Threat Hunting and Detection Engineering Manager in Wokingham

NESO are looking to hire a manager for an established Threat Hunting and Detection Engineering Team. The Threat Hunting and Detection Engineering team work alongside the Cyber Security Operations Centre (CSOC). The team develop industry leading threat detection capabilities across two SIEM platforms. The team also perform advanced threat hunting, enabling us to go beyond day-to-day detections, identifying advanced or unknown threats early.

The Threat Hunting and Detection Engineering Manager will manage a team of threat hunting analysts. The team will identify, assess, prioritise and deliver threat hunting activities, whilst ensuring threat led detection content is continuously applied to the SIEM. The team also provide Subject Matter Expertise and analysis in support of security incident management.

This role can be based from Wokingham or Warwick, and we continue to offer hybrid working from office and home. We are open to full time and part time applicants, as well as flexible working arrangements.

This role is designated as requiring a National Security Vetting (NSV) clearance. The level of clearance associated with the role is Security Check (SC). You will usually need to have been a resident in the UK for the last five years to apply for an SC clearance. We would invite any applicants who do not currently meet this residency requirement to still express an interest in the role.

• Lead and manage threat hunting and content development to enable an effective Cyber Security Operations team.
• Partner with Cyber Security Operations, Incident Response, Threat Intelligence, and Security Engineering to agree and prioritise requirements for threat detection and threat hunting.
• Be accountable for the development and deployment of a prioritised set of threat detection rules across two SIEM platforms.
• Be accountable for the development and maintenance of work instructions and playbooks to enable the CSOC analysts to triage and respond to events.
• Develop and maintain security content, such as rules, signatures, indicators, dashboards, reports, etc., to enhance the detection and response capabilities of the CSOC.
• Provide subject matter expertise and analysis support in the event of security incidents.
• Support the team to ensure they utilise detection as code and secure development pipelines.
• Ensure an intake process is managed to allow a feedback loop from the CSOC.
• Conduct proactive, iterative, and human-centric identification and analysis of cyber threats that have evaded existing security controls.
• Coordinate and collaborate with internal and external stakeholders, such as IT teams, business units, vendors, auditors, and regulators.
• Provide regular reports and metrics on the threat hunting and content development activities, outcomes, and value.
• Develop and implement threat hunting and content development policies, standards, procedures, and best practices.

We’re forging the path, and we know we can’t do it alone. That’s why we need visionary minds like yours to join us on this transformative journey. In this case, we’re looking for someone who:

• A desire to take on an active leadership role, remaining engaged with the team deliverables.
• Team player and adept at working in multi-disciplinary and diverse teams.
• In-depth knowledge and experience in threat hunting, content development, security engineering concepts, operations, analysis, and response.
• Proficient in various threat hunting and content development tools and technologies, such as SIEM, IDS, IPS, firewall, antivirus, encryption, VPN, etc.
• Familiar with various security frameworks and standards, such as NIST and NCSC CAF.
• Strong analytical and problem-solving skills and ability to handle complex and dynamic situations.
• Excellent communication and presentation skills and ability to communicate effectively with technical and non-technical audiences.
• Sound knowledge of IT systems, networks, applications, and cloud services.
• Awareness of current and emerging cyber threats, trends, and best practices.

Relevant degree-level qualification or equivalent experience with strong background in providing threat hunting services in a large hybrid environment, within a government or critical infrastructure domain. Significant experience in threat hunting, content development, security engineering, operations, or related field with strong demonstrable experience in managing or leading security teams or projects. Relevant professional certifications, such as CISSP, CISM, GSEC, GCIA, GCED, etc.

Don’t meet every single requirement? Studies have shown that women and people of colour are less likely to apply for jobs unless they meet every single qualification. At NESO, we are committed to building a diverse, inclusive, and authentic workplace for everyone. So, if you’re excited about this role but your experience or qualifications don’t match the job description exactly, we encourage you to apply anyway. You might just be the right person for our growing business in this role or another one.

A competitive salary of £70,000 - £80,000 dependent on experience and capability. As well as your base salary, you will receive a bonus of up to 15% of your salary for stretch performance, 28 days annual leave as standard, and a competitive contributory pension scheme where we will double match your contribution to a maximum company contribution of 12%. NESO's flexible benefits programme provides you with more flexibility around your health, lifestyle and protection benefits.

• Flexible Bank Holidays & Holiday Trading
• Additional Birthday Day Off
• Cycle to Work Scheme, Retail & Gym Discounts
• Private Medical Insurance, Critical Illness Insurance & Personal Accident Insurance

At the National Energy System Operator (NESO), we play a vital role in tackling climate change and securing Great Britain's energy future. We already operate the world's fastest decarbonising electricity system and are working towards our ambition to run it carbon-free for a short period this year - provided the market supplies electricity exclusively from renewable sources. Alongside this, we provide expert advice to government on how to deliver a clean power system by 2030.

In autumn 2024, the Electricity System Operator (ESO) transitioned to become NESO - an independent, expert public corporation with a whole-system view across electricity, gas, and hydrogen. NESO operates independently and transparently, always acting in the best interests of all energy users. Licensed and regulated by Ofgem, we make impartial decisions that balance sustainability, affordability and security. Our organisation is fully independent from government, the regulator and all commercial interests, with a clear focus on system-wide benefit, long term thinking and public value.

The time to deliver is now. Join the energy transformation and help shape the future. Your energy. Our future. Together.

National Energy System Operator (NESO) recognises the potential of bright and talented individuals, and we encourage you to join us as Great Britain’s energy system undergoes an ambitious, exciting, and vital transformation. Together with industry, we are creating a cleaner, more sustainable energy future.

This role closes at 23:59, on the day before date shown above, however we encourage candidates to submit their application as early as possible and not wait until the published closing date as this can vary. Research shows that some people may hesitate to apply unless they meet every single requirement. At NESO, we believe potential comes in many forms and we're committed to a fair, inclusive recruitment process where everyone has the opportunity to show their talents. We celebrate the difference people can bring into our organisation, and welcome and encourage applicants with diverse experiences and backgrounds.