Overview IS Security (807520) G1: Join Network Rail. We keep passengers and freight moving safely and efficiently across the country. We value diverse, inclusive workplaces and support flexibility and a healthy work-life balance. As a Disability Confident Leader, we will accommodate needs throughout the recruitment process. We offer generous benefits including annual leave, a defined benefit pension, travel subsidies, discounts, flexible/hybrid working, and more. We are committed to equal opportunity and ED&I and have networks and Champions to support an inclusive environment. Role summary As part of the Digital, Data and Technology (DDaT) directorate, you will support the Network Rail Security Operations Centre (SOC) to protect assets in terms of confidentiality, integrity, and availability. This role contributes to monitoring, threat prevention, detection, remediation, and recovery from security threats, vulnerabilities, and incidents to keep the national railway secure. Responsibilities

Monitoring, evaluating, and responding to security events and incidents using defined security technologies and an understanding of exploits and vulnerabilities. Providing real-time log analysis and investigation to identify intrusions and compromises, supporting network and data security. Taking corrective action or escalating as required, ensuring security investigations are managed through to resolution. Recognising intrusion attempts by traffic patterns, behaviours, or signatures and distinguishing false positives from real threats. Monitoring external security vulnerabilities, advisories, incidents, and penetration techniques; applying risk-based threat assessment to the asset estate when required. Supporting Security Engineers in periodic vulnerability assessments and reporting based on the asset estate priorities. Assisting in the generation and review of periodic security operational reports on SOC activities. Performing tasks as directed by the daily operations task list or team leader. Working in a team environment to monitor and maintain the health of security devices within the network.

Location, hours and terms Role type: Permanent, 35 hours per week. Hybrid working (3 days in the office). Location: Manchester Piccadilly Tower Block. Closing date: 12 October 2025. Interviews: from 20 October 2025 (Face to Face in Manchester). Salary: Band 5 £30,000 - £36,000 depending on experience. Qualifications and experience

Experience working in a SOC/NOC environment. Strong analytical and problem-solving skills. Understanding of incident response processes and how incidents are managed from identification through to resolution. Experience in event log analysis, network traffic packet capture, and associated tools. Strong understanding of networking and security technologies (routers, switches, firewalls, IDS/IPS, DDoS protection, servers, end-point devices). Understanding of network systems and system/device logs. Experience in system hardening. Desirable: Security qualifications such as Security+, GIAC GCIA, EC-Council ECSA, GIAC GCIH. Experience in logging and network monitoring technologies. Knowledge of networking technologies and network management systems.

Diversity and inclusion We are committed to a diverse workplace, welcoming representation from diverse cultures, backgrounds and skills. We encourage inclusive participation through employee networks and Diversity & Inclusion initiatives. If you require any additional support with your application due to a protected characteristic, please contact the Resourcer at Network Rail. #J-18808-Ljbffr