Threat Hunter

We are seeking a highly capable and hands-on Threat Hunter to design and lead a professional threat hunting capability focused on identifying sophisticated adversaries through hypothesis-driven analysis and automation. You will be responsible for proactively detecting and analysing advanced threats across the customers environment, ensuring our threat models and threat hunts are tightly aligned to industry risks to the customer. This is a high-impact role with significant autonomy. You’ll need to think critically and hunt methodically. As a Threat Hunter, you will actively search for cyber threats that evade traditional security solutions. Your role will involve conducting in-depth analysis, identifying indicators of compromise (IOCs), and working cross-functionally with the Security Operations Centre Analysts, Detection Engineers, Privacy Team and Engineering Team to mitigate risks.

Summary

• Threat Detection and Monitoring: Design, build, and own a formal threat hunting program with a strong emphasis on hypothesis-based hunting methodologies.
• Use threat intelligence, MITRE ATT&CK, and risk models to form hypotheses and validate them through structured hunts.
• Leverage Jupyter Notebooks and other tools to automate hunts, visualise results, and create reusable artifacts for future investigations and detections.
• Collaborate with detection engineering to convert threat hunt findings into high fidelity detection content.
• Utilising both NCC Groups internal threat intelligence feeds and open-source threat intelligence, use these to operationalise detections for emerging threats.
• Support the mapping of threat models to monitoring use cases in partnership with teams across the business.
• Document and maintain a robust repository for hunting methodologies, tooling, and findings to enable continuous improvement and team scaling.
• Provide regular reports and presentations to stakeholders, with clear articulation of threats, methods, and risk impact.

The Ideal Candidate looks like:

The ideal candidate is a highly skilled and proactive Threat Hunter with a strong background in hypothesis-driven hunting, adversary TTP analysis, and cross-functional collaboration. They have 3–5+ years of hands-on experience in Threat Hunting, Red Team, Blue Team, or Incident Response roles, with a deep understanding of the MITRE ATT&CK framework and a proven ability to detect and investigate advanced threats beyond signature-based solutions. Adept at leveraging Splunk for data analysis and detection development, they bring strong scripting capabilities (e.g., Python, PowerShell, SQL) and experience using Jupyter Notebooks to automate hunts and visualise results. This individual has successfully built or significantly contributed to threat hunting programs, translating threat intelligence into actionable insights and working alongside detection engineers and security analysts to operationalise findings. They should be driven by curiosity and methodical thinking, constantly seeking to improve visibility and detection coverage across complex environments—including hybrid or cloud-native architectures like AWS, Azure, or GCP. They will be comfortable presenting findings to stakeholders and documenting methodologies, they are also committed to continuous learning, with certifications such as GCTI, GCFA, or OSCP highlighting their depth and breadth of knowledge. They would be a self-starter with strong autonomy and analytical acumen; they thrive in dynamic environments and are passionate about staying ahead of evolving threats.

What we are looking for in you

Minimum Requirements

• Minimum 3-5 + years of experience within a Threat Hunter, Red Team, Incident Response, or Blue Team role.
• Solid understanding of the MITRE ATT&CK framework, TTP analysis, and adversary emulation.
• Deep familiarity with hypothesis-driven threat hunting frameworks and methodologies.
• Ability to work autonomously while collaborating across security, engineering, and business teams.
• Strong use of Splunk Programming Language.
• Strong scripting/query language skills (e.g., Python, KQL, SQL, PowerShell).

Desirable Requirements

• Hands-on experience using Jupyter Notebooks for data exploration, automation, and visualization in a security context.
• Knowledge of cloud products and log events such as Azure, Amazon Web Services, Google Cloud Platform.
• Experience building a threat hunting capability from scratch.
• Familiarity with data science and machine learning techniques in security analysis.
• Background in building automated hunting pipelines and/or detection-as-code.

Desirable Certifications

• GCFA
• OSCP
• GDAT
• GCIH
• Or similar certifications, not required but certainly desirable.

Ways of working

• Focusing on Clients and Customers.
• Working as One NCC.
• Always Learning.
• Being Inclusive and Respectful.
• Delivering Brilliantly.

Our company

At NCC Group, our mission is to create a more secure digital future. That mission underpins everything we do, from our work with our incredible clients to groundbreaking research shaping our industry. Our teams partner with clients across a multitude of industries, delving into, securing new products, and emerging technologies, as well as solving complex security problems. As global leaders in cyber and escrow, NCC Group is a people-powered business seeking the next group of brilliant minds to join our ranks. Our colleagues are our greatest assets, and NCC Group is committed to providing an inclusive and supportive work environment that fosters creativity, collaboration, authenticity, and accountability. We want colleagues to put down roots at NCC Group, and we offer a comprehensive benefits package, as well as opportunities for learning and development and career growth. We believe our people are at their brilliant best when they feel bolstered in all aspects of their well-being, and we offer wellness programs and flexible working arrangements to provide that vital support.

What do we offer in return?

We have a high-performance culture which is balanced evenly with world-class well-being initiatives and benefits:

• Flexible working
• Financial & Investment
• Pension
• Life Assurance
• Share Save Scheme
• Maternity & Paternity leave
• Community & Volunteering Programmes
• Green Car Scheme
• Cycle Scheme
• Employee Referral Program
• Lifestyle & Wellness
• Learning & Development
• Diversity & Inclusion

So, what’s next?

If this sounds like the right opportunity for you, then we would love to hear from you! Click on apply to this job to send us your CV and cover letter and the relevant member of our global talent team will be in touch with you. Alternatively send your details to global.ta@nccgroup.com.

About your application

We review every application received and will get in touch if your skills and experience match what we’re looking for. If you don’t hear back from us within 10 days, please don’t be too disappointed – we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles. If you do not want us to retain your details, please email global.ta@nccgroup.com.

All personal data is held in accordance with the NCC Group Privacy Policy. We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process, please tell us at any stage. Please note that this role involves mandatory pre-employment background checks due to the nature of the work NCC Group does. To apply, you must be willing and able to undergo the vetting process. This role being advertised will be subject to BS7858 screening as a mandatory requirement.