About Connecting Stockholm

As the operators of Stockholm's subway, we run a community-critical operation where safety, accessibility, and punctuality are at the center. We combine experience and innovation to create a subway that is safe today and sustainable for the future.

But our mission is about more than traffic – it’s about people, responsibility, and trust.

Every day, we meet hundreds of thousands of travelers, and through a warm, respectful, and professional approach, we create a travel experience where everyone feels warmly welcomed and safe.

For us, culture is as important as the mission. We believe in the power of collaboration, in relationships that build trust, and in leadership characterized by professionalism, heart, and commitment.

We are driven by development – both of our operations and our employees. With us, you will have the opportunity to grow, influence, and help shape the future of public transport – together with us.

About the Role

We are looking for an engaged IT Security Specialist who wants to strengthen our organization by protecting our IT environment and ensuring that we comply with applicable security standards and legal requirements. In this role, you will work closely with our SOC and external security partners to quickly identify, analyze, and address security threats – focusing on penetration testing, threat analysis, IAM, and incident follow-up.

At the same time, you will become an important part of Connecting Stockholm's modernization of the digital infrastructure behind the subway. Here, you contribute directly to safe and stable public transport – making a difference for hundreds of thousands of travelers every day.

Your Main Responsibilities

• Collaborate with SOC on incident analysis, development of detection rules, and improved security monitoring.
• Specify requirements and follow up on penetration tests, including analysis of results and implementation of measures.
• Work with Threat Intelligence and analyze threat landscapes according to frameworks such as MITRE ATT&CK and Cyber Kill Chain.
• Implement and administer IAM solutions for secure identity and access management.
• Monitor and document security logs in SIEM environments.
• Manage key management according to industry standards (e.g., AES-256, RSA-4096).
• Contribute to a secure and stable IT infrastructure with a focus on redundancy and operational reliability.

Qualifications

You are analytical, structured, and proactive. You take initiative, work independently, and find it easy to translate technical security challenges into clear and business-adapted measures.

We believe you have:

• Relevant degree or equivalent experience in IT and information security.
• 3–5 years of experience in IT security work, incident management, and requirement specification.
• Experience collaborating with SOC, working in SIEM tools, and following up on incidents.
• Ability to specify requirements for penetration tests and translate the results into concrete security improvements.
• Good knowledge of Threat Intelligence and frameworks such as ISO27001, NIST, OWASP, and CIS Controls.
• Experience with cloud environments such as Azure, AWS, or Google Cloud.
• Strong communication skills and confidence in explaining technical security issues to different target groups.

Meritorious

• Certifications such as CISSP, CISM, CEH, OSCP, or GCTI.
• Experience with TI platforms (e.g., MISP, ThreatConnect, Recorded Future).
• Experience with regulations such as GDPR, NIS2, or other sector-specific requirements.
• Background in Safety or transport security.

Other

• Employment type: permanent with a 6-month probationary period
• Scope: Full-time
• Start date: commencement as agreed
• Location: Central Stockholm
• The employment is covered by a collective agreement and offers several benefits such as an SL card, wellness allowance, lunch benefits, and discounted insurance.

About the Recruitment Process

We apply competence-based recruitment and strive for a fair and inclusive process. As part of the selection, we may use selection questions and tests to ensure an objective assessment of competence and potential. Reference checks and possible background checks may also be conducted before a hiring decision is made.

We do not accept applications via email. If you have questions, please feel free to contact recruitment at [email protected] (mailto:[email protected]).