Job Description

202505167 Bristol, England, United Kingdom Ipswich, England, United Kingdom Leeds, England, United Kingdom London, England, United Kingdom Manchester, England, United Kingdom Redhill, England, United Kingdom Glasgow, Scotland, United Kingdom
Mehr Weniger


Bevorzugt

Description

---------------

Hunt Smarter. Protect Better. Make an Impact.

Join our Global Information and Cyber Security Defense (ICSD) team as a

Senior Cyber Threat Hunting Specialist

, where you'll play a pivotal role in proactively identifying and responding to sophisticated cyber threats--both external and insider.



In this hands-on, technical role, you'll spearhead and execute pre-emptive and reactive threat hunts, applying your deep expertise to detect unusual behavior, assess potential risks, and recommend effective mitigations. You'll also help shape our threat hunting strategy and support the delivery of WTW's intelligence-led cyber defense approach.



This position may include line management responsibilities, giving you the opportunity to mentor and grow a team of analysts, driving best practices and continuous improvement across processes and procedures.



We're looking for a collaborative, curious, and technically skilled team player who thrives in a fast-paced environment. Strong communication and coordination skills are key--you'll work closely with internal ICSD teams, partner groups, and wider business stakeholders to ensure threats are addressed quickly and effectively.



If you're ready to use your skills to outsmart threats, grow talent, and help safeguard a global business--we'd love to have you on our team.

The Role

The colleague will work as part of a global, multi-disciplined security community with strong support across the business, contributing to fostering a security-aware culture while ensuring WTW remains a great place to work. With WTW's large global footprint, this role offers a fascinating range of work, and occasional global travel may be required.



The Senior Cyber Threat Hunting Specialist will provide global threat hunting and forensic capability for WTW, responsibilities of this role will include:


Global Threat Hunting Conduct threat-hunting operations to identify and mitigate potential threats before they can impact the organization. Develop and execute hypothesis-driven threat hunting techniques to uncover adversary tactics, techniques, and procedures (TTPs). Deliver detailed threat investigation and reports to executive management and stakeholders. Provide actionable recommendations to enhance the organization's security posture. Develop and implement advanced log review and search capabilities to identify sophisticated external and insider threats. Investigate anomalies, correlate findings with threat intelligence, and propose mitigation strategies. Perform targeted threat-hunting campaigns using adversary TTPs and insights from system telemetry and security data sources. Support incident investigations by providing detailed inspection and insights derived from threat-hunting operations. Share findings, analysis, and recommendations with cross-functional teams to improve the overall security posture and incident response effectiveness. Contribute to the design and implementation of advanced threat detection methodologies, playbooks, and automation processes to enhance hunting capabilities. Provide thought leadership and mentorship to junior analysts, fostering a continuous learning culture within the team.Analyze security trends and assess their impact on the organization, providing actionable insights to leadership. Serve as an escalation point during critical cybersecurity incidents, providing incident response, Digital forensic analysis, and malware assessment to support containment, eradication, and recovery efforts. Conduct host and network forensics, log analysis, and evidence collection for on-premises and cloud systems, ensuring proper chain of custody and documentation.

At WTW, we trust you to know your work and the people, tools and environment you need to be successful. The majority of our colleagues work in a "hybrid" style, with a mix of remote, in-person and in office interactions dependent on the needs of the team, role and clients. Our flexibility is rooted in trust and "hybrid" is not a one-size-fits-all solution. We understand flexibility is key to supporting an inclusive and diverse workforce and so we encourage requests for all types of flexible working as well as location-based arrangements. Please speak to your recruiter to discuss more.

Qualifications

------------------

The Requirements

A detail-oriented professional with a enterprising mindset to stay ahead of emerging threats. A team player who thrives in a collaborative environment and can navigate complex challenges effectively. Someone passionate about making a tangible impact on WTW's cybersecurity resilience Extensive experience in cyber threat hunting, security incident response, and digital forensics in fast-paced, global environments. Proven ability to mentor and coach analysts, fostering skill development and career growth. Strong problem-solving and reasoning skills, with the ability to influence stakeholders and drive effective decision-making. Expertise in adversarial tactics, techniques, and procedures (TTPs), the MITRE ATT&CK framework, cyber kill chain, and hacking/post-exploitation tools. Proficiency in interpreting and querying diverse log types (e.g., Windows Event, Web server, Firewall logs) and conducting threat hunts within SIEM and EDR tools. Knowledge of forensic methodologies, open-source tooling, and cloud security, including incident response in cloud environments. Experience delivering technical presentations and reports to both technical and non-technical audiences. Familiarity with scripting languages such as Python, PowerShell, and KQL, with a functional understanding of programming concepts. Industry-recognized certifications in Cyber Incident Response, Forensics, or Malware Analysis are a plus. Strong communication, collaboration, and interpersonal skills to effectively convey security and risk concepts across diverse audiences.

At WTW, we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we operate in and to build a culture of inclusivity that makes colleagues feel welcome, valued and empowered to bring their whole selves to work every day. We are an equal opportunity employer committed to fostering an inclusive work environment throughout our organisation. We embrace all types of diversity.



We're committed to equal employment opportunity and provide application, interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers, from the application process through to joining WTW, please email candidate.helpdesk@willistowerswatson.com.



You don't need to have an account in ATS to apply for the jobs. Once you click apply, get started right away by simply using your email. Your profile will be created and kept up to date automatically as you enter details for each of your job applications