Threat Hunter

Threat Hunter

UK (Manchester Cheltenham or London)

We are seeking a highly capable and handson Threat Hunter to design and lead a professional threat hunting capability focused on identifying sophisticated adversaries through hypothesisdriven analysis and automation. You will be responsible for proactively detecting and analysing advanced threats across the customers environment. Ensuring our threat models and threat hunts are tightly aligned to industry risks to the customer.

This is a highimpact role with significant autonomy. Youll need to think critically and hunt methodically.

As a Threat Hunter you will actively search for cyber threats that evade traditional security solutions. Your role will involve conducting indepth analysis identifying indicators of compromise (IOCs) and working crossfunctionally with the Security Operations Centre Analysts Detection Engineers Privacy Team and Engineering Team to mitigate risks.

Summary

Threat Detection and Monitoring:

• Design build and own a formal threat hunting program with a strong emphasis on hypothesisbased hunting methodologies.
• Use threat intelligence MITRE ATT&CK and risk models to form hypotheses and validate them through structured hunts.
• Leverage Jupyter Notebooks and other tools to automate hunts visualise results and create reusable artifacts for future investigations and detections.
• Collaborate with detection engineering to convert threat hunt findings into high fidelity detection content.
• Utilising both NCC Groups internal threat intelligence feeds and opensource threat intelligence use these to operationalise detections for emerging threats.
• Support the mapping of threat models to monitoring use cases in partnership with teams across the business.
• Document and maintain a robust repository for hunting methodologies tooling and findings to enable continuous improvement and team scaling.
• Provide regular reports and presentations to stakeholders with clear articulation of threats methods and risk impact.

The Ideal Candidate looks like:

• The ideal candidate is a highly skilled and proactive Threat Hunter with a strong background in hypothesisdriven hunting adversary TTP analysis and crossfunctional collaboration.
• They have 35 years of handson experience in Threat Hunting Red Team Blue Team or Incident Response roles with a deep understanding of the MITRE ATT&CK framework and a proven ability to detect and investigate advanced threats beyond signaturebased solutions.
• Adept at leveraging Splunk for data analysis and detection development they bring strong scripting capabilities (e.g. Python PowerShell SQL) and experience using Jupyter Notebooks to automate hunts and visualise results.
• This individual has successfully built or significantly contributed to threat hunting programs translating threat intelligence into actionable insights and working alongside detection engineers and security analysts to operationalise findings.
• They should be driven by curiosity and methodical thinking constantly seeking to improve visibility and detection coverage across complex environmentsincluding hybrid or cloudnative architectures like AWS Azure or GCP.
• They will be comfortable presenting findings to stakeholders and documenting methodologies they are also committed to continuous learning with certifications such as GCTI GCFA or OSCP highlighting their depth and breadth of knowledge.
• They would be a selfstarter with strong autonomy and analytical acumen; they thrive in dynamic environments and are passionate about staying ahead of evolving threats.

What we are looking for in you

Minimum Requirements

• Minimum 35 years of experience within a Threat Hunter Red Team Incident Response or Blue Team role.
• Solid understanding of the MITRE ATT&CK framework TTP analysis and adversary emulation.
• Deep familiarity with hypothesisdriven threat hunting frameworks and methodologies.
• Ability to work autonomously while collaborating across security engineering and business teams.
• Strong use of Splunk Programming Language.
• Strong scripting/query language skills (e.g. Python KQL SQL PowerShell).

Desirable Requirements

• Handson experience using Jupyter Notebooks for data exploration automation and visualization in a security context.
• Knowledge of cloud products and log events such as Azure Amazon Web Services Google Cloud Platform.
• Experience building a threat hunting capability from scratch.
• Familiarity with data science and machine learning techniques in security analysis.
• Background in building automated hunting pipelines and/or detectionascode.

Desirable Certifications

• GCFA
• OSCP
• GDAT
• GCIH
• Or similar certifications not required but certainly desirable.

Ways of working

Focusing on Clients and Customers.

Working as One NCC.

Always Learning.

Being Inclusive and Respectful.

Delivering Brilliantly.

Our company

At NCC Group our mission is to create a more secure digital future. That mission underpins everything we do from our work with our incredible clients to groundbreaking research shaping our industry. Our teams partner with clients across a multitude of industries delving into securing new products and emerging technologies as well as solving complex security problems. As global leaders in cyber and escrow NCC Group is a peoplepowered business seeking the next group of brilliant minds to join our ranks.

Our colleagues are our greatest assets and NCC Group is committed to providing an inclusive and supportive work environment that fosters creativity collaboration authenticity and accountability. We want colleagues to put down roots at NCC Group and we offer a comprehensive benefits package as well as opportunities for learning and development and career growth. We believe our people are at their brilliant best when they feel bolstered in all aspects of their wellbeing and we offer wellness programs and flexible working arrangements to provide that vital support.

Come join us

What do we offer in return

We have a highperformance culture which is balanced evenly with worldclass wellbeing initiatives and benefits:

Flexible working

Financial & Investment

Pension

Life Assurance

Share Save Scheme

Maternity & Paternity leave

Community & Volunteering Programmes

Green Car Scheme

Cycle Scheme

Employee Referral Program

Lifestyle & Wellness

Learning & Development

Diversity & Inclusion

So whats next

If this sounds like the right opportunity for you then we would love to hear from you! Click on apply to this job to send us your CV and cover letter and the relevant member of our global talent team will be in touch with you. Alternatively send your details to .

About your application

We review every application received and will get in touch if your skills and experience match what were looking for. If you dont hear back from us within 10 days please dont be too disappointed we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles.

If you do not want us to retain your details please email . All personal data is held in accordance with the NCC Group Privacy Policy ( ()). We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process please tell us at any stage.

Please note that this role involves mandatory preemployment background checks due to the nature of the work NCC Group does. To apply you must be willing and able to undergo the vetting process. This role being advertised will be subject to BS7858 screening as a mandatory requirement.