Threat Hunting and Detection Engineering Specialist - ESO

Wokingham, GB, RG41 5BN

National Grid

We are one of the world’s largest investor-owned energy companies, committed to delivering electricity and gas safely, reliably and efficiently to the customers and communities we serve.

View company page

About the Role

Great Britain's electricity system is undergoing an ambitious, exciting and vital transformation. Together with industry, we are creating a cleaner, greener system, one that protects the planet and serves generations to come.

The Energy System Operator (ESO) are now looking for a Threat Hunting & Detection Engineering Specialist to join us! The Threat Hunting and Detection Engineering Specialist will give guidance to a team of analysts who will identify, assess, and prioritise threat hunting activities, while ensuring the CSOC use-cases are created and managed properly, while spearheading process improvements and technological advancements. The post holder will use their collaboration and communication skills to share their vision with other stakeholders, ensuring the capability is delivered appropriately. They will also nurture talent, foster a proactive security culture, and help strengthen the organisation’s resilience by effectively delivering an essential area of a comprehensive cyber defence in a rapidly changing threat landscape.

This exciting opportunity will allow the post holder to influence the design of, then shape and deliver an innovative threat hunting and CSOC detection engineering service, within ESO, and will play a pivotal role in supporting its evolution in moving forward the ESO Security strategy.

This role can be based from Wokingham or Warwick, and we continue to offer hybrid working from office and home.

About Us

As Great Britain’s electricity system operator (ESO), we sit at the heart of the electricity system, using our outstanding engineering and commercial expertise to balance electricity supply and demand. Ultimately, we keep the electricity flowing directly to where it’s needed, second by second.


Becoming the Future System Operator
In 2021, government and Ofgem jointly consulted on proposals for an expert, impartial Future System Operator (FSO) with responsibilities across both the electricity and gas systems, to drive progress towards net zero while maintaining energy security and minimising costs for consumers. In October 2023, the Energy Act 2023 was passed, legislating for this Future System Operator to be created.  

The ESO, including all of its existing roles, will be at the heart of the new Future System Operator. We will be taking on additional roles across vectors and sectors to create an organisation with a whole energy system mindset; enabling us to identify solutions to our energy system that are more sustainable, secure, and affordable for all.  

The FSO will be set up as a public corporation with operational independence from government – bringing parties together to support optimised decision making and action. As now, it will be licenced and regulated by Ofgem through price control agreements. It is anticipated that the new organisation will be up and running in 2024.

The time to act on climate change is now. As part of our team, you won’t just be touching the lives of almost everyone in Great Britain – you’ll be shaping the way we use and consume energy for generations to come.

Key Accountabilities

  • Guide and support the threat hunting and content development functions of the CSOC
  • Conduct proactive, iterative, and human-centric identification and analysis of cyber threats that have evaded existing security controls
  • Develop and maintain security content, such as rules, signatures, indicators, dashboards, reports, etc., to enhance the detection and response capabilities of the CSOC
  • Coordinate and collaborate with internal and external stakeholders, such as IT (Information Technology) teams, business units, vendors, auditors, and regulators
  • Through the TH&DE Manager, provide regular reports and metrics on the threat hunting and detection engineering activities, outcomes, and value
  • Help develop, review, and implement threat hunting and content development policies, standards, procedures, and best practices
  • Provide security guidance and team leadership on threat hunting and content development projects, initiatives, and strategies

About You

  • A desire to take on an active specialist role, remaining engaged with the team deliverables.
  • Team player and adept at working in multi-disciplinary and diverse teams.
  • In-depth knowledge and experience in threat hunting, content development, security engineering concepts, operations, analysis, and response
  • Proficient in various threat hunting and content development tools and technologies, such as SIEM (Security Information & Event Management), IDS (Intrusion Detection System), IPS, firewall, antivirus, encryption, VPN (Virtual Private Network), etc.
  • Familiar with various security frameworks and standards, such as NIST (National Institute of Standards and Technology), ISO, COBIT, etc.
  • Strong analytical and problem-solving skills and ability to handle complex and dynamic situations
  • Excellent communication and presentation skills and ability to communicate effectively with technical and non-technical audiences
  • Sound knowledge of IT systems, networks, applications, and cloud services
  • Awareness of current and emerging cyber threats, trends, and best practices

What You'll Get

A competitive salary between £55,000 – 66,000 – dependent on experience and capability.

As well as your base salary, you will receive a bonus based on company performance, 26 days annual leave as standard and a competitive contributory pension scheme where we will double match your contribution to a maximum company contribution of 12%. 

You will also have access to a comprehensive benefits package tailored to support your well-being and professional success. From a competitive salary to flexible work arrangements, we promote your work-life balance. Enjoy fit for purpose wellbeing and lifestyle offerings, ongoing skill development aligned to our Purpose and Values, and be part of a supportive community that values your individuality and where you can belong.

More Information

This role closes on 20/06/2024 at 23:59, however we encourage candidates to submit their application as early as possible and not wait until the published closing date as this can vary.

We work towards the highest standards in everything we do, including how we support, value and develop our people. Our aim is to encourage and support employees to thrive and be the best they can be. We celebrate the difference people can bring into our organisation, and welcome and encourage applicants with diverse experiences and backgrounds, and offer flexible and tailored support, at home and in the office. 

We're committed to building a workforce that represents the communities we serve, and a working environment in which each individual feels valued, respected, fairly treated, and able to reach their full potential.



Apply now Apply later
  • Share this job via
  • or
Job stats:  3  0  0

Tags: Antivirus Cloud COBIT CSOC Encryption Firewalls IDS Intrusion detection IPS NIST Security strategy SIEM Strategy VPN

Perks/benefits: Competitive pay Flex hours Home office stipend Salary bonus Team events

Region: Europe
Country: United Kingdom

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.