City: MADRID

CYBER THREAT HUNTING MANAGER

6 May 2026

Job ID: 105943

Country: Spain

Professional area: Information Technology

Contract type: Permanent

Professional level: Experienced

Location:

MADRID, ES, 28046

At JTI we celebrate differences, and everyone truly belongs. 46,000 people from all over the world are continuously building their unique success story with us. 83% of employees feel happy working at JTI.

To make a difference with us, all you need to do is bring your human best.

What will your story be? Apply now!

Learn more: jti.com

Department: Cyber Security

Location: Madrid, Spain

CYBER THREAT HUNTING MANAGER

The Threat Hunting Manager is responsible for ensuring JTI has a strong, proactive threat detection and threat hunting capability across both on‑premise and cloud environments.

The role is accountable for the effectiveness of detection and hunting outcomes, achieved by orchestrating a managed security service provider (MSSP) and a small internal technical team as a single, high‑performing function.

This position focuses exclusively on Threat Detection and Threat Hunting. While it does not own Incident Response, Cyber Threat Intelligence, or Vulnerability Management, the role works closely with these teams to provide early detection insights, validate scope, and identify malicious activity as early as possible.

The primary objective is to continuously improve JTI’s ability to detect advanced threats early, reduce attacker dwell time, and scale detection and hunting services enterprise‑wide. This includes governance of MSSP performance, technical leadership of the internal team, and close alignment with IT and business stakeholders to ensure detection capabilities reflect JTI’s risk landscape and business priorities.

Responsibilities:

Provide technical leadership, strategic vision, and end‑to‑end accountability for the organisation’s threat detection and threat hunting capability. This includes orchestrating the Managed Security Service Provider (MSSP) and the internal technical team as a cohesive operating model, ensuring clear accountability, effective technical execution, and continuous improvement of detection and hunting outcomes across on‑premise and cloud environments
Accountable for the effectiveness and quality of the organisation’s threat detection capability, delivered through both the Managed Security Service Provider (MSSP) and the internal technical team. This includes assessing detection coverage, determining the need for new analytic rules, designing and creating detections from scratch where required, and ensuring existing rules are continuously reviewed, optimised, and maintained to deliver high‑fidelity detections, reduce noise, and ensure consistent detection standards and outcomes across all detection providers
Accountable for the effectiveness and coordination of the organisation’s threat hunting capability, delivered through both the Managed Security Service Provider (MSSP) and the internal technical team. This includes aligning and supervising MSSP‑led hunting activities, ensuring hunts are relevant, timely, and risk‑driven, while guiding and supporting the internal team in performing advanced, hypothesis‑based threat hunting to identify sophisticated or previously undetected threats, and ensuring consistent hunting standards and outcomes across both delivery models
Accountable for integrating purple team activities into the threat detection and hunting lifecycle. This includes translating adversary simulations, attack scenarios, and identified gaps into actionable detection improvements, ensuring learnings from offensive testing directly enhance analytic rules, hunting hypotheses, and overall detection effectiveness
Accountable for effective collaboration across Incident Response, Cyber Threat Intelligence, Vulnerability Management, and other security functions to ensure threat detection and hunting activities are aligned with broader security operations. This includes sharing context and insights, supporting investigation and scoping, informing prioritisation, and ensuring detection and hunting outputs meaningfully contribute to response, remediation, and risk reduction efforts

Who we are looking for:

Education & Experience:

Degree in Computer Science, Cybersecurity, or a related field (or equivalent experience)
5–7+ years of experience in security monitoring, alert triage, and threat hunting
Hands-on experience with SIEM, XDR, and other security platforms
Experience supporting large, global organizations in hybrid environments
Background in incident response, threat intelligence, or related security operations

Skills & Competencies:

Strong analytical and problem-solving skills
Ability to interpret complex security signals and drive clear outcomes
Experience with change management and continuous improvement
Excellent communication and presentation skills
Strong ownership, accountability, and sense of urgency
Knowledge of frameworks such as MITRE ATT&CK, Cyber Kill Chain, and Diamond Model
Experience with EDR, identity protection, network, and cloud security technologies
Understanding of threat actors and their tactics, techniques, and objectives
Innovative, curious, and solution-oriented mindset
Customer service-oriented attitude

Are you ready to join us? Build your success story at JTI. Apply now!

Next Steps:

After applying, if selected, please anticipate the following within 1-3 weeks of the job posting closure: Phone screening with Talent Advisor > Assessment tests > Interviews > Offer. Each step is eliminatory and may vary by role type.

At JTI, we strive to create a diverse and inclusive work environment. As an equal-opportunity employer, we welcome applicants from all backgrounds. If you need any specific support, alternative formats, or have other access requirements, please let us know.