Cyber Threat Hunting Specialist

Join Us

Vodafone Group's Cyber Defence Operations (CDO) serves as the central hub for protecting Vodafone customers from global cyber risks.  We have a crucial mission to provide operational leadership in cyber defence across Vodafone, bolstering its global cyber defence posture and reducing cyber risks.  The Cyber Threat Unit (CTU) within CDO proactively identifies and responds to new or ongoing attacks.  We collaborate closely with other teams to swiftly identify attacks and malicious content, recommending containment and mitigating actions to minimise the impact of these attacks.  Our work relies on proactively utilising advanced security monitoring tools and analysis techniques and the team's unwavering determination and tangible tenacity.  This proactive approach enables us to swiftly and effectively address any threats, ensuring the utmost security for Vodafone and its customers.

As a Cyber Hunting Specialist, your responsibility is to take the proactive approach to security and not be led by reactive work.  This will be accomplished by researching and uncovering new attacks as well as identifying ongoing attacks that may pose a threat to Vodafone. You will then collaborate with expert cybersecurity resolver teams to swiftly contain and mitigate the impact of these attacks. Staying ahead of the attackers involves employing advanced security monitoring techniques and leveraging state-of-the-art cyber systems and tools. Your success in this role hinges on your ability to rapidly develop and deploy new "hunting" use cases and effectively utilise any logs, data, telemetry, big data analytics, industry reports, and intelligence network to stay ahead of emerging threats. By staying vigilant and leveraging cutting-edge technologies, you will contribute to safeguarding Vodafone's security posture and protecting its valuable assets.

What you’ll do

As a Cyber Threat Hunting Specialist, your focus will be on all attack types whether common or new and emerging, while also possessing knowledge of all attack vectors and their potential impact on the business. Your responsibilities include conducting research to uncover attack methods, exploits, and unknown threats. You will proactively hunt for threats both within and outside the network and contribute to the development and maturity of the threat hunting program. Utilizing available tools, you will actively discover and respond to new and ongoing attacks. This involves creating, enhancing, and reviewing threat hunting detections, rules, and signatures. You will develop automated threat hunting metrics and dashboards for reporting purposes. Staying updated on cybersecurity trends and risks, you will collaborate with Incident Management and other teams to mitigate future threats. Sharing insights and research within Vodafone is an important aspect of your role. You will engage with stakeholders, conduct security knowledge sharing sessions, and work towards reducing the time it takes to detect threats. Additionally, you will assist in reducing false positives, contribute to documentation creation, and work with diverse and extensive datasets.

Primary Key Points

•    Be accountable for your workload and administration involved.
•    Work in small teams with hunters, other specialists, graduates, and apprentices.
•    Work closely with other leads both within the unit as well as wider Cyber Defence, specifically the Response Teams, Incident Management, and the SOC.
•    Be responsible for configuring and developing cutting-edge data hunting technologies, ensuring optimal performance and functionality.
•    Have expertise in swiftly creating and implementing advanced security monitoring techniques and novel "data hunting" applications to enhance your cybersecurity practices.
•    Leveraging advanced big data analytics, generate actionable cyber analysis, intelligence, and insights to bolster your security measures.
•    Excel in monitoring high-risk areas to provide invaluable inputs for your cyber threat management process, ensuring your organization stays protected from potential threats.
•    Host & Network attack focus with general knowledge of other attack vectors.
•    In-depth of major Operating Systems with filesystem, registry (for Windows), and directory structure.
•    In-depth TCP/IP stack knowledge, OSI Model, and major protocols.
•    Actively engage with stakeholders to comprehend their requirements, allowing us to deliver tailored security monitoring solutions that align with their specific needs.
•    Reverse-engineer malware to create threat intelligence, detection uplifts, mitigation strategies, and prevention hypothesis.
•    Pro-active attitude regarding emerging threats and risks, keeping up to date and sharing intelligence and ideas around detection, mitigation, and prevention.

Who you are

 Insatiable Passion for Security Data: Possessing an unwavering and intense passion for working with diverse security data sources, including event logs, NetFlow data, pcaps (packet captures), and registry hives.
•    Cyber Threat Intelligence: Awareness of cyber threat intelligence sources, methodologies, and frameworks enables threat hunters to leverage external intelligence for proactive hunting and response.
•    Passionate about Event Logs and Forensics: Possessing an unwavering enthusiasm for analysing event logs, NetFlow data, pcaps, and registry hives to uncover valuable insights and facilitate forensic investigations.
•    Malware Analysis: Practical knowledge of malware analysis techniques helps in identifying and understanding malicious code, analysing malware behaviour, and assessing potential impact.
•    Expertise in Diverse Log Analysis: Deep knowledge of analysing and forensics of various log types, including those related to hosts, networks, IoT devices, and other sources, enabling comprehensive threat analysis.
•    Multi-lingual Searching and Scripting: Seamless switching between languages, translating and adapting to a wide variety of data sources and portals.
•    Effective Remote and Hybrid Team Collaboration: Skilled in seamlessly working within remote and hybrid team environments, displaying comfort and efficiency in such setups.
•    Data Visualization: Proficiency in data visualization tools (e.g., Tableau, Kibana, Splunk, Gephi) enables threat hunters to present findings, trends, and patterns effectively, aiding in communication with stakeholders.
•    Familiarity with Threat Intelligence Models: Well-versed in various kill chains, threat intelligence models, pyramid of pain, and emerging frameworks associated with effective threat hunting practices.
•    Threat Intelligence Platforms (TIPs): Familiarity with Threat Intelligence Platforms helps threat hunters aggregate, manage, and analyse threat intelligence feeds and indicators of compromise 
•    Creation of Detection Uplifts: Possessing an immense sense of satisfaction from developing new detections and associated use cases, as well as producing comprehensive triage and analysis documentation.
•    Digital Forensics: Basic knowledge of digital forensics principles and methodologies assists threat hunters in conducting forensic analysis of systems and devices to determine the scope, impact, and attribution 
•    Relevant Industry Certifications: Although specific industry certifications are not mandatory for this role, they serve as a valuable indicator of training and expertise. Certifications such as GCIA, GREM, GCFA, SnortCP, ECSA, CEH, or any hands-on qualifications are highly regarded. Additionally, providing evidence of participation in Blue Team Labs, Immersive Labs, HackTheBox, TryHackMe, or similar platforms will be hugely beneficial.
 

What's in it for you

Discretionary yearly bonus: 10%
Annual leave: 28 days + bank holidays + the opportunity to buy/sell/carry over 5 days/year
Charity days: 5 days/year
Maternity leave: 52 weeks out of which 39 weeks are fully paid + 13 weeks half pay and 6 months - working 4 days, getting paid 5
Private pension: You can contribute up to 5% of your basic pay with 2:1 matching from Vodafone up to 10%.
Additional discounts: Vodafone retail, gym, cinema, cycle to work, season ticket loan

Who we are

You may have already heard of Vodafone - We're a leading Telecommunications company in Europe and Africa. But what you might not know is that we are continuously investing in new technologies to improve the lives of millions of customers, businesses and people around the world, creating a better future for everyone.

As part of our global family, whether that's Vodafone, Vodacom or _VOIS, you'll feel a sense of pride and purpose as you contribute to our culture of innovation. We pursue equality of opportunity and inclusion for all candidates through our employment policies and practices. We recognise and celebrate the importance of diversity and inclusivity in our workspace and we do not tolerate any form of discrimination especially related to but not limited to race, colour, age, veteran status, gender identification, sexual orientation, pregnancy, ethnicity, disability, religion, political affiliation, trade union membership, nationality, indigenous status, medical condition, HIV status, social origin, cultural background, social, or marital status.

Together we can.

#TogetherWeCan #GroupResourcing #GroupTalentAcquisition #WeAreHiring #JoinOurTeam #LI-hybrid