Cyber Threat Specialist

What you’ll do

Proactively search for signs of cyber threats across systems and networks, identifying risks before they become incidents and helping the organisation stay one step ahead of attackers.

Drive proactive threat hunting across Vodafone’s environment, with a clear focus on identifying genuine adversary activity rather than theoretical risk. You will design and execute hypothesis‑led investigations across endpoint, identity, network, and cloud telemetry, using your understanding of attacker behaviour to uncover what automated detections miss.

From forming the initial hypothesis to selecting and interrogating the right data, you will validate or disprove findings and determine when activity represents a credible threat.

Translate your hunting outcomes into robust, production‑ready detection logic. You will partner closely with Detection Engineering to ensure your findings evolve into resilient, scalable detections that hold up under real‑world conditions. You will go beyond writing queries, challenging existing detections, identifying gaps in coverage, and refining logic to reduce noise while preserving true signal. Your work will directly influence the quality, reliability, and effectiveness of the organisation’s detection capability.

Work closely with Cyber Threat Intelligence to turn intelligence into actionable outcomes. You will assess, validate, and challenge intelligence by mapping it to real telemetry and observed behaviours, ensuring it reflects what is happening in the environment. You will ope rationalise intelligence into meaningful investigations and detections, and where gaps exist, extend it through your own findings to build a more accurate and complete understanding of adversary activity.

Partner with Security Operations, Incident Response, and other cyber teams as a technical authority during active and post‑incident investigations. You will bring a hunter’s mindset to uncover what was missed, identifying subtle signals, tracing lateral movement, and validating hypotheses around attacker behaviour. Your insight will directly influence investigative direction, containment decisions, and overall response strategy, ensuring incidents are understood in full.

Shape the direction of the threat hunting function. You will influence what we hunt for, how we approach investigations, and how success is measured. This includes refining methodologies, introducing new techniques, and continuously raising the technical standard across the team. Actively mentor and guide other hunters; you will review investigations, challenge assumptions, and push others to think more critically about attacker behaviour and data.

Your impact goes beyond your own work, strengthening the overall capability and effectiveness of the team.

You are an experienced security analyst who operates well beyond alert‑driven workflows. You can take a hypothesis, test it against real‑world data, and drive investigations through to a clear, defensible outcome. You have a deep understanding of adversary tactics, techniques, and procedures, and know how to apply that knowledge in practice. You recognise how attacks manifest across endpoint, network, identity, and cloud environments, and can translate that understanding into effective, evidence‑based investigations.

You are comfortable working with incomplete, ambiguous, or conflicting data. You can separate genuine threat activity from background noise, make sound judgements, and clearly articulate the reasoning behind your conclusions. You approach investigations with structure and intent, combining critical thinking with curiosity to explore multiple angles. You are confident in your analysis, able to defend your decisions when challenged, and willing to reassess when new evidence emerges.

You are highly proficient in querying and analysing large‑scale security data. Whether using KQL,…