Menu

Threat Hunter

Job details
Posting date: 01 July 2025
Hours: Full time
Closing date: 31 July 2025
Location: Manchester, Greater Manchester
Remote working: Hybrid - work remotely up to 5 days per week
Company: NCC Group
Job type: Permanent
Job reference: R9319

Apply for this job

Summary

Threat Hunter
UK (Manchester, Cheltenham or London)

We are seeking a capable, hands-on Threat Hunter to design and lead a professional threat hunting capability focused on identifying sophisticated adversaries through hypothesis-driven analysis and automation. You will proactively detect and analyse advanced threats across the customer environment, ensuring threat models and hunts align with industry risks.

This high-impact role offers significant autonomy. You’ll need to think critically and hunt methodically.

You will actively search for cyber threats that evade traditional security solutions. This involves in-depth analysis, identifying indicators of compromise (IOCs), and working cross-functionally with SOC Analysts, Detection Engineers, Privacy and Engineering teams to mitigate risks.

Summary

Threat Detection and Monitoring:

Design, build, and own a formal threat hunting program with hypothesis-based methodologies.

Use threat intelligence, MITRE ATT&CK, and risk models to form and validate hypotheses through structured hunts.

Leverage Jupyter Notebooks and other tools to automate hunts, visualise results, and create reusable artifacts.

Collaborate with detection engineering to convert findings into high-fidelity detection content.

Operationalise internal and open-source threat intelligence for emerging threats.

Map threat models to monitoring use cases in partnership with other teams.

Maintain a repository of methodologies, tooling, and findings to support scaling.

Provide clear, regular reports and presentations to stakeholders.

The Ideal Candidate:

Proactive Threat Hunter with a strong background in hypothesis-driven hunting, adversary TTP analysis, and collaboration.

3–5+ years of hands-on experience in Threat Hunting, Red/Blue Team, or Incident Response.

Deep understanding of MITRE ATT&CK; able to detect threats beyond signature-based solutions.

Skilled in Splunk for data analysis and detection development.

Strong scripting (Python, PowerShell, SQL) and Jupyter Notebook experience for automation and visualisation.

Experience translating threat intelligence into insights and working alongside detection engineers/security analysts.

Curiosity-driven, methodical, focused on improving visibility and detection across complex environments, including cloud (AWS, Azure, GCP).

Comfortable presenting findings and documenting methodologies.

Committed to continuous learning; certifications such as GCTI, GCFA, or OSCP are desirable.

Self-starter with analytical acumen who thrives in dynamic environments and stays ahead of evolving threats.

What We’re Looking For in You

Minimum Requirements:

3–5+ years in Threat Hunting, Red/Blue Team, or Incident Response.

Strong knowledge of MITRE ATT&CK, TTPs, and adversary emulation.

Experience with hypothesis-driven frameworks.

Ability to work autonomously while collaborating across teams.

Strong Splunk usage and scripting (Python, KQL, SQL, PowerShell).

Desirable:

Experience using Jupyter Notebooks for exploration, automation, and visualisation.

Familiarity with Azure, AWS, GCP logs and environments.

Experience building a hunting capability from scratch.

Understanding of data science/ML techniques in security analysis.

Experience with automated hunting pipelines or detection-as-code.

Desirable Certifications:

GCFA

OSCP

GDAT

GCIH
(or similar; not required but desirable)

Ways of Working

Focusing on Clients and Customers

Working as One NCC

Always Learning

Being Inclusive and Respectful

Delivering Brilliantly

Our Company

At NCC Group, our mission is to create a more secure digital future. That mission underpins everything we do—from client work to groundbreaking research. We partner with clients across industries, securing products and emerging technologies, solving complex challenges. As global leaders in cyber and escrow, we are people-powered and seeking the next brilliant minds to join us.

Come join us?

What We Offer:
We have a high-performance culture balanced with world-class well-being and benefits:

⏰ Flexible working

Financial & Investment: Pension, Life Assurance, Share Save Scheme, Parental Leave

Community & Volunteering Programmes

⚡ Green Car Scheme

Cycle Scheme

‍‍ Employee Referral Program

Lifestyle & Wellness

Learning & Development

‍ Diversity & Inclusion

What’s Next?

If this sounds like you, we’d love to hear from you. Apply now with your CV and cover letter, or send them to global.ta@nccgroup.com.

About Your Application

We review all applications and will contact you if your skills match. If you don’t hear from us in 10 days, we may retain your CV for future opportunities. You can request removal of your data by emailing global.ta@nccgroup.com. Your personal data will be held per the NCC Group Privacy Policy.

We value diversity and flexibility in the workplace. If you need reasonable adjustments for the process, let us know at any stage.

Please note: This role involves mandatory pre-employment background checks. You must be willing and able to undergo vetting. This role will be subject to BS7858 screening.

Apply for this job