Job Description

To lead the Threat team in delivering proactive threat intelligence, threat hunting, and advanced analysis to identify, assess, and mitigate cyber threats targeting Sellafield Ltd’s critical infrastructure and information assets. The role ensures timely identification of emerging threats, supports incident response, and drives improvements in threat detection capabilities. The Team Lead will manage operational processes, develop team capability, and ensure compliance with regulatory and organisational security standards, contributing to the safe and secure operation of the nuclear site.

Principal Accountabilities

• Define and maintain the strategic roadmap supporting the Head of Cyber Security Operations for threat intelligence and threat hunting capabilities, ensuring alignment with organisational risk appetite and long-term cyber resilience goals.
• Lead the development and delivery of threat intelligence and threat hunting capabilities across IT and OT environments.
• Oversee collection, analysis, and dissemination of actionable threat intelligence to internal stakeholders.
• Drive proactive threat hunting activities to identify indicators of compromise and adversary techniques.
• Ensure timely escalation and coordination of threat-related incidents in line with organisational and regulatory requirements.
• Maintain and improve threat management processes, ensuring alignment with industry best practices and compliance frameworks.
• Develop and maintain threat dashboards and reporting for senior stakeholders and regulators where appropriate, ensuring KPIs are tracked for threat intelligence and hunting effectiveness, driving measurable improvements in detection and response.
• Integrate threat intelligence into SOC detection workflows and automation pipelines where appropriate.
• Collaborate with detection engineers, SOC analysts, and ICT teams to enhance detection coverage and response capabilities.
• Provide technical leadership, mentoring, and performance management for Threat Analysts.
• Promote continuous improvement initiatives, including automation and advanced analytics for threat identification.
• Ensure adherence to data protection, confidentiality, and security standards across all threat-related activities.

Knowledge & Experience

Authorities & Dimensions:
• Budget responsibility: £1–3m (within Cyber Security Operations).
• Direct line management: 5–8 roles (Threat Intelligence Analysts and Threat Hunters).
• Systems Access: Elevated access to threat intelligence platforms, hunting tools, and analysis systems.
• Represent Sellafield Ltd in external threat intelligence communities, including NCSC, CISP, and sector-specific information-sharing groups.

Job Context & Challenges:

The Threat Team Lead role is a newly established position within Sellafield Ltd’s cyber security organisation, created to strengthen proactive threat intelligence and hunting capabilities within the Cyber Security Operations Centre (CSOC). This role is pivotal in leading the identification of emerging threats and adversary tactics across complex IT and OT environments, enabling timely detection and response to protect nuclear safety and operational resilience.

The Threat Team Lead will be instrumental in shaping long-term threat management capability, driving innovation in threat intelligence integration, and embedding advanced hunting practices. Balancing operational leadership with technical delivery, the role must provide strategic direction while fostering collaboration across ICT, cyber operations, and supplier ecosystems. Operating within a regulated nuclear environment, it must ensure that all activities support compliance, resilience, and the safe and secure operation of the site.

Essential Skills

• Degree or equivalent experience in a relevant discipline g., Cyber Security, Computer Science, Digital Forensics.
• Proven experience in threat intelligence, threat hunting, or advanced SOC operations. • Strong knowledge of adversary tactics, techniques, and procedures (TTPs) and frameworks such as MITRE ATT&CK.
• Experience managing and developing technical teams in a threat analysis context.
• Knowledge of regulatory frameworks (e.g., GDPR, NIS Directive) and security standards (e.g., NCSC CAF).
• Excellent analytical, problem-solving, and decision-making skills.
• Strong communication and stakeholder engagement abilities.
• Experience in automating threat analysis and hunting processes.
• Ability to communicate technical threat information to both technical and non-technical audiences, including senior management.

Desirable Skills

• Professional certifications such as GPEN, GCTI, CISSP, CISM, or equivalent.
• Experience with threat intelligence platforms and integration into SIEM/SOAR.
• Familiarity with cloud threat detection and hybrid environments.
• Knowledge of malware analysis and reverse engineering.
• Scripting skills (Python, PowerShell) for automation and hunting.
• Experience in regulated environments (nuclear, defence, critical infrastructure).

Additional Information

• Open VN
• Number of Vacancies: 1
• Contact/s: Andrew Shutak

ASW’s may have the right to apply for internal Sellafield Ltd vacancies. Please note if you are an Agency Supplied Worker you are required to attach evidence of all qualifications obtained to support your application. We require a minimum of A*-C (9-4) GCSE in English Language, Maths & Science/IT or equivalent / higher qualification.

If you choose to apply for this role and your application is shortlisted by the hiring manager, you will be invited to a competency based interview. You will receive the competencies once invited to interview.

Please see link to the competency framework for further information:
https://slportal.ssa-intra.net/pub/SC001/00027/Competency%20Framework/Forms/AllItems.aspx

If your technical competency is not in the above framework, please refer to the profession’s share point page for further information.

Sellafield Ltd are recognised as a Disability Confident Employer (Level 3). Disability Confident employers offer an interview to disabled applicants that meet the minimum criteria for a vacancy. Sellafield Ltd define the minimum criteria as the ‘essential skills’ which are listed on the vacancy notice. Whilst completing your application form, you will be able to indicate if you wish to be considered under the disability confident scheme. If you would prefer to discuss this directly with us, please contact the GBS Recruitment team on recruitment@sellafieldcloud.co.uk

Please ensure that you save a copy of this advert for future reference if you make an application for this role.

The closing date for this vacancy is Monday 13th July 2026.