GSOC Senior Threat Hunter – Engineer E3

As part of our growing Group Security Operations Centre (GSOC) Threat Hunting team, your focus will be on leading advanced, intelligence-led threat hunts across the Nationwide Group to detect hidden threats, identify misconfigurations, and uncover security control gaps. You'll own the full lifecycle of hunts — from hypothesis design to outcome delivery — collaborating closely with internal and external stakeholders.

You will assist with adversary modelling, attack path simulation, and leverage telemetry analysis to proactively detect potential compromise. 
You'll design scalable hunt frameworks and playbooks, and mentor others across the team and wider security function. You'll also shape and facilitate cyber tabletop exercises and play a critical role in stakeholder engagement and strategic briefings.

This role is part of the Threat Hunting sub-team of the Group Security Operations Centre, under the Cyber Security directorate within Security & Resilience.

At Nationwide we offer hybrid working wherever possible. More rewarding relationships are supported through our hybrid approach, bringing colleagues together across our UK wide estate, whilst also supporting generous access to home working. We value our time in the office to solve problems, to learn, and to feel connected.

For this job you'll be located at our nearest regional hub. There will be a need to regularly connect with colleagues for collaboration events in one of our office sites. This is anticipated to be <frequency> in <location if specific>. If your application is successful, your hiring manager will provide further details on how this works. You can also find out more about our approach to hybrid working here.  

If we receive a high volume of relevant applications, we may close the advert earlier than the advertised date, so please apply as soon as you can.
 

What you’ll be doing

• A key part of your role will be to provide technical leadership, acting as a point of subject matter expertise & experience within the team. Designing and executing proactive, hypothesis-driven threat hunts by consuming Threat Intelligence and operational insights.
• You’ll conduct adversary modelling and simulate attack scenarios to inform targeted hunts, using telemetry and log analysis as required, including from endpoint detection and response, cloud, identity, and network tooling and data sources.
• Your role will often require close collaboration with other parts of the business, to help verify output and assumptions. 
  You’ll partner closely with our Cyber Threat Intelligence and Threat Detection Engineering teams, identifying opportunities for new analytic detections and rule tuning based on hunt findings then assisting in their development.
• You’ll be responsible for the reporting of findings and recommendations tailored for technical, operational, and executive audiences as appropriate, you will influence remediation, define hardening requirements and support tooling decisions, all based on hunt outcomes and identified gaps.

Cyber exercising is a key input for Threat Hunts, so you’ll also support the design and delivery of tabletop scenarios aligned with real threats and organisational context, using the outcomes to generate new hypotheses and inform risk mitigation approaches.

You’ll develop and mature our hunting processes, defining scalable Hunt playbooks and repeatable frameworks to mature Threat Hunting as a strategic function.

About you

• Experience of a leadership role within in a Cyber Security team (e.g., SOC, Cyber Incident Response, Pen Testing) with line management responsibilities

• Proven ability to articulate complex technical information to technical and non-technical audiences alike

• Extensive hands on, practical experience of the security monitoring of platforms, threat hunting and cyber incident response

• Hands-on experience with SIEM, EDR, Identity Services, and network-based detection telemetry, and fluent in Kusto Query Language (KQL)

• Expert-level knowledge of the MITRE ATT&CK framework, attacker tradecraft, common TTP’s and their countermeasures

• Good working knowledge of Windows and Linux operating systems fundamentals

• Experience in writing and following Cyber Security playbooks.

• The ability to build good working relationships with both technical and business stakeholders, gaining their respect and trust based on your knowledge and professionalism

• A problem-solving and critical thinking mindset to propose solutions to continuously improve our operating procedures and service offerings.

• The ability to quickly assimilate new technical information and architectures, and act as an SME and escalation point for colleagues, coaching and mentoring to enable skillset development, and promoting a collaborative, evidence-led threat hunting culture within the Group Cyber Operations team and wider.

Our customer first behaviours put customers and members at the heart of how we work together. They are the set of behaviours that every colleague needs to display, in every role: 

• Feel what customers feel - We step into our customers’ shoes, using their feedback and insights to empathise with them and to understand their needs, so that every decision we make starts and finishes with our customers in mind
• Say it straight - We are brave in speaking out and saying what we think – we’re honest and direct with good intent, openly sharing diverse perspectives to reach the best conclusions and using language everyone can understand
• Push for better - We don’t settle for mediocrity, we challenge the status quo, taking responsibility for continuous improvement and personal development
• Get it done - We prioritise what will have the greatest impact, we are decisive, and we take accountability for delivering brilliant customer outcomes.

You can strengthen your application by showing how our customer first behaviours resonate with you, and where you may have already demonstrated these.

The extras you’ll get

There are all sorts of employee benefits available at Nationwide, including:

• A personal pension – if you put in 7% of your salary, we’ll top up by a further 16%

• Up to 2 days of paid volunteering a year

• Life assurance worth 8x your salary

• A great selection of additional benefits through our salary sacrifice scheme

• Wellhub – Access to a range of free and paid options for health and wellness.

• Access to an annual performance related bonus

• Access to training to help you develop and progress your career

• 25 days holiday, pro rata

Banking – but fairer, more rewarding, and for the good of society

We forge our own path at Nationwide.

As a mutual, we’re owned by our members - those customers who bank, save or have a mortgage with us. We challenge the financial sector status quo. We don’t see customers as the engine of our own profit. We share our profits with them and put their needs first. Always there when they need us. Supporting them and their lives.

If you’re inspired by fairer finances, passionate about making a meaningful impact, and truly care about our customers, you’re one of us.

At Nationwide, you are challenged to grow and rewarded for doing so. Valued. Recognised. Inspired to be your best. As a community we want our working lives to count. As a team, we celebrate what we achieve. As a standard-setter, we work for the good of customers, communities, and broader society.

We are Purpose-driven. Uncompromisingly Customer. Unstoppably Nationwide.

What to do next

If this role is for you, please click the ‘Apply Now’ button. You’ll need to attach your up-to-date CV and answer a few quick questions for us.

We respond to everyone, so we will be in contact shortly after the closing date to let you know the outcome of your application. The first stage will be an online, hands-on lab-based assessment, followed by a combined competency and technical interview.