What you’ll do
Proactively search for signs of cyber threats across systems and networks, identifying risks before they become incidents and helping the organisation stay one step ahead of attackers.
Proactive Threat Hunting
Drive proactive threat hunting across Vodafone’s environment, with a clear focus on identifying genuine adversary activity rather than theoretical risk. You will design and execute hypothesis‑led investigations across endpoint, identity, network, and cloud telemetry, using your understanding of attacker behaviour to uncover what automated detections miss.
Own complex investigations end-to-end
From forming the initial hypothesis to selecting and interrogating the right data, you will validate or disprove findings and determine when activity represents a credible threat.
Rule Development for Security Operations
Translate your hunting outcomes into robust, production‑ready detection logic. You will partner closely with Detection Engineering to ensure your findings evolve into resilient, scalable detections that hold up under real‑world conditions. You will go beyond writing queries, challenging existing detections, identifying gaps in coverage, and refining logic to reduce noise while preserving true signal. Your work will directly influence the quality, reliability, and effectiveness of the organisation’s detection capability.
Threat Intelligence Integration
Work closely with Cyber Threat Intelligence to turn intelligence into actionable outcomes. You will assess, validate, and challenge intelligence by mapping it to real telemetry and observed behaviours, ensuring it reflects what is happening in the environment. You will operationalise intelligence into meaningful investigations and detections, and where gaps exist, extend it through your own findings to build a more accurate and complete understanding of adversary activity.
Cross‑Team Investigation Support
Partner with Security Operations, Incident Response, and other cyber teams as a technical authority during active and post‑incident investigations. You will bring a hunter’s mindset to uncover what was missed, identifying subtle signals, tracing lateral movement, and validating hypotheses around attacker behaviour. Your insight will directly influence investigative direction, containment decisions, and overall response strategy, ensuring incidents are understood in full.
Continuous Improvement and Capability Development
Shape the direction of the threat hunting function. You will influence what we hunt for, how we approach investigations, and how success is measured. This includes refining methodologies, introducing new techniques, and continuously raising the technical standard across the team. Actively mentor and guide other hunters; you will review investigations, challenge assumptions, and push others to think more critically about attacker behaviour and data. Your impact goes beyond your own work, strengthening the overall capability and effectiveness of the team.
Who you are
Threat Research Expertise
You are an experienced security analyst who operates well beyond alert‑driven workflows. You can take a hypothesis, test it against real‑world data, and drive investigations through to a clear, defensible outcome. You have a deep understanding of adversary tactics, techniques, and procedures, and know how to apply that knowledge in practice. You recognise how attacks manifest across endpoint, network, identity, and cloud environments, and can translate that understanding into effective, evidence‑based investigations.
Analytical Thinking
You are comfortable working with incomplete, ambiguous, or conflicting data. You can separate genuine threat activity from background noise, make sound judgements, and clearly articulate the reasoning behind your conclusions. You approach investigations with structure and intent, combining critical thinking with curiosity to explore multiple angles. You are confident in your analysis, able to defend your decisions when challenged, and willing to reassess when new evidence emerges.
Tool Proficiency
You are highly proficient in querying and analysing large‑scale security data. Whether using KQL, ES|QL, or similar, you can design and adapt complex queries and visualisations driven by your investigative hypotheses. You are confident pivoting across multiple data sources, refining queries in real time, and extracting meaningful insight quickly. You do not rely on pre‑built content; you understand how to build, optimise, and evolve your own queries to uncover activity others would miss.
Data Source Fluency
You are confident working across diverse telemetry, including endpoint, identity, network, and cloud data. You know how to pivot between these sources, quickly identifying where the signal is and how to join it up. You can correlate activity across multiple datasets to build a clear, evidence‑based view of attacker behaviour, uncovering patterns and relationships that would not be visible in a single source.
Collaborative Communication
Communicate your hypotheses, investigative approach, and findings clearly across technical and non‑technical audiences. You can translate complex threat activity into concise, meaningful insights for SOC, Threat Intelligence, Incident Response, and senior stakeholders. You work closely with cross‑functional teams to embed threat hunting into day‑to‑day security operations, ensuring findings are understood, acted on, and drive measurable improvement. You are confident presenting your conclusions, challenging assumptions when needed, and ensuring the right decisions are made based on evidence.
What’s in it for you
* Yearly bonus: 10%
* Annual leave: 28days + bank holidays + the opportunity to buy/sell/carry over 5days/year
* Charity days: 5days/year
* Maternity leave: 52weeks: the first 13weeks are fully paid, followed by 26weeks of half pay
* Private pension: You can contribute up to 5% of your basic pay with 2:1 matching from Vodafone up to 10%.
* Access to: private medical, private dental, free health assessments, share save scheme
* Additional discounts: Vodafone retail, gym, cinema, cycle to work, season ticket loan
Accessibility and reasonable adjustments
If you require any reasonable adjustments or have an accessibility request as part of your recruitment journey, for example, extended time or breaks in between online assessments, please refer to https://careers.vodafone.com/application-adjustments/ for guidance.
#J-18808-Ljbffr