Threat Hunter
Posting date: | 01 July 2025 |
---|---|
Hours: | Full time |
Closing date: | 31 July 2025 |
Location: | Manchester, Greater Manchester |
Remote working: | Hybrid - work remotely up to 5 days per week |
Company: | NCC Group |
Job type: | Permanent |
Job reference: | R9319 |
Summary
Threat Hunter
UK (Manchester, Cheltenham or London)
We are seeking a capable, hands-on Threat Hunter to design and lead a professional threat hunting capability focused on identifying sophisticated adversaries through hypothesis-driven analysis and automation. You will proactively detect and analyse advanced threats across the customer environment, ensuring threat models and hunts align with industry risks.
This high-impact role offers significant autonomy. You’ll need to think critically and hunt methodically.
You will actively search for cyber threats that evade traditional security solutions. This involves in-depth analysis, identifying indicators of compromise (IOCs), and working cross-functionally with SOC Analysts, Detection Engineers, Privacy and Engineering teams to mitigate risks.
Summary
Threat Detection and Monitoring:
Design, build, and own a formal threat hunting program with hypothesis-based methodologies.
Use threat intelligence, MITRE ATT&CK, and risk models to form and validate hypotheses through structured hunts.
Leverage Jupyter Notebooks and other tools to automate hunts, visualise results, and create reusable artifacts.
Collaborate with detection engineering to convert findings into high-fidelity detection content.
Operationalise internal and open-source threat intelligence for emerging threats.
Map threat models to monitoring use cases in partnership with other teams.
Maintain a repository of methodologies, tooling, and findings to support scaling.
Provide clear, regular reports and presentations to stakeholders.
The Ideal Candidate:
Proactive Threat Hunter with a strong background in hypothesis-driven hunting, adversary TTP analysis, and collaboration.
3–5+ years of hands-on experience in Threat Hunting, Red/Blue Team, or Incident Response.
Deep understanding of MITRE ATT&CK; able to detect threats beyond signature-based solutions.
Skilled in Splunk for data analysis and detection development.
Strong scripting (Python, PowerShell, SQL) and Jupyter Notebook experience for automation and visualisation.
Experience translating threat intelligence into insights and working alongside detection engineers/security analysts.
Curiosity-driven, methodical, focused on improving visibility and detection across complex environments, including cloud (AWS, Azure, GCP).
Comfortable presenting findings and documenting methodologies.
Committed to continuous learning; certifications such as GCTI, GCFA, or OSCP are desirable.
Self-starter with analytical acumen who thrives in dynamic environments and stays ahead of evolving threats.
What We’re Looking For in You
Minimum Requirements:
3–5+ years in Threat Hunting, Red/Blue Team, or Incident Response.
Strong knowledge of MITRE ATT&CK, TTPs, and adversary emulation.
Experience with hypothesis-driven frameworks.
Ability to work autonomously while collaborating across teams.
Strong Splunk usage and scripting (Python, KQL, SQL, PowerShell).
Desirable:
Experience using Jupyter Notebooks for exploration, automation, and visualisation.
Familiarity with Azure, AWS, GCP logs and environments.
Experience building a hunting capability from scratch.
Understanding of data science/ML techniques in security analysis.
Experience with automated hunting pipelines or detection-as-code.
Desirable Certifications:
GCFA
OSCP
GDAT
GCIH
(or similar; not required but desirable)
Ways of Working
Focusing on Clients and Customers
Working as One NCC
Always Learning
Being Inclusive and Respectful
Delivering Brilliantly
Our Company
At NCC Group, our mission is to create a more secure digital future. That mission underpins everything we do—from client work to groundbreaking research. We partner with clients across industries, securing products and emerging technologies, solving complex challenges. As global leaders in cyber and escrow, we are people-powered and seeking the next brilliant minds to join us.
Come join us?
What We Offer:
We have a high-performance culture balanced with world-class well-being and benefits:
⏰ Flexible working
Financial & Investment: Pension, Life Assurance, Share Save Scheme, Parental Leave
Community & Volunteering Programmes
⚡ Green Car Scheme
Cycle Scheme
Employee Referral Program
Lifestyle & Wellness
Learning & Development
Diversity & Inclusion
What’s Next?
If this sounds like you, we’d love to hear from you. Apply now with your CV and cover letter, or send them to global.ta@nccgroup.com.
About Your Application
We review all applications and will contact you if your skills match. If you don’t hear from us in 10 days, we may retain your CV for future opportunities. You can request removal of your data by emailing global.ta@nccgroup.com. Your personal data will be held per the NCC Group Privacy Policy.
We value diversity and flexibility in the workplace. If you need reasonable adjustments for the process, let us know at any stage.
Please note: This role involves mandatory pre-employment background checks. You must be willing and able to undergo vetting. This role will be subject to BS7858 screening.
UK (Manchester, Cheltenham or London)
We are seeking a capable, hands-on Threat Hunter to design and lead a professional threat hunting capability focused on identifying sophisticated adversaries through hypothesis-driven analysis and automation. You will proactively detect and analyse advanced threats across the customer environment, ensuring threat models and hunts align with industry risks.
This high-impact role offers significant autonomy. You’ll need to think critically and hunt methodically.
You will actively search for cyber threats that evade traditional security solutions. This involves in-depth analysis, identifying indicators of compromise (IOCs), and working cross-functionally with SOC Analysts, Detection Engineers, Privacy and Engineering teams to mitigate risks.
Summary
Threat Detection and Monitoring:
Design, build, and own a formal threat hunting program with hypothesis-based methodologies.
Use threat intelligence, MITRE ATT&CK, and risk models to form and validate hypotheses through structured hunts.
Leverage Jupyter Notebooks and other tools to automate hunts, visualise results, and create reusable artifacts.
Collaborate with detection engineering to convert findings into high-fidelity detection content.
Operationalise internal and open-source threat intelligence for emerging threats.
Map threat models to monitoring use cases in partnership with other teams.
Maintain a repository of methodologies, tooling, and findings to support scaling.
Provide clear, regular reports and presentations to stakeholders.
The Ideal Candidate:
Proactive Threat Hunter with a strong background in hypothesis-driven hunting, adversary TTP analysis, and collaboration.
3–5+ years of hands-on experience in Threat Hunting, Red/Blue Team, or Incident Response.
Deep understanding of MITRE ATT&CK; able to detect threats beyond signature-based solutions.
Skilled in Splunk for data analysis and detection development.
Strong scripting (Python, PowerShell, SQL) and Jupyter Notebook experience for automation and visualisation.
Experience translating threat intelligence into insights and working alongside detection engineers/security analysts.
Curiosity-driven, methodical, focused on improving visibility and detection across complex environments, including cloud (AWS, Azure, GCP).
Comfortable presenting findings and documenting methodologies.
Committed to continuous learning; certifications such as GCTI, GCFA, or OSCP are desirable.
Self-starter with analytical acumen who thrives in dynamic environments and stays ahead of evolving threats.
What We’re Looking For in You
Minimum Requirements:
3–5+ years in Threat Hunting, Red/Blue Team, or Incident Response.
Strong knowledge of MITRE ATT&CK, TTPs, and adversary emulation.
Experience with hypothesis-driven frameworks.
Ability to work autonomously while collaborating across teams.
Strong Splunk usage and scripting (Python, KQL, SQL, PowerShell).
Desirable:
Experience using Jupyter Notebooks for exploration, automation, and visualisation.
Familiarity with Azure, AWS, GCP logs and environments.
Experience building a hunting capability from scratch.
Understanding of data science/ML techniques in security analysis.
Experience with automated hunting pipelines or detection-as-code.
Desirable Certifications:
GCFA
OSCP
GDAT
GCIH
(or similar; not required but desirable)
Ways of Working
Focusing on Clients and Customers
Working as One NCC
Always Learning
Being Inclusive and Respectful
Delivering Brilliantly
Our Company
At NCC Group, our mission is to create a more secure digital future. That mission underpins everything we do—from client work to groundbreaking research. We partner with clients across industries, securing products and emerging technologies, solving complex challenges. As global leaders in cyber and escrow, we are people-powered and seeking the next brilliant minds to join us.
Come join us?
What We Offer:
We have a high-performance culture balanced with world-class well-being and benefits:
⏰ Flexible working
Financial & Investment: Pension, Life Assurance, Share Save Scheme, Parental Leave
Community & Volunteering Programmes
⚡ Green Car Scheme
Cycle Scheme
Employee Referral Program
Lifestyle & Wellness
Learning & Development
Diversity & Inclusion
What’s Next?
If this sounds like you, we’d love to hear from you. Apply now with your CV and cover letter, or send them to global.ta@nccgroup.com.
About Your Application
We review all applications and will contact you if your skills match. If you don’t hear from us in 10 days, we may retain your CV for future opportunities. You can request removal of your data by emailing global.ta@nccgroup.com. Your personal data will be held per the NCC Group Privacy Policy.
We value diversity and flexibility in the workplace. If you need reasonable adjustments for the process, let us know at any stage.
Please note: This role involves mandatory pre-employment background checks. You must be willing and able to undergo vetting. This role will be subject to BS7858 screening.