IT Security Operations Engineer

Arriva is a leading provider of passenger transport across Europe, employing around 34,400 people and delivering around 1.6 billion passenger journeys. With buses, trains, coaches, trams, waterbuses, bike-sharing systems, on-demand transport solutions and a rolling stock leasing company, Arriva proudly connects people and communities safely, reliably and sustainably across 11 countries, delivering these services in a better way, every day.

We have strong roots dating back to 1938, an ambitious growth agenda, and a continuously developing relationship with our new shareholder I Squared Capital who acquired Arriva in May 2024.

We’re hiring for an IT Security Operations Engineer to join our IT Services Security team. 

The IT Security Operations Engineer will play a crucial role in ensuring the effectiveness of technical security controls across Arriva, ensuring the business is protected from cyber risks and will drive efficiencies in both the deployment and ongoing management of these controls.

Working closely with the Group Head of Security Operations, you will support the validation and oversight of security controls within Arriva’s Group IT operations, helping to ensure risk management and compliance across the organisation. You will also have a particular focus on the delivery and support of EDR/SIEM services, serving as the primary point of contact for both implementation and day-to-day operations.

This role I can be based from either our Sunderland (Doxford) or Leicester (Thurmaston) office, a minimum of 2 days per week with the rest focusing on where you can best deliver, whilst still allowing for the required work life balance. The role operates Monday to Friday, 35 hours per week with 1 hour lunch per day.

Please note, travel will be expected several times a month between our Sunderland (Doxford), Leicester (Thurmaston), and London (Lacon) offices.

Key responsibilities of the role:

• Ensuring the day to day running of IT security on the Arriva Group estate are correctly functioning and acting as an adequate technical security control.
• Ensuring that IT security controls in place on the Arriva Group estate are being correctly managed and that those managing them are competent and supported where necessary.
• Working with outsourced security suppliers to help manage such security services that are not provided in-house.
• Working with the Group Head of Security Operations, defining and implementing a KPI framework that can be used to measure effectiveness of controls - and providing regular reporting aligned to the requirements of multiple levels of stakeholders.
• Supporting the running and provision of vulnerability assessments and management services to the business and supporting the development of mitigation projects, as necessary.
• Supporting the maturity and operations of the Security Operations Centre (SOC).
• Supporting the running of monitoring systems for intrusion detection and prevention; often acting as the first line of incident response/escalation.
• Investigating suspected and actual security incidents in accordance with the security incident management standard, producing reports with recommendations and ensuring any remedial action is taken.
• Managing the Security Information and Event Management system (SIEM) and other security systems ensuring appropriate actions are taken for all issues flagged for action by the system.
• Auditing of identity and access control systems.
• Leading the drive and supporting the implementation of a zero-trust identity framework including Multifactor authentication, Privilege Identity Management (PIM), Conditional Access.
• Leading the drive and also supporting the implementation of Endpoint security solutions across Arriva.
• Working with the operational teams to support incident response resolutions.
• Developing strong working relationships across all Arriva Business functions and its supplier base.
• Understanding and driving vendor relationship for Cyber Security products or services that are in production.
• Assessing the security impact of any changes to the UK service.
• Working with UK and Europe business IT functions to coordinate remediation activities and working in partnership to implement technical controls that reduce risk across the group business.
• Supporting the IT Security elements of Arriva’s move towards cloud-based solutions.
• Reporting any live UK services security concerns to the SOC and disseminate accordingly.
• When required, supporting cyber breach response out of hours.

What we'd like from you!

We're seeking individuals who have a background in technical services and technical security controls, with in-depth knowledge of IT Security, including Cyber Security, Identity and Access Management, Authentication and Single Sign-On, Authorisation, Audit, Secure Communications and Cryptographic Services, Network Protection, SIEM technologies, Web Proxy, and Office365.

You will also have experience in managing security testing requirements and possess excellent written and verbal communication skills, with the ability to simplify and articulate complex topics to all levels within the organisation.

Strong project management skills are essential, along with the ability to establish and maintain effective working relationships with key stakeholders.

Candidates must also:

• Understand the diverse technologies in place within IT Services.
• Possess robust project management skills.
• Respect individual's views and positively encourage and contribute to a learning environment in which individuals are supported to develop to their full potential and excel in role.

Having substantial knowledge of Rapid 7 and Microsoft security tooling is highly desirable, as is knowledge of Sophos and having previous experience of working with Operational Technology (OT).

Finally, we’re looking for candidates aligned to Arriva’s values: caring passionately, doing the right thing and making a difference.

What we can offer you in addition to a competitive base salary:

• True hybrid working – focusing on where you can best deliver for your customers, whilst still allowing for the required work life balance.
• A generous pension plan.
• Life Assurance plus access to one of the UK’s largest networks of medical professionals (UK based colleagues).
• 25 days holidays and statutory bank holidays per year (pro rata for mid-year joiners), and opportunity to purchase additional holiday in eligible windows.
• Access to our Employee Assistance Programme (EAP).
• Access to discounts and cash back through ‘The Village’ – our Online Reward Gateway.
• Eyecare vouchers.
• The opportunity to join our Employee Experience Forum – a community of people leading activity and initiatives to enhance Wellbeing, Career Development and Communications within our community in the Corporate Centre.
• The opportunity to join a Global Arriva Inclusion Network (GAIN) group- a community of people who are passionate about equality, diversity and inclusion.
• Free Arriva bus travel for you and immediate family outside of London – T&C’s apply
• And a truly wonderful team to be joining!

Why work for us?

Arriva is a people focused business. In every part of Arriva, our people deliver high standards of customer service and work together to demonstrate kindness, determination, and resilience.

Our values were created by Arriva people. They guide our actions and the way we work, helping to reflect and shape our culture. They focus on caring, integrity and making the difference.

Our people choose to work for us, and to stay with us, because we are a great place to work. At Arriva, we strive to create a culture where we can all be ourselves, where we belong, feel respected and our differences celebrated.

We actively seek out and value difference. We want our business to reflect the wide range of communities in which we operate, so we can serve them even better.

The closing date for applications is Tuesday 18 February 2025. Arriva Group reserve the right to close this vacancy early.