Overview

Security Engineer II - Detection Engineering at Tesco. Lead the development, implementation, and continuous improvement of Tesco's cyber security detection capability. Understand the threat landscape, identify opportunities for improvement in detections, establish new detections, and ensure appropriate detection coverage for the organisation. Work closely with security operations, engineering, risk & compliance in a fast-paced, agile environment.

Responsibilities

• Develop and drive the cyber security detection capability day-to-day and strategically for the Tesco Group.
• Design detections that are robust, thoroughly tested, and provide actionable alerts and supporting information for operational cyber security teams.
• Prioritise the needs of incident responders, ensuring detections and alerts are relevant, valuable, and include practical response steps.
• Ensure detection capability is fit for on-premises, private and public cloud environments, at scale and across diverse asset types.
• Provide support during cyber security incidents, participate in threat hunts, and collaborate with other security teams to improve automation and standardisation.
• Develop queries and enable robust detection of threats.
• Translate threat intelligence into actionable detection logic and maintain a solid understanding of detection technologies.

Qualifications & Experience

• Security Engineering skills with Threat Led mindset: ability to assess and validate information from multiple sources on cyber and informational security threats to the business; analyse trends, threat actor TTPs, and potential capabilities; translate information into tangible, actionable data.
• Secure & Test-Driven Engineering: knowledge of threat frameworks (e.g., MITRE ATT&CK, Kill Chain); ability to specify and implement processes to maintain security through a component/product/system lifecycle; proficient in detection development with positive and negative test cases; conduct code reviews to enhance or mitigate security issues; contribute to security evaluation or testing of threats/vulnerabilities; apply evaluation/testing methodologies to signature development/reviews.
• Research: ability to define research goals to generate worthwhile detection ideas and summarise findings for wider teams, considering business context.
• Experience developing and maintaining robust detections; working knowledge of Windows, macOS or Linux; ability to work independently and as part of a team; understanding of modern attacker TTPs; translate threat intel into actionable detection logic; solid grasp of detection technologies; ability to problem solve and operate at production scale; knowledge of query languages such as KQL or SPL; experience developing automation scripts (e.g., Bash, Python, Batch, PowerShell).
• Desirable: knowledge of cloud infrastructure and cloud security; knowledge of attacker tools and evasion techniques; experience with at least one major programming/scripting language (e.g., Python, PowerShell); experience of developing detections as code.

Benefits

• Annual bonus scheme of up to 20% of base salary
• Holiday starting at 25 days plus a personal day (plus Bank holidays)
• Private medical insurance
• 26 weeks maternity and adoption leave (after 1 year) at full pay, followed by statutory benefits; 4 weeks fully paid paternity leave
• Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, mental wellbeing support

About Tesco

Our vision is to become every customer’s favourite way to shop. Our core purpose is to serve customers, communities and the planet a little better every day. Tesco is committed to an inclusive culture and accessible recruitment. We offer diverse full-time and part-time patterns across business areas, with blended office and remote working.