At JTI we celebrate differences, and everyone truly belongs. 46,000 people from all over the world are continuously building their unique success story with us. 83% of employees feel happy working at JTI.
To make a difference with us, all you need to do is bring your human best.
What will your story be? Apply now!
Learn more: jti.com
Department: Cyber Security
Location: Madrid, Spain
CYBER THREAT HUNTING MANAGER
The Threat Hunting Manager is responsible for ensuring JTI has a strong, proactive threat detection and threat hunting capability across both on‑premise and cloud environments.
The role is accountable for the effectiveness of detection and hunting outcomes, achieved by orchestrating a managed security service provider (MSSP) and a small internal technical team as a single, high‑performing function.
This position focuses exclusively on Threat Detection and Threat Hunting. While it does not own Incident Response, Cyber Threat Intelligence, or Vulnerability Management, the role works closely with these teams to provide early detection insights, validate scope, and identify malicious activity as early as possible.
The primary objective is to continuously improve JTI’s ability to detect advanced threats early, reduce attacker dwell time, and scale detection and hunting services enterprise‑wide. This includes governance of MSSP performance, technical leadership of the internal team, and close alignment with IT and business stakeholders to ensure detection capabilities reflect JTI’s risk landscape and business priorities.
Responsibilities:
- Provide technical leadership, strategic vision, and end‑to‑end accountability for the organisation’s threat detection and threat hunting capability. This includes orchestrating the Managed Security Service Provider (MSSP) and the internal technical team as a cohesive operating model, ensuring clear accountability, effective technical execution, and continuous improvement of detection and hunting outcomes across on‑premise and cloud environments
- Accountable for the effectiveness and quality of the organisation’s threat detection capability, delivered through both the Managed Security Service Provider (MSSP) and the internal technical team. This includes assessing detection coverage, determining the need for new analytic rules, designing and creating detections from scratch where required, and ensuring existing rules are continuously reviewed, optimised, and maintained to deliver high‑fidelity detections, reduce noise, and ensure consistent detection standards and outcomes across all detection providers
- Accountable for the effectiveness and coordination of the organisation’s threat hunting capability, delivered through both the Managed Security Service Provider (MSSP) and the internal technical team. This includes aligning and supervising MSSP‑led hunting activities, ensuring hunts are relevant, timely, and risk‑driven, while guiding and supporting the internal team in performing advanced, hypothesis‑based threat hunting to identify sophisticated or previously undetected threats, and ensuring consistent hunting standards and outcomes across both delivery models
- Accountable for integrating purple team activities into the threat detection and hunting lifecycle. This includes translating adversary simulations, attack scenarios, and identified gaps into actionable detection improvements, ensuring learnings from offensive testing directly enhance analytic rules, hunting hypotheses, and overall detection effectiveness
- Accountable for effective collaboration across Incident Response, Cyber Threat Intelligence, Vulnerability Management, and other security functions to ensure threat detection and hunting activities are aligned with broader security operations. This includes sharing context and insights, supporting investigation and scoping, informing prioritisation, and ensuring detection and hunting outputs meaningfully contribute to response, remediation, and risk reduction efforts
Who we are looking for:
Education & Experience:
- Degree in Computer Science, Cybersecurity, or a related field (or equivalent experience)
- 5–7+ years of experience in security monitoring, alert triage, and threat hunting
- Hands-on experience with SIEM, XDR, and other security platforms
- Experience supporting large, global organizations in hybrid environments
- Background in incident response, threat intelligence, or related security operations
Skills & Competencies:
- Strong analytical and problem-solving skills
- Ability to interpret complex security signals and drive clear outcomes
- Experience with change management and continuous improvement
- Excellent communication and presentation skills
- Strong ownership, accountability, and sense of urgency
- Knowledge of frameworks such as MITRE ATT&CK, Cyber Kill Chain, and Diamond Model
- Experience with EDR, identity protection, network, and cloud security technologies
- Understanding of threat actors and their tactics, techniques, and objectives
- Innovative, curious, and solution-oriented mindset
- Customer service-oriented attitude
Are you ready to join us? Build your success story at JTI. Apply now!
Next Steps:
After applying, if selected, please anticipate the following within 1-3 weeks of the job posting closure: Phone screening with Talent Advisor > Assessment tests > Interviews > Offer. Each step is eliminatory and may vary by role type.
At JTI, we strive to create a diverse and inclusive work environment. As an equal-opportunity employer, we welcome applicants from all backgrounds. If you need any specific support, alternative formats, or have other access requirements, please let us know.
Solicite ya
Activate JobCopilot
Your email job alert is now active!