About the role
As a Cyber Security Detection Engineer, you will lead the development, implementation, and continuous improvement of Tesco's cyber security detection capability. You will be required to understand the changing threat landscape, identify opportunities for improvement in existing detections, establish new detections, and ensure appropriate detection coverage for the organisation. You will work closely with multiple teams, including security operations, engineering, and risk & compliance, in a fast moving and agile environment.
You will be responsible for
Responsible for developing and driving the cyber security detection capability both day-to-day and strategically for the Tesco Group. You are expected to seek out effective and comprehensive detection logic and capability, ensuring detections are robust and not brittle, thoroughly tested, and that alerts and playbooks are available to and understood by operational cyber security teams.
You are expected to put the needs of operational teams and incident responders at the centre of your development work, ensuring detections and alerts are relevant, of value, and have practical response steps. You will need to ensure detection capability is fit for both on-premise and public cloud environments, working at significant scale, and across a diverse range of asset types.
In addition, you may provide support during cyber security incidents, participate in threat hunts, and work with other security teams to deliver automation and standardisation to improve efficiency and response.
You will need
Key Skills and Experience
An ability to develop queries and enable robust detection of threats
Working knowledge of Windows or Linux operating systems
Ability to work independently as well as part of a team
Understanding of modern attacker TTPs
Translate threat intelligence into actionable detection logic
Working knowledge of detection technologies
A broad understanding of security concepts; an interest and passion for cyber security
An analytical mindset; ability in problem solving and comfortable working on production systems at scale
Desirable Skills and Experience:
Knowledge of cloud infrastructure, cloud security and cloud APIs a plus
Knowledge of attacker tools and evasion techniques
Working knowledge of at least one major programming language, including scripting languages like Python and PowerShell
Experience of developing detections as code
Query languages such as KQL or SPL
One or more from: CompTIA Security+, GIAC, CEH, SSCP. Where appropriate other industry relevant certifications will be considered.
What's in it for you
We offer excellent benefits that help make Tesco a great place to work. These include but aren't limited to:
- An annual bonus scheme which you can achieve up to 20% of base salary
- Colleague Clubcard (including a 2nd card for a family member) after 6 months service with 10% off most purchases at Tesco
- Holiday starting at 25 days plus a personal day
- A retirement savings plan - 4%-7.5% contribution rate
- Life Assurance - 5 x contractual pay
- Buy As You Earn Scheme
- Save As You Earn Scheme
- Deals & Discounts through Tesco including Tesco Mobile & Tesco Bank
- Deals and Discounts through many other external businesses
Our vision here at Tesco is to become every customer's favourite way to shop, whether they are at home, out shopping, on the move, anywhere in the world.
We want our customers to be inspired and whatever they are looking for, we're finding bigger and better ways to provide it.
Everything is underpinned by our continuous drive for the best tools and technology to deliver our vision. We're driving innovation and transforming our Technology to become the world's leading retailer.
We need people who share our ambition to deliver for our customers; Passionate and confident people willing to take the initiative and drive us forwards. In return we offer excitement, a great team, an excellent benefit package, and significant career development opportunities.
Joining us means playing a part in defining; building and launching an ambitious roadmap of digital products that could affect the lives of millions of people over the years to come.
If that sounds exciting then we'd love to hear from you.