Threat Hunting and Detection Engineering Manager in Warwick

About The Role

NESO are looking to hire a manager for an established Threat Hunting and Detection Engineering Team. The team works alongside the Cyber Security Operations Centre (CSOC) and develops industry leading threat detection capabilities across two SIEM platforms. It also performs advanced threat hunting to identify advanced or unknown threats early. The Threat Hunting and Detection Engineering Manager will manage a team of threat hunting analysts. The team identifies, assesses, prioritises and delivers threat hunting activities, while ensuring threat-led detection content is continuously applied to the SIEM. The team also provides Subject Matter Expertise and analysis in support of security incident management. This role can be based from Wokingham or Warwick, with hybrid working from office and home. We are open to full-time and part-time applicants, as well as flexible working arrangements. This role is designated as requiring a National Security Vetting (NSV) clearance. The level of clearance associated with the role is Security Check (SC). You will usually need to have been a resident in the UK for the last five years to apply for an SC clearance. Applicants who do not currently meet this residency requirement are encouraged to express interest.

Key Accountabilities

• Lead and manage threat hunting and content development to enable an effective Cyber Security Operations team.
• Partner with Cyber Security Operations, Incident Response, Threat Intelligence, and Security Engineering to agree and prioritise requirements for threat detection and threat hunting.
• Be accountable for the development and deployment of a prioritised set of threat detection rules across two SIEM platforms.
• Be accountable for the development and maintenance of work instructions and playbooks to enable the CSOC analysts to triage and respond to events.
• Develop and maintain security content, such as rules, signatures, indicators, dashboards, reports, etc., to enhance the detection and response capabilities of the CSOC.
• Provide subject matter expertise and analysis support in the event of security incidents.
• Support the team to ensure they utilise detection as code and secure development pipelines.
• Ensure an intake process is managed to allow a feedback loop from the CSOC.
• Conduct proactive, iterative, and human-centric identification and analysis of cyber threats that have evaded existing security controls.
• Coordinate and collaborate with internal and external stakeholders, such as IT teams, business units, vendors, auditors, and regulators.
• Provide regular reports and metrics on the threat hunting and content development activities, outcomes, and value.
• Develop and implement threat hunting and content development policies, standards, procedures, and best practices.

About You

We’re forging the path, and we know we can’t do it alone. That’s why we need visionary minds like yours to join us on this transformative journey. We’re looking for someone who:

• Has an active leadership mindset, staying engaged with the team deliverables.
• Is a team player and adept at working in multi-disciplinary and diverse teams.
• Has in-depth knowledge and experience in threat hunting, content development, security engineering concepts, operations, analysis, and response.
• Is proficient in various threat hunting and content development tools and technologies, such as SIEM, IDS, IPS, firewall, antivirus, encryption, VPN, etc.
• Is familiar with security frameworks and standards, such as NIST and NCSC CAF.
• Has strong analytical and problem-solving skills and the ability to handle complex and dynamic situations.
• Has excellent communication and presentation skills and the ability to communicate effectively with technical and non-technical audiences.
• Has sound knowledge of IT systems, networks, applications, and cloud services.
• Is aware of current and emerging cyber threats, trends, and best practices.

Qualifications

Relevant degree-level qualification or equivalent experience with a strong background in providing threat hunting services in a large hybrid environment, within a government or critical infrastructure domain. Significant experience in threat hunting, content development, security engineering, operations, or related field with strong demonstrable experience in managing or leading security teams or projects. Relevant professional certifications, such as CISSP, CISM, GSEC, GCIA, GCED, etc.

Don’t meet every single requirement? Studies have shown that women and people of colour are less likely to apply for jobs unless they meet every single qualification. At NESO, we are committed to building a diverse, inclusive, and authentic workplace for everyone. If you’re excited about this role but your experience or qualifications don’t match the job description exactly, we encourage you to apply anyway. You might just be the right person for our growing business in this role or another.

What You'll Get

A competitive salary of £70,000 - £80,000 dependent on experience and capability. In addition to your base salary, you will receive a bonus of up to 15% of your salary for stretch performance, 28 days annual leave as standard, and a competitive contributory pension scheme with company matching up to 12%.

Benefits

NESO's flexible benefits programme provides you with more flexibility around your health, lifestyle and protection benefits. Here are a few available:

• Flexible Bank Holidays & Holiday Trading
• Additional Birthday Day Off
• Cycle to Work Scheme, Retail & Gym Discounts
• Private Medical Insurance, Critical Illness Insurance & Personal Accident Insurance

About Us

At the National Energy System Operator (NESO), we play a vital role in tackling climate change and securing Great Britain's energy future. We operate the world's fastest decarbonising electricity system and aim to run it carbon-free for a short period this year, provided the market supplies electricity exclusively from renewable sources. We also provide expert advice to government on delivering a clean power system by 2030. In autumn 2024, the Electricity System Operator (ESO) transitioned to NESO — an independent, expert public corporation with a whole-system view across electricity, gas, and hydrogen. NESO operates independently and transparently, always acting in the best interests of all energy users. Licensed and regulated by Ofgem, we make impartial decisions balancing sustainability, affordability and security. Our organisation is independent from government, the regulator and all commercial interests, with a focus on system-wide benefit and public value. The time to deliver is now. Join the energy transformation and help shape the future.

More Information

This role closes at 23:59 on the day before the date shown above. We encourage candidates to apply early as the closing date can vary. We are committed to a fair, inclusive recruitment process where everyone has the opportunity to show their talents. We welcome applicants with diverse experiences and backgrounds.