The following content displays a map of the jobs location - Welwyn Garden City

Security Analyst - Vulnerability Management

Job Reference tesco/TP/10683609/745443

This job has been closed.

Number of Positions:
Contract Type:
Working Hours:
Welwyn Garden City
Closing Date:
Job Category:
Business Unit:
GB Head Office

What’s in it for you

We offer excellent benefits that help make Tesco a great place to work!  These include but are not limited to:

  • Annual bonus scheme
  • Holiday starting at 25 days plus a personal day (and bank holidays)
  • Great colleague discounts and deals, saving you money on everyday purchases, utility bills for the home and more
  • Retirement savings plan – save between 4% and 7.5% and Tesco will match your contribution
  • Buy as you earn and Save as you earn share schemes
  • Opportunities to get on – take advantage of our ongoing learning opportunities and award-winning training to help you achieve the career you want

About the role

We are passionate about step changing our cyber security capability so our business can focus on serving our customers, communities, and planet. We are looking to add great people to our growing team.

We have a large technology landscape across many countries, and we are seeking a talented security analyst to join our team. This role requires a passion for finding and fixing vulnerabilities with a strong background in technology. Strong communication skills to build relationships with multiple business/technology teams across our business, providing clear reporting and updates to key stakeholders regarding their vulnerabilities and remediation status.

We believe that skilled and passionate people are our greatest asset in reducing cyber risk to our business and customers. We encourage and support continuous development and recognise the importance of keeping up with the latest technology (as well as all the older stuff) and an evolving threat landscape.

Are you up for this challenge?

You will be responsible for

As a Security analyst, you will be working in the vulnerability management team, and will be responsible for managing Tesco group vulnerability tooling, bug bounty programme, as well as working with various technology teams on remediation guidance and plans. The role is critical to minimising the risk of business disruption, reputational damage, and customer impact.

  • Continuously discover vulnerabilities using industry leading solutions
  • Evaluate vulnerabilities based on risk and intelligence-based prioritization criteria
  • Coordinate and communicate with cross-functional teams throughout the Tesco
  • Facilitate strategic (CXO) and operational level (Manager) reports from VM
  • Facilitate exception handling and escalation through risk-review and acceptance process
  • Review and optimize scan templates to ensure complete coverage of Tesco environment
  • Support treatment and remediation activities with identified system owners
  • Managing security vulnerabilities across Operating Systems, web applications, APIs, Cloud (AWS & Azure), infrastructure like network, etc

You will need

  • Familiarity with vulnerability management across SaaS and IaaS cloud platforms (e.g., Azure and AWS)
  • Good understanding of Web Application Security frameworks, common vulnerabilities and associated remediations
  • Demonstrates keeping up with latest zero-day vulnerabilities (E.g., SUDO, Log4j, Follina)
  • Knowledge of frameworks and methodologies such as CVSS, CIS Benchmarking, OWASP, MITRE
  • Experience of secure software development methodologies (DevSecOps, Secure Architecture)
  • CISSP, SCCP, OSCP, GWAPT, SANS 516, eWPT, eJPT or other industry relevant certifications are desired but not essential
  • Experience to handle large datasets and perform vulnerability analysis
  • Ability to conduct root cause analysis against vulnerabilities and determine feasible technical solutions.
  • Up-to-date knowledge of current exploit techniques, vulnerability disclosures, data breach incidents, and security analysis techniques, combined with the understanding of the potential impact on the security posture

Technical skills required…

  • Familiarity with vulnerability scanning and management tools (e.g., Qualys, Nexpose, Tenable, Netsparker, Acunetix, etc.)
  • Working knowledge/experience with REST APIs
  • Hands-on with BurpSuite, Metasploit, Nmap
  • Hand-on with ASM tools such as Shodan, Censys, Project Discovery tools (Nuclei, Subfinder, naabu, httpx, etc.) and recon methodologies
  • Able to write small tools/scripts in Python, Go, etc
  • Desirable experience with Splunk enterprise for data visualization and analytics

How we’ll support you…

  • Flexible working to assist you balance your personal priorities
  • Coaching and support working with a large security team
  • Industry leading security training to upskill your career

About us

Our vision at Tesco is to become every customer’s favourite way to shop, whether they are at home or out on the move.  Our core purpose is “Serving our customers, communities and planet a little better every day”.  Serving means more than a transactional relationship with our customers.  It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of, and for the planet.

We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves.  At Tesco, we not only celebrate diversity, but recognise the value and opportunity it brings.  We’re committed to creating a workplace where differences are valued, and make sure that all colleagues are given the same opportunities.  We’re a big business with diverse working patterns and many business areas which means that we can find something that works for you.  Everyone is welcome at Tesco.

We have recently announced that we are moving to a more blended working week – combining office and remote working.  Our offices continue to be where we connect, collaborate and innovate.  Talk to us about how this can work for you.

Note: Should you be successful in your application, your employment will be subject to and conditional upon you providing your bank account details on your agreed start date.