CrawlJobs Logo

Cyber Threat Hunting Specialist

United Kingdom, Newbury Employment contract · Job Posted May 27, 2026
Apply Position
Job Link Share

Job Description

At Vodafone, we’re not just shaping the future of connectivity for our customers – we’re shaping the future for everyone who joins our team. When you work with us, you’re part of a global mission to connect people, solve complex challenges, and create a sustainable and more inclusive world. If you want to grow your career whilst finding the perfect balance between work and life, Vodafone offers the opportunities to help you belong and make a real impact.

Job Responsibility

  • Proactively search for signs of cyber threats across systems and networks
  • Proactive Threat Hunting
  • Drive proactive threat hunting across Vodafone’s environment
  • Own complex investigations end-to-end
  • Rule Development for Security Operations
  • Translate your hunting outcomes into robust, production-ready detection logic
  • Challenge existing detections, identifying gaps in coverage, and refining logic
  • Threat Intelligence Integration
  • Work closely with Cyber Threat Intelligence to turn intelligence into actionable outcomes
  • Assess, validate, and challenge intelligence by mapping it to real telemetry and observed behaviours
  • Cross-Team Investigation Support
  • Partner with Security Operations, Incident Response, and other cyber teams as a technical authority during active and post-incident investigations
  • Continuous Improvement and Capability Development
  • Shape the direction of the threat hunting function
  • Actively mentor and guide other hunters

Requirements

  • Threat Research Expertise
  • You are an experienced security analyst who operates well beyond alert-driven workflows
  • You have a deep understanding of adversary tactics, techniques, and procedures
  • Analytical Thinking
  • You are comfortable working with incomplete, ambiguous, or conflicting data
  • Tool Proficiency
  • You are highly proficient in querying and analysing large-scale security data
  • Data Source Fluency
  • You are confident working across diverse telemetry, including endpoint, identity, network, and cloud data
  • Collaborative Communication
  • Communicate your hypotheses, investigative approach, and findings clearly across technical and non-technical audiences

What we offer

  • Yearly bonus: 10%
  • Annual leave: 28 days + bank holidays + the opportunity to buy/sell/carry over 5 days/year
  • Charity days: 5 days/year
  • Maternity leave: 52 weeks: the first 13 weeks are fully paid, followed by 26 weeks of half pay
  • Private pension: You can contribute up to 5% of your basic pay with 2:1 matching from Vodafone up to 10%
  • Access to: private medical, private dental, free health assessments, share save scheme
  • Additional discounts: Vodafone retail, gym, cinema, cycle to work, season ticket loan

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Cyber Threat Hunting Specialist

8 matching positions

Specialist, Cyber Threat Intelligence

The Specialist, Cyber Threat Intelligence is responsible for proactively identif...
Location
Location
Canada , Toronto
Salary
Salary:
Not provided
aircanada.com Logo
Air Canada
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A relevant University degree/technical certification, and/or relevant experience commensurate to the role
  • 5+ years of hands-on professional experience in Cyber Threat Intelligence and Threat Hunting within large enterprise or critical infrastructure environments
  • Deep, applied understanding of adversary tradecraft, including intrusion kill chains, MITRE ATT&CK, Diamond Model, malware families, exploitation techniques, persistence mechanisms, and threats targeting aviation and critical infrastructure sectors
  • Demonstrated experience conducting intelligence-led and hypothesis-driven threat hunts
  • Strong hands-on experience with threat intelligence platforms (TIPs), including IOC ingestion, enrichment, scoring, aging, and operational deployment
  • Proven ability to perform malware and campaign analysis, correlating samples, infrastructure, C2 patterns, payload behavior, delivery mechanisms, and underground chatter into cohesive adversary assessments
  • Experience with dark web monitoring, closed forums, leak sites
  • Advanced log analysis and data correlation skills to identify low-signal, stealthy, or novel adversary activity
  • Hands-on experience developing automation pipelines, scripts, or tooling (Python, PowerShell, APIs, SOAR, etc.) to support intelligence collection, normalization, enrichment, and dissemination
  • Experience with query languages and analytics (KQL, SPL, SQL, etc.) to support threat hunting, detections, and investigations
Job Responsibility
Job Responsibility
  • Collect, analyze, validate, and contextualize cyber threat intelligence from multiple sources including OSINT, dark web forums, commercial feeds, ISACs, industry partners, and internal telemetry to identify emerging threats, adversary TTPs, and sector-specific risks
  • Drive and continuously mature the strategy, governance, and operational execution of the Cyber Threat Intelligence (CTI) program, establishing a formal intelligence lifecycle that ensures actionable intelligence is effectively collected, enriched, analyzed, disseminated, and operationalized within security functions
  • Track, profile, and conduct deep analysis of threat actors targeting the organization’s industry, technology stack, and supply chain, including long-term campaign tracking, infrastructure reuse, malware evolution, and adversary behavior patterns
  • Conduct intelligence-led and hypothesis-driven threat hunting across enterprise systems to identify stealthy, advanced, or previously undetected adversary activity
  • Support and participate in incident response, forensic analysis, and post-incident investigations, providing adversary attribution assessments, likely next-step analysis, and intelligence-based scope expansion
  • Serve as a bridge between fraud prevention, SOC, and intelligence teams to ensure comprehensive coverage of threats. Facilitate information sharing and collaboration to strengthen the organization’s overall security posture
  • Create detailed technical reports, threat advisories, and early warning alerts on emerging threats and incidents for technical and non-technical stakeholders
  • Fulltime
Read More
Arrow Right

Cyber Threat Specialist

Critical role within the Cyber Threat Intelligence Team. As a Threat Specialist ...
Location
Location
Australia , Victoria
Salary
Salary:
Not provided
woolworths.com.au Logo
Woolworths Supermarkets
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years of tested cyber security experience within high-pressure environments, including SOC, NOC, and CIRT ecosystems
  • Expert-level mastery in network intrusion, detection, and response, with a current and sharp understanding of the modern threat landscape
  • Deep-seated intuition for malicious code, with the specialised skills required to understand the anatomy of an attack
  • Seamlessly applying the MITRE ATT&CK® framework and Cyber Kill Chain methodology to map adversary behavior and anticipate the 'next move'
  • Broad spectrum confidence across an array of security applications, ensuring the right tool is leveraged for the right threat at the right time
  • Advanced proficiency in Open Source Intelligence, turning public data into actionable defensive strategies
  • A rare ability to translate complex cyber risks into tangible business outcomes, ensuring security initiatives drive organisational value rather than just technical compliance
  • Comprehensive end-to-end exposure to Incident Response (IR), from initial triage through to post-mortem and long-term hardening
  • Equally effective as an individual contributor or a collaborative team player, maintaining peak performance in both autonomous and integrated environments
Job Responsibility
Job Responsibility
  • Maintain awareness of the cyber threat landscape by conducting research to contribute to formal threat reports and curate actionable intelligence
  • Triage, tune, and customise threat alerts while incorporating curated Indicators of Compromise (IOCs) into the existing threat framework
  • Identify and prioritise detection opportunities using SIEM and EDR tools, mapped against the Mitre ATT&CK framework for comprehensive coverage
  • Conduct threat hunting, trigger incident response workflows, and provide dedicated intelligence support during major security incidents
  • Proactively raise security risks and recommend appropriate controls to strengthen the organisation's defensive posture
  • Assist with the zero-day vulnerability process and ensure all technical documentation remains current and accurate
  • Drive continuous improvement by streamlining workflows through the strategic use of automation and advanced tooling
  • Fulltime
Read More
Arrow Right

Siem Content Development Specialist - Cyber Defence - Vois

We are seeking a SIEM Content Development Specialist to strengthen Cyber Defence...
Location
Location
India , Pune
Salary
Salary:
Not provided
vodafone.com Logo
Vodafone
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experienced professional with 10+ years in SOC operations, SIEM content development, threat hunting, or security engineering
  • Skilled in SIEM technologies, particularly Elastic/ELK, with knowledge of platforms such as Splunk, Sentinel, ArcSight, or Chronicle
  • Proficient in programming and scripting (e.g., Python, SQL, JavaScript, PowerShell, KQL, ES|QL)
  • Strong understanding of cloud environments (AWS, Azure, GCP) and associated telemetry
  • Experienced in developing detection use cases and threat scenarios aligned with MITRE ATT&CK and cyber kill chain frameworks
  • Competent in Regex and data analysis techniques
  • Knowledgeable in networking concepts (TCP/IP, CIDR, subnets) and security tools (IDS/IPS, firewalls, AV systems)
  • Strong analytical, problem-solving, and communication skills
  • Able to work independently, prioritise tasks, and collaborate effectively across teams
  • Certifications such as CISSP or SANS (e.g., GCIH, GCIA) are advantageous
Job Responsibility
Job Responsibility
  • Design, develop, and optimise SIEM detection content across existing and new platforms
  • Lead and contribute to SIEM content engineering initiatives, applying SDLC and Agile methodologies
  • Continuously refine detection rules and logic to improve SOC efficiency and effectiveness
  • Develop and integrate threat response workflows and playbooks
  • Conduct threat analysis to design behavioural and indicator-based detection use cases
  • Collaborate with log source owners to translate business and technical requirements into actionable SIEM content
  • Deliver cyber security reports and advisories to key stakeholders
  • Perform post-incident analysis and drive improvements through actionable insights
  • Support EDR/XDR detection engineering and tuning activities
  • Create and maintain technical documentation, workflows, and operational playbooks
What we offer
What we offer
  • Opportunity to work at the core of global cyber defence operations
  • Exposure to advanced SIEM, EDR, and XDR technologies and large-scale security environments
  • Collaboration with global cyber security experts and stakeholders
  • Continuous learning through evolving threat landscapes and modern security frameworks
  • Opportunity to contribute to meaningful risk reduction initiatives across Vodafone
Read More
Arrow Right

Cyber Security Specialist

We are seeking a Cyber Security Specialist to support day-to-day cybersecurity o...
Location
Location
Pakistan , Lahore
Salary
Salary:
Not provided
northbaysolutions.com Logo
NorthBay
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7–8 years of experience in SOC / Cyber Security Operations / Incident Response
  • Strong hands-on experience with SIEM operations (alerts, use-cases, dashboards, reporting)
  • Strong working experience with EDR tools and endpoint investigation fundamentals
  • Practical understanding of incident response lifecycle and operational documentation discipline
  • Experience coordinating remediation with cross-functional teams in hybrid/on-prem environments
  • Strong knowledge of ISO 27001, SOC 2, PCI/DSS operational control expectations (logging, access, incident handling, evidence)
Job Responsibility
Job Responsibility
  • Monitor and analyze security events using SIEM, including alert triage, correlation validation, and escalation handling
  • Execute incident response activities: triage, containment coordination, evidence capture, and support for root-cause analysis
  • Operate and manage EDR tooling: policy management, alert handling, containment actions, and endpoint investigation support
  • Support vulnerability management execution: scanning coordination, triage, remediation tracking, and verification
  • Perform basic threat hunting and proactive detection improvements based on observed patterns and recurring incidents
  • Maintain incident response playbooks, operational SOPs, and case documentation with high-quality reporting
  • Support ISO 2700, SOC 2, PCI/DSS operational compliance through evidence collection, reporting, and control execution
  • Coordinate with platform, network, and application teams to resolve security events within defined timelines and processes
  • Fulltime
Read More
Arrow Right

Cyber Security Specialist

We are seeking a Cyber Security Specialist to support day-to-day cybersecurity o...
Location
Location
Pakistan , Islamabad
Salary
Salary:
Not provided
northbaysolutions.com Logo
NorthBay
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7–8 years of experience in SOC / Cyber Security Operations / Incident Response
  • Strong hands-on experience with SIEM operations (alerts, use-cases, dashboards, reporting)
  • Strong working experience with EDR tools and endpoint investigation fundamentals
  • Practical understanding of incident response lifecycle and operational documentation discipline
  • Experience coordinating remediation with cross-functional teams in hybrid/on-prem environments
  • Strong knowledge of ISO 27001, SOC 2, PCI/DSS operational control expectations (logging, access, incident handling, evidence)
Job Responsibility
Job Responsibility
  • Monitor and analyze security events using SIEM, including alert triage, correlation validation, and escalation handling
  • Execute incident response activities: triage, containment coordination, evidence capture, and support for root-cause analysis
  • Operate and manage EDR tooling: policy management, alert handling, containment actions, and endpoint investigation support
  • Support vulnerability management execution: scanning coordination, triage, remediation tracking, and verification
  • Perform basic threat hunting and proactive detection improvements based on observed patterns and recurring incidents
  • Maintain incident response playbooks, operational SOPs, and case documentation with high-quality reporting
  • Support ISO 2700, SOC 2, PCI/DSS operational compliance through evidence collection, reporting, and control execution
  • Coordinate with platform, network, and application teams to resolve security events within defined timelines and processes
  • Fulltime
Read More
Arrow Right

Cyber Security Specialist

We are seeking a Cyber Security Specialist to support day-to-day cybersecurity o...
Location
Location
India
Salary
Salary:
Not provided
northbaysolutions.com Logo
NorthBay
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7–8 years of experience in SOC / Cyber Security Operations / Incident Response
  • Strong hands-on experience with SIEM operations (alerts, use-cases, dashboards, reporting)
  • Strong working experience with EDR tools and endpoint investigation fundamentals
  • Practical understanding of incident response lifecycle and operational documentation discipline
  • Experience coordinating remediation with cross-functional teams in hybrid/on-prem environments
  • Strong knowledge of ISO 27001, SOC 2, PCI/DSS operational control expectations (logging, access, incident handling, evidence)
Job Responsibility
Job Responsibility
  • Monitor and analyze security events using SIEM, including alert triage, correlation validation, and escalation handling
  • Execute incident response activities: triage, containment coordination, evidence capture, and support for root-cause analysis
  • Operate and manage EDR tooling: policy management, alert handling, containment actions, and endpoint investigation support
  • Support vulnerability management execution: scanning coordination, triage, remediation tracking, and verification
  • Perform basic threat hunting and proactive detection improvements based on observed patterns and recurring incidents
  • Maintain incident response playbooks, operational SOPs, and case documentation with high-quality reporting
  • Support ISO 2700, SOC 2, PCI/DSS operational compliance through evidence collection, reporting, and control execution
  • Coordinate with platform, network, and application teams to resolve security events within defined timelines and processes
  • Fulltime
Read More
Arrow Right

Principal Cyber Defense Ops Specialist

The Principal Cyber Defense Ops Specialist will be a resident technical expert w...
Location
Location
United States , Johnston; Dallas
Salary
Salary:
112000.00 - 148000.00 USD / Year
citizensbank.com Logo
Citizens Bank
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7 or more years of progressive security industry experience
  • Demonstrated understanding of various operating systems (Window, Unix, Linux, AIX, etc) with an emphasis on Security Operations
  • Hands on experience with: Security Information and Event Management Tools (QRadar, Arcsight, Splunk, etc.)
  • Intrusion Prevention Tools
  • Database Security Tools (Guardium)
  • Data Loss Prevention Tools (Symantec, Websense, etc.)
  • Firewalls (Cisco, Palo Alto, Check Point etc.)
  • Application Security Tools
  • Vulnerability tools
  • Cyber Security Incident Response
Job Responsibility
Job Responsibility
  • Conducting network forensics, log analysis, and malware triage in support of incident response investigations
  • Utilizing current and future tools to perform hunting for complex insider and outsider threats
  • Analyzing vulnerability assessment and penetration testing results to help identify stealthy threats and drive remedial action of critical threats
  • Supporting proactive deep malware analysis, and recommending defensive actions to effectively defend against malware related attacks
  • Recommend how to optimize security monitoring tools based on threat hunting discoveries
  • Facilitating the evaluation, selection and implementation of supporting SOC systems and tools
  • Helping develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk
  • Exercising analytical skills and knowledge of supervision regulations
What we offer
What we offer
  • comprehensive medical, dental and vision coverage
  • retirement benefits
  • maternity/paternity leave
  • flexible work arrangements
  • education reimbursement
  • wellness programs
  • competitive pay
  • opportunity to earn an annual discretionary bonus
  • Fulltime
Read More
Arrow Right

Cyber Security Operations Specialist

A Cyber Security Operations Specialist is a professional responsible for protect...
Location
Location
Congo, the Democratic Republic of the , Kinshasa
Salary
Salary:
Not provided
vodafone.com Logo
Vodafone
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum of 3-5 years of experience in Security Operations and Threat hunting
  • Bachelor's degree in computer science, information technology, cyber security, or a related field
  • Proficiency in security tools (e.g., SIEM, IDS/IPS, firewalls)
  • Knowledge of networking protocols and architecture
  • Familiarity with operating systems (Windows, Linux) and cloud environments
  • Strong analytical and problem-solving abilities to assess risks and respond effectively to incidents
  • Excellent analytical and problem-solving skills
  • Strong communication skills to effectively convey technical information to non-technical stakeholders. [French and English]
  • Ability to work independently and as part of a team in a fast-paced environment
  • A keen eye for detail to detect anomalies in data and logs
Job Responsibility
Job Responsibility
  • Continuously monitor security systems and networks for unusual activity or potential threats
  • Analyse security alerts and logs to identify and respond to incidents
  • Investigate security incidents and breaches to determine their cause and impact
  • Coordinate the response to security incidents, including containment, eradication, and recovery
  • Maintain a concise, audit-ready Incident Response Plan that defines severity matrix, escalation paths, decision authority, evidence handling, and communications (internal, executive, legal, regulator)
  • Own a version-controlled repository of actionable playbooks (phishing, business email compromise, ransomware, webshell, data exfiltration, insider risk, credential theft, cloud token abuse)
  • Ensure that logs from servers, cloud apps, domain controllers, proxies, domain controllers, email and smtp gateways, PUAM, firewalls are collected, easy to read, time-synchronized, and stored securely
  • Build and maintain smart alert rules that spot real attacks (based on MITRE ATT&CK) and reduce noisy false alarms
  • Create dashboards and weekly reports that show what we’re seeing and how fast we respond
  • Stay updated on the latest cyber threats, vulnerabilities, and attack vectors
Read More
Arrow Right