Title: Threat Hunting and Detection Engineering Specialist - NESO

Location:

Warwick, GB, CV34 6DA

Division: NESO Security

Job Type: Full Time

Requisition Number: 68021

Department: ESO

Job Function: Information Technology

Description:

About the Role

National Energy System Operator (NESO) is on a journey towards a sustainable and secure energy future. Together we build on this momentum, advancing the National Energy System Operator’s (NESO) plan to achieve the government’s Clean Power 2030 ambition and support the transition to net zero.

The National Energy System Operator are embarking on the creation of a greenfield Cyber Security Operations function and are looking for a talented Threat Hunting & Detection Engineering (THaDE) Specialist to be part of our growing Threat Hunting & Detection Engineering Team.

This exciting opportunity will allow the post holder to assist in the delivery of an innovative threat hunting, detection engineering and security automation service within NESO. The post holder will also play a pivotal role in supporting its evolution in moving forward the NESO Security strategy to help secure the UK’s most critical systems.

The post holder will use their collaboration and communication skills to share their vision with other stakeholders, ensuring the capability is delivered appropriately. They will also nurture talent, foster a proactive security culture, and help strengthen the organisation’s resilience by effectively delivering an essential area of a comprehensive cyber defence in a rapidly changing threat landscape.

This role can be based from Wokingham or Warwick, and we continue to offer hybrid working from office and home. We are open to full time and part time applicants, as well as flexible working arrangements.

Key Accountabilities

Guide and support the threat hunting and content development functions of the THaDE Team
Develop and maintain security content, such as rules, signatures, indicators, dashboards, reports, etc., to enhance the detection and response capabilities of the CSOC
Help develop, review, and implement threat hunting and content development policies, standards, procedures, and best practices

Help develop, review and implement security automation capability to expediate, enrich and enhance operational security

Coordinate and collaborate with internal and external stakeholders, such as IT (Information Technology) teams, business units, vendors, auditors, and regulators
Contribute to Incident Tiger team investigations with the wider Cyber Defence Team and Incident Management to act as an expert technical resource

About You

We’re forging the path, and we know we can’t do it alone. That’s why we need visionary minds like yours to join us on this transformative journey. In this case, we’re looking for someone with:

Passion for securing unique, complex and critical systems against the most advanced of persistent threats.

Experience of researching the latest attack techniques and building mechanisms to detect the presence of them in large data sets.

Solid experience of using SIEM query languages, and security automation technology.

Strong communicator with excellent writing skills.

Qualifications

Relevant degree-level qualification or equivalent experience with strong background in providing threat hunting services in a large hybrid environment, within a government or critical infrastructure domain.
Significant experience in threat hunting, content development, security engineering, operations, or related field with strong demonstrable experience in leading security teams or projects

About What You'll Get

A competitive salary between £60,000 - £69,500 – dependent on experience and capability. As well as your base salary, you will receive a bonus based on company performance, 26 days annual leave as standard and a competitive contributory pension scheme where we will double match your contribution to a maximum company contribution of 12%.

As we work towards creating a cleaner, greener, and more affordable future for all, we also work towards creating a place for our teammates to belong, with professional and personal growth and positive well-being.

Full support and career-development resources to expand your skills, enhance your expertise, and maximise your potential along your career journey.
A diverse and inclusive community of belonging, where teammates are empowered to bring ideas to the table.

About Us

The creation of National Energy System Operator (NESO) is driven by an urgent need to unify and optimise our approach to energy. A more integrated and coordinated strategy is needed to meet the unprecedented challenges of climate change, ensuring secure energy supply, and keeping costs manageable for consumers.

Join us and empower your potential, energise our team, and be part of something bigger.

Your energy, our future, together.

About The National Energy System Operator (NESO)

In Autumn of 2024, the ESO transitioned to National Energy System Operator, or NESO for short. Previously denoted as the Future System Operator (or FSO), the new National Energy System Operator is the independent body responsible for planning Great Britain’s electricity and gas networks and operating the electricity system.

The ESO, including all of its existing roles, are now at the heart of the new National Energy System Operator. As NESO, we will build on our existing roles, capabilities, and ways of working significantly to create an organisation the energy system and its users’ need. Our new capabilities will enable us to look across vectors, including electricity, natural gas and hydrogen, and crucially consider the trade-offs between them.

The organisation is set up as a public corporation with its own Board of independent directors, with complete operational independence from government, the regulator and any and all commercial interest. As was the ESO, NESO will be licenced and regulated by Ofgem through price control agreements and obligated to identify optimal solutions to system operations and planning in the most sustainable, affordable and secure way for all.

The time to deliver is now. As part of our team, you won’t just be touching the lives of almost everyone in Great Britain – you’ll be shaping the way we use and consume energy for generations to come.

More Information

This role closes on 27th July 2025 at 23:59, however we encourage candidates to submit their application as early as possible and not wait until the published closing date as this can vary.

We work towards the highest standards in everything we do, including how we support, value and develop our people. Our aim is to encourage and support employees to thrive and be the best they can be. We celebrate the difference people can bring into our organisation, and welcome and encourage applicants with diverse experiences and backgrounds, and offer flexible and tailored support, at home and in the office.

We're committed to building a workforce that represents the communities we serve, and a working environment in which each individual feels valued, respected, fairly treated, and able to reach their full potential.

#LI-BO1

#LI-HYBRID

Provider	Description	Enabled
YouTube	YouTube is a video-sharing service where users can create their own profile, upload videos, watch, like and comment on videos. Opting out of YouTube cookies will disable your ability to watch or interact with YouTube videos. Cookie Policy Privacy Policy Terms and Conditions
Vimeo	Vimeo is a video hosting, sharing and services platform focused on the delivery of video. Opting out of Vimeo cookies will disable your ability to watch or interact with Vimeo videos. Cookie Policy Privacy Policy Terms and Conditions

Provider	Description	Enabled
Google Analytics	Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Cookie Information Privacy Policy Terms and Conditions
Google Tag Manager	Google Tag Manager is a tag management system for conversion tracking, site analytics, remarketing and more. Privacy Policy Terms and Conditions