeguarding NHS patient data to defending FTSE 100 financial systems, organisations across sectors require qualified professionals—penetration testers, security analysts, incident responders and security architects—to protect critical infrastructure. Yet many professionals cannot pause their careers to upskill full time. Fortunately, an ecosystem of part-time learning pathways—evening courses, intensive bootcamps and flexible online master’s programmes—enables you to learn cyber security while working. This comprehensive guide explores every route: foundational CPD, immersive bootcamps, accredited online MScs, plus funding options, planning strategies and a real-world case study. Whether you’re an IT support technician, a software developer or a compliance manager aiming to pivot into security, you’ll discover how to build expertise at your own pace.

The Ultimate Assessment-Centre Survival Guide for Cyber Security Jobs in the UK

Assessment centres for cyber security positions in the UK are designed to mirror real-world threat landscapes and test both your technical acumen and soft skills under pressure. Across multiple stages—psychometric assessments, penetration testing exercises, incident response group tasks, case studies, interviews and even informal networking breaks—employers assess your ability to identify vulnerabilities, collaborate in high-stakes scenarios and communicate effectively. This guide walks you through each component, equipping you to stand out and secure your next role in cyber defence.