Salary: £21,000 - 38,500 per year Requirements: A degree (or equivalent experience) in Cybersecurity, Systems Engineering, Electrical/Electronic Engineering, or a related technical discipline. Recognised cybersecurity certifications: CISSP, CISM, CISA, GICSP, SABSA, or equivalent. Technical certifications or training aligned to OT security: IEC 62443, GIAC GRID/GICSP, SCADA/ICS security, or vendor-specific OT platforms. Familiarity with rail sector security and safety standards is highly desirable. Understanding of relevant UK regulatory frameworks, including NIS/NIS2 Regulations and UK CNI expectations. Additional certifications or practical experience in Secure by Design, systems assurance, or control systems architecture are advantageous. In-depth understanding of operational technology (OT) environments, including SCADA systems, field devices, industrial protocols, and control network architectures. Firm grounding in cybersecurity principles for critical infrastructure, including threat modelling, risk analysis, defence-in-depth, and zero-trust architectures. Demonstrated ability to define, implement, and assure security controls across complex OT/IT systems within large engineering or infrastructure programmes. Experience integrating cybersecurity into engineering lifecycles, including Secure by Design practices, requirements definition, and traceability to technical controls. Strong communication and stakeholder engagement skills, with the ability to liaise confidently across engineering, programme delivery, assurance, and regulatory audiences. Ability to produce high-quality documentation, including risk assessments, technical guidance, assurance artefacts, and audit-ready deliverables. Responsibilities: Act as the cybersecurity technical lead within a key UK rail sector client engagement, focusing on protecting operational technology (OT) and safety-critical systems. Provide hands-on technical leadership to guide the secure delivery of client-specific systems and solutions, ensuring alignment with project requirements, sector standards, and regulatory obligations. Collaborate with client engineering and programme teams to integrate cybersecurity into system design, deployment, and ongoing operations. Define cybersecurity requirements within the clients environment, including rail-specific systems, legacy OT, and modern industrial platforms. Support developing and delivering security risk assessments, threat models, and control frameworks following the relevant standards. Contribute to the production and review of assurance artefacts, including security cases, risk registers, control implementation evidence, and compliance documentation. Provide expertise on OT protocols, SCADA systems, field devices, and network architecture relevant to the clients operational landscape. Engage regularly with client stakeholders, suppliers, and technical teams to ensure effective collaboration and secure outcomes across the delivery lifecycle. Mentor and support other team members embedded within the client account, ensuring technical consistency and alignment to Expleos delivery standards. Participate in knowledge sharing and capability development activities within the Cybersecurity Practice, contributing insights from the client engagement. Technologies: Embedded Support Network Security Hardware More: At Expleo, we are a trusted partner for engineering and quality services, providing management consulting for digital transformation. Our Cybersecurity Practice is seeking a highly skilled OT Cybersecurity Technical Lead to join our team dedicated to the UK rail sector. We offer a collaborative work environment where you will lead the technical assurance and delivery of critical cybersecurity activities. Through this role, you will engage in impactful projects that enhance the safety and efficiency of operational technology infrastructures. Join us in delivering innovations that improve everyday life while growing your career with comprehensive benefits. last updated 5 week of 2026