Cyber Threat Detection Engineer

What’s in it for you

We offer excellent benefits that help make Tesco a great place to work!  These include but are not limited to:

• Annual bonus scheme
• Holiday starting at 25 days plus a personal day (and bank holidays)
• Great colleague discounts and deals, saving you money on everyday purchases, utility bills for the home and more
• Retirement savings plan – save between 4% and 7.5% and Tesco will match your contribution
• Buy as you earn and Save as you earn share schemes
• Opportunities to get on – take advantage of our ongoing learning opportunities and award-winning training to help you achieve the career you want

About the role

As a Cyber Threat Detection Engineer, you will lead the development, implementation, and continuous improvement of Tesco’s security detection and response capability. You will be required to understand the changing threat landscape, identify opportunities for improvement in existing detections, establish new detections, and ensure appropriate detection coverage for the organisation. You will work closely with multiple teams, including security operations, incident response, and threat intelligence, in a fast moving and agile environment.

You will be responsible for

Responsible for developing and driving endpoint cyber threat detection and response capability both day-to-day and strategically for the Tesco Group. You are expected to seek out effective and comprehensive detection logic and capability, ensuring detections are robust and not brittle, thoroughly tested, and that alerts and playbooks are available to and understood by operational cyber security teams.

You are expected to put the needs of operational teams and incident responders at the centre of your development work, ensuring detections and alerts are relevant, of value, and have practical response steps.

In addition, you may provide support during cyber security incidents, participate in threat hunts, and work with other security teams to deliver automation and standardisation to improve efficiency and response.

You will need

Minimum requirements:

• An ability to develop queries and enable robust detection of threats

• Experience in search query languages such as KQL (Microsoft) or SPL (Splunk)

• Working knowledge of EDR capability

• Working knowledge of Windows or Linux operating systems fundamentals

• Ability to work independently as well as part of a team

• Understanding of modern attacker TTPs

• A broad understanding of security concepts; an interest and passion for cyber security

Desirable Skills and Experience:

• Knowledge of cloud infrastructure, cloud security and cloud APIs a plus

• Knowledge of attacker tools and evasion techniques

• Working knowledge of at least one major programming language, including scripting languages like Python and PowerShell

• Experience of developing detections as code

• Translate threat intelligence into actionable detection logic

• Knowledge of Active Directory threats

About us

Our vision at Tesco is to become every customer’s favourite way to shop, whether they are at home or out on the move.  Our core purpose is “Serving our customers, communities and planet a little better every day”.  Serving means more than a transactional relationship with our customers.  It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of, and for the planet.

We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves.  At Tesco, we not only celebrate diversity, but recognise the value and opportunity it brings.  We’re committed to creating a workplace where differences are valued, and make sure that all colleagues are given the same opportunities.  We’re a big business with diverse working patterns and many business areas which means that we can find something that works for you.  Everyone is welcome at Tesco.

We have recently announced that we are moving to a more blended working week – combining office and remote working.  Our offices continue to be where we connect, collaborate and innovate.  Talk to us about how this can work for you.

Note: Should you be successful in your application, your employment will be subject to and conditional upon you providing your bank account details on your agreed start date.