Cyber Threat Hunting Specialist

Join Us

At Vodafone, we’re not just shaping the future of connectivity for our customers – we’re shaping the future for everyone who joins our team. When you work with us, you’re part of a global mission to connect people, solve complex challenges, and create a sustainable and more inclusive world. If you want to grow your career whilst finding the perfect balance between work and life, Vodafone offers the opportunities to help you belong and make a real impact.

What You’ll Do

Proactively search for signs of cyber threats across systems and networks, identifying risks before they become incidents and helping the organisation stay one step ahead of attackers.

Proactive Threat Hunting

Drive proactive threat hunting across Vodafone’s environment, with a clear focus on identifying genuine adversary activity rather than theoretical risk. You will design and execute hypothesis-led investigations across endpoint, identity, network, and cloud telemetry, using your understanding of attacker behaviour to uncover what automated detections miss.

Own complex investigations end-to-end. From forming the initial hypothesis to selecting and interrogating the right data, you will validate or disprove findings and determine when activity represents a credible threat.

Rule Development for Security Operations

Translate your hunting outcomes into robust, production-ready detection logic. You will partner closely with Detection Engineering to ensure your findings evolve into resilient, scalable detections that hold up under real-world conditions.

You will go beyond writing queries, challenging existing detections, identifying gaps in coverage, and refining logic to reduce noise while preserving true signal. Your work will directly influence the quality, reliability, and effectiveness of the organisation’s detection capability.

Threat Intelligence Integration

Work closely with Cyber Threat Intelligence to turn intelligence into actionable outcomes.

You will assess, validate, and challenge intelligence by mapping it to real telemetry and observed behaviours, ensuring it reflects what is happening in the environment.You will operationalise intelligence into meaningful investigations and detections, and where gaps exist, extend it through your own findings to build a more accurate and complete understanding of adversary activity.

Cross-Team Investigation Support

Partner with Security Operations, Incident Response, and other cyber teams as a technical authority during active and post-incident investigations. You will bring a hunter’s mindset to uncover what was missed, identifying subtle signals, tracing lateral movement, and validating hypotheses around attacker behaviour.

Your insight will directly influence investigative direction, containment decisions, and overall response strategy, ensuring incidents are understood in full.

Continuous Improvement and Capability Development

Shape the direction of the threat hunting function. You will influence what we hunt for, how we approach investigations, and how success is measured. This includes refining methodologies, introducing new techniques, and continuously raising the technical standard across the team.

Actively mentor and guide other hunters. You will review investigations, challenge assumptions, and push others to think more critically about attacker behaviour and data. Your impact goes beyond your own work, strengthening the overall capability and effectiveness of the team.

Who You Are

Threat Research Expertise

You are an experienced security analyst who operates well beyond alert-driven workflows. You can take a hypothesis, test it against real-world data, and drive investigations through to a clear, defensible outcome.

You have a deep understanding of adversary tactics, techniques, and procedures, and know how to apply that knowledge in practice. You recognise how attacks manifest across endpoint, network, identity, and cloud environments, and can translate that understanding into effective, evidence-based investigations.

Analytical Thinking

You are comfortable working with incomplete, ambiguous, or conflicting data. You can separate genuine threat activity from background noise, make sound judgements, and clearly articulate the reasoning behind your conclusions.

You approach investigations with structure and intent, combining critical thinking with curiosity to explore multiple angles. You are confident in your analysis, able to defend your decisions when challenged, and willing to reassess when new evidence emerges.

Tool Proficiency

You are highly proficient in querying and analysing large-scale security data. Whether using KQL, ES|QL, or similar, you can design and adapt complex queries and visualisations driven by your investigative hypotheses.

You are confident pivoting across multiple data sources, refining queries in real time, and extracting meaningful insight quickly. You do not rely on pre-built content, you understand how to build, optimise, and evolve your own queries to uncover activity others would miss.

Data Source Fluency

You are confident working across diverse telemetry, including endpoint, identity, network, and cloud data. You know how to pivot between these sources, quickly identifying where the signal is and how to join it up.

You can correlate activity across multiple datasets to build a clear, evidence-based view of attacker behaviour, uncovering patterns and relationships that would not be visible in a single source.

Collaborative Communication

Communicate your hypotheses, investigative approach, and findings clearly across technical and non-technical audiences. You can translate complex threat activity into concise, meaningful insights for SOC, Threat Intelligence, Incident Response, and senior stakeholders.

You work closely with cross-functional teams to embed threat hunting into day-to-day security operations, ensuring findings are understood, acted on, and drive measurable improvement. You are confident presenting your conclusions, challenging assumptions when needed, and ensuring the right decisions are made based on evidence.

Not a perfect fit?

Worried that you don’t meet all the desired criteria exactly? At Vodafone we are passionate about empowering people and creating a workplace where everyone can thrive, whatever their personal or professional background. If you’re excited about this role but your experience doesn’t align exactly with every part of the job description, we encourage you to still apply as you may be the right candidate for this role or another opportunity.

What's In It For You

Yearly bonus: 10%

Annual leave: 28 days + bank holidays + the opportunity to buy/sell/carry over 5 days/year

Charity days: 5 days/year

Maternity leave: 52 weeks: the first 13 weeks are fully paid, followed by 26 weeks of half pay

Private pension: You can contribute up to 5% of your basic pay with 2:1 matching from Vodafone up to 10%.

Access to: private medical, private dental, free health assessments, share save scheme

Additional discounts: Vodafone retail, gym, cinema, cycle to work, season ticket loan

Who We Are

We are a leading international Telco, serving millions of customers. At Vodafone, we believe that connectivity is a force for good. If we use it for the things that really matter, it can improve people's lives and the world around us. Through our technology we empower people, connecting everyone regardless of who they are or where they live and we protect the planet, whilst helping our customers do the same.

Belonging at Vodafone isn't a concept; it's lived, breathed, and cultivated through everything we do. You'll be part of a global and diverse community, with many different minds, abilities, backgrounds and cultures. ;We're committed to increase diversity, ensure equal representation, and make Vodafone a place everyone feels safe, valued and included.

If you require any reasonable adjustments or have an accessibility request as part of your recruitment journey, for example, extended time or breaks in between online assessments, please refer to https://careers.vodafone.com/application-adjustments/ for guidance.

Together we can.