SOC Analyst

What’s in it for you

We offer excellent benefits that help make Tesco a great place to work!  These include but are not limited to:

• Annual bonus scheme
• Holiday starting at 25 days plus a personal day (and bank holidays)
• Great colleague discounts and deals, saving you money on everyday purchases, utility bills for the home and more
• Retirement savings plan – save between 4% and 7.5% and Tesco will match your contribution
• Buy as you earn and Save as you earn share schemes
• Opportunities to get on – take advantage of our ongoing learning opportunities and award-winning training to help you achieve the career you want

About the role

We are the eyes and ears of the organisation using the latest technologies to: increase visibility and protection of our data, systems, and services; to optimise capability whilst reducing risk and impact to our customers, colleagues and business. We need to stay ahead of the latest trends, continuously improving our tooling, and develop our training and processes.

You will be responsible for

As a SOC Analyst, you will primarily focus on the detection, investigation, and resolution of security incidents by applying a blend of your technical skills, experience, and knowledge of security principles. Furthermore, you will contribute to the effectiveness and maturity of the Security Operations Centre (SOC) team by contributing to tooling, updating and creating new run books, and keeping abreast of the latest patterns and trends within the wider security arena. Maintaining a high-level of awareness, improving our incident response, and remediation support are day to day team activities. You will commit to maintain proficiency, research and share the latest attack techniques, new concepts, and other interesting security related topics.

You will be on your way to building a strong security-themed portfolio of experience and roles. You see this SOC Analyst role within Tesco, a leading international retailer and technology organisation, as the next logical step to develop and hone your skills. You will be enthusiastic, resourceful, and innovative. Furthermore, you will relish the challenge of solving complex problems by drawing upon your curiosity, technical knowledge, and ability to think outside the box.

You will need

• Following our Business Code of Conduct and always acting with integrity and due diligence
• Triage of security alerts; employs a methodical and coherent response to security incidents
• SIEM tooling operation or administration (e.g. Splunk,  ELK Stack, QRadar)
• Utilise playbooks, checklists, and online resources for guidance in response to incidents
• Proactive development of SOC tooling, techniques, and processes to improve incident response
• Propose improvements and recommendations to increase visibility and effectiveness of security monitoring systems
• Perform technical analysis from varied data sources (endpoint event logs, SIEM data, dashboards, enterprise applications), then develop and present coherent and reasoned next steps
• Leverage your technical skills, experience, and systems data to respond to complex security incidents in an innovative and effective manner
• Use your hands-on experience and theoretical understanding of TCP/IP and other related network protocols: TCP, ARP, ICMP, DHCP, DNS, HTTP, SNMP
• Command line experience and using/modifying basic scripts
• Working knowledge of the Cyber Kill Chain and/or Incident Response Phases
• Perform business as usual tasks (e.g. access to UK Data Centres, write reports, maintain and utilise  information security communication channels, escalate incidents and non-compliance)
• Broad understanding of key security concepts/principles (CIA, threats, vulnerabilities, and exploits)
• Broad understanding of commonly-accepted attackers' tools and tactics

Desirable Experience / Tools / Technologies

• Strong background in Information Technology; though not necessarily in security
• Proficient in at least one or more, within a corporate environment, from:
  • Endpoint operating systems (e.g. Microsoft, Linux, and/or OS X; especially Kali)
  • Core networking principles (e.g. switches, routers, wireless access points, Internet)
  • Infrastructure security devices (e.g. firewalls, proxies, IDS/IPS)
  • Supporting enterprise level services (e.g. AD, DNS, DHCP, IIS, Apache, VPN/DA, Databases)
  • Anti-virus, anti-malware, ransomware, data leak protection
  • Vulnerability management, endpoint forensics, intrusion analysis activities
  • Cloud computing platform (e.g. AWS, Azure, GoogleCloud)
  • Open Source Security tools
• One or more from: Python, PowerShell, Bash, Java
• Exposure to Agile/DevOps methods of working

Essential Certifications (or willingness to achieve within 9 months of starting)

• CompTIA N+, CompTIA Security+, ISC² SSCP, Splunk Power User

#LI-TI1
#LI-Hybrid

About us

Our vision at Tesco is to become every customer’s favourite way to shop, whether they are at home or out on the move.  Our core purpose is “Serving our customers, communities and planet a little better every day”.  Serving means more than a transactional relationship with our customers.  It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of, and for the planet.

We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves.  At Tesco, we not only celebrate diversity, but recognise the value and opportunity it brings.  We’re committed to creating a workplace where differences are valued, and make sure that all colleagues are given the same opportunities.  We’re a big business with diverse working patterns and many business areas which means that we can find something that works for you.  Everyone is welcome at Tesco.

We have recently announced that we are moving to a more blended working week – combining office and remote working.  Our offices continue to be where we connect, collaborate and innovate.  Talk to us about how this can work for you.

Note: Should you be successful in your application, your employment will be subject to and conditional upon you providing your bank account details on your agreed start date.

We’re proud to have been accredited Disability Confident Leader and we’re committed to providing a fully inclusive and accessible recruitment process. For further information on the accessibility support we can offer, please click here.