Threat Hunting & Detection Engineering Analyst in Wokingham

The National Energy System Operator are embarking on the creation of a greenfield Cyber Security Operations function and are looking for a talented Threat Hunting and Detection Engineering (THaDE) Senior Analyst to be part of our growing THaDE team. This exciting opportunity will involve designing, shaping, and building novel detection strategies, executing threat hunting initiatives, and assisting in the creation of mature response frameworks. The role will also involve the creation of SOAR automations, bringing them through from concept to operational deployment. The Threat Hunting and Detection Engineering Senior Analyst will work in collaboration with the wider Cyber Security Operations function to ensure a high level of cyber defence maturity, ensuring the security of the systems that govern the flow of energy around the United Kingdom. This role can be based from Wokingham or Warwick and we continue to offer hybrid working from office and home. We are open to full time and part time applicants, as well as flexible working arrangements.

Key Accountabilities

• Create novel detection content by utilising threat modelling and coverage gap analysis.
• Create novel SOAR automation strategies.
• Conduct proactive threat hunting following defined threat hunting frameworks, creating actionable output to feed to key stakeholders.
• Create response documentation to assist the SOC in the triaging of incidents generated by the THaDE team’s detections.
• Ensure continuous improvement of the THaDE detection content library by conducting proactive tuning and logic updates.
• Support the Cyber Security Operations Centre (CSOC) team in incident escalations where needed.
• Through the THaDE Manager, provide regular reports and metrics on the threat hunting and detection engineering activities and outcomes.

About You

We’re forging the path, and we know we can’t do it alone. That’s why we need visionary minds like yours to join us on this transformative journey. In this case, we’re looking for someone who:

• Is passionate about threat hunting.
• Has experience of designing novel detection mechanisms.
• Solid experience of using SIEM and EDR technologies.
• Is a strong communicator with excellent writing skills.

Qualifications

• Relevant degree-level qualification or equivalent experience with strong background in providing threat hunting services in a large hybrid environment, within a government or critical infrastructure domain.
• Demonstrable experience in threat hunting, content development, security engineering, operations.

This role is designated as requiring a National Security Vetting (NSV) clearance. The level of clearance associated with the role is Security Check (SC). You will usually need to have been a resident in the UK for the last five years to apply for an SC clearance. We would invite any applicants who do not currently meet this residency requirement to still express an interest in the role.

What You'll Get

A competitive salary of £49,000 - £57,000 dependent on experience and capability. As well as your base salary, NESO's core benefits are the essential perks and advantages that form part of your employee package:

• You will receive a bonus based on company performance.
• 26 days annual leave as standard.
• A competitive contributory pension scheme where we will double match your contribution to a maximum company contribution of 12%.
• Annual Enrollment to NESO Savings Plan, when you save between £20- £500 a month from your take-home pay, we will pay a 50% matching contribution.

NESO's flexible benefits programme provides you with more flexibility around your health, lifestyle and protection benefits, here's just a few available:

• Flexible Bank Holidays & Holiday Trading.
• Additional Birthday Day Off.
• Cycle to Work Scheme, Retail & Gym Discounts.
• Private Medical Insurance, Critical Illness Insurance & Personal Accident Insurance.

About Us

At the National Energy System Operator (NESO), we play a vital role in tackling climate change and securing Great Britain's energy future. We already operate the world's fastest decarbonising electricity system and are working towards our ambition to run it carbon-free for a short period this year - provided the market supplies electricity exclusively from renewable sources. Alongside this, we provide expert advice to government on how to deliver a clean power system by 2030. In autumn 2024, the Electricity System Operator (ESO) transitioned to become NESO - an independent, expert public corporation with a whole-system view across electricity, gas, and hydrogen. NESO operates independently and transparently, always acting in the best interests of all energy users. Licensed and regulated by Ofgem, we make impartial decisions that balance sustainability, affordability and security. Our organisation is fully independent from government, the regulator and all commercial interests, with a clear focus on system-wide benefit, long term thinking and public value. The time to deliver is now. Join the energy transformation and help shape the future. Your energy. Our future. Together.

National Energy System Operator (NESO) recognises the potential of bright and talented individuals, and we encourage you to join us as Great Britain’s energy system undergoes an ambitious, exciting, and vital transformation. Together with industry, we are creating a cleaner, more sustainable energy future.

More Information

This role closes at 23:59, on the day before date shown above, however we encourage candidates to submit their application as early as possible and not wait until the published closing date as this can vary. Research shows that some people may hesitate to apply unless they meet every single requirement. At NESO, we believe potential comes in many forms and we're committed to a fair, inclusive recruitment process where everyone has the opportunity to show their talents. We celebrate the difference people can bring into our organisation, and welcome and encourage applicants with diverse experiences and backgrounds.