Senior Penetration Tester

What’s in it for you

We offer excellent benefits that help make Tesco a great place to work! These include but are not limited to:

• Annual bonus scheme
• Holiday starting at 25 days plus a personal day (plus Bank holidays)
• Retirement savings plan - save between 4% and 7.5% and Tesco will match your contribution
• Life Assurance - 5 x contractual pay
• 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing
• Great colleague deals and discounts, saving you money on everyday purchases, eating out and utility bills for the home
• Access to our colleague networks providing a space for colleagues to come together from a range of backgrounds. For more information about our colleague networks please click here
• Opportunities to get on - take advantage of our ongoing learning opportunities and award winning training, to help you achieve the job and career you want

Click Here to read more about the benefits we have available for our colleagues

About the role

As a penetration tester at Tesco, I use my offensive skills to discover and demonstrate vulnerabilities and weaknesses in the variety of systems and different technology stacks that Tesco deploys, from traditional on-premise infrastructure to cloud-centric containerised deployments.

I work collaboratively with application and infrastructure teams to help prioritise and remediate these findings, with our infrastructure teams to help improve our supporting functions, and with our defensive security teams to help them improve detections, and our response playbooks.

When required I lend my technical expertise and guidance to support security incidents.

You will be responsible for

• Conducting penetration testing engagements in systems across Tesco
• Documenting and improving our penetration testing process
• Writing penetration testing reports to both technical and non-technical audiences
• Presenting findings and proposed solutions to the owners of each system

In addition to the above core accountabilities, I am also responsible for:

• Working with our security engineers to refine and develop our detections
• Participating in purple and red teaming exercises carrying out wider assessments of our security posture
• Helping triage and validate findings from our bug bounty program
• Triaging and validating Tesco’s risk posture for newly released CVEs as part of vulnerability management

You will need

Operational skills relevant for this job:

• Exceptional analytical and critical thinking, willingness to challenge status quo
• Strong written and oral communications, self-motivator: the ability to convey technical security challenges to a variety of different audiences will be critical to the success of this role.
• Excellent interpersonal and collaboration skills but also able to work independently to achieve an outcome.
• Ability to continually learn and stay abreast of the latest challenges and threats in the security landscape.

Experience relevant for this job:

• A strong background in offensive security, for example in penetration testing, vulnerability research, red teaming or similar. We will also consider experience gained through platforms such as HackTheBox, Proving Grounds (Offensive Security), bug bounty programs or similar
• Demonstrable experience of common penetration testing tooling and methodologies.
• CREST or Cyber Scheme, OSCP, OSEP, CRTO, GPEN or other industry relevant certifications are useful but are not essential
• Understanding of, or involvement in red teaming would be desirable, but not essential
• A strong working knowledge of common operating systems (Windows and Linux) and of network protocols and packet analysis / manipulation tools
• Knowledge of preventative and detective controls (Active Directory, firewalls, IDS, IPS, anti-virus, etc)

About us

Our vision at Tesco is to become every customer's favourite way to shop, whether they are at home or out on the move. Our core purpose is ‘Serving our customers, communities and planet a little better every day’. Serving means more than a transactional relationship with our customers. It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of and for the planet.

We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves. At Tesco, we not only celebrate diversity, but recognise the value and opportunity it brings. We're committed to creating a workplace where differences are valued, and make sure that all colleagues are given the same opportunities. We’re proud to have been accredited Disability Confident Leader and we’re committed to providing a fully inclusive and accessible recruitment process. For further information on the accessibility support we can offer, please click here.

We’re a big business and we can offer a range of diverse full-time & part-time working patterns across our many business areas, which means that we can find something that works for you.  We work in a more blended pattern - combining office and remote working. Our offices will continue to be where we connect, collaborate and innovate. Please talk to us about how this can work for you - Everyone is welcome at Tesco.