Overview

As a Cyber Security Detection Engineer, you will lead the development, implementation, and continuous improvement of Tesco's cyber security detection capability. You will understand the changing threat landscape, see opportunities for improvement in existing detections, establish new detections, and ensure appropriate detection coverage for the organisation. You will work closely with multiple teams, including security operations, engineering, and risk & compliance, in a fast paced and agile environment.

Responsibilities

• Responsible for developing and driving the cyber security detection capability both day-to-day and strategically for the Tesco Group. You are expected to seek out effective and comprehensive detection logic and capability, ensuring detections are robust and not brittle, thoroughly tested, and that alerts and supporting information is available to and understood by operational cyber security teams.
• Put the needs of operational teams and incident responders at the centre of development work, ensuring detections and alerts are relevant, of value, and have practical response steps.
• Ensure detection capability is fit for on-premises, private and public cloud environments, working at significant scale and across a diverse range of asset types.
• Provide support during cyber security incidents, participate in threat hunts, and work with other security teams to deliver automation and standardisation to improve efficiency and response.

Security Engineering Skills

• Threat Led: Ability to assess and validate information from various sources on cyber and informational security threats to business; analyse and identify significance of processed intelligence to identify trends, threat actor TTPs and potential capabilities; translate information into tangible actionable data.
• Secure & Test-Driven Engineering: Understanding of cyber security threat frameworks such as MITRE ATT&CK, Lockheed Martin Kill Chain; specify/implement processes to maintain required level of security for a component/product/system during its lifecycle; proficient at detection development lifecycle covering positive and negative test cases; conduct code reviews of existing content and processes to identify and mitigate security issues; contribute to security evaluation or testing of threat/vulnerabilities faced by systems; apply evaluation/testing methodologies, tools and techniques to signature development/reviews, suggesting new ones where appropriate.
• Research: Ability to quantify and define research goals to generate worthwhile detection ideas for further testing and exploration; summarise findings for wider teams, factoring in business knowledge.
• Experience relevant for this role: Ability to develop queries and enable robust detection of threats; working knowledge of Windows, macOS or Linux; ability to work independently and as part of a team; understanding of modern attacker TTPs; translate threat intelligence into actionable detection logic; solid grasp of detection technologies; broad understanding of security concepts; analytical problem solving and ability to work on production systems at scale; knowledge of query languages such as KQL or SPL; experience developing and maintaining basic automation scripts (e.g., Bash, Python, Batch, PowerShell).
• Desirable Skills and Experience: Knowledge of cloud infrastructure, cloud security and cloud APIs; knowledge of attacker tools and evasion techniques; working knowledge of at least one major programming language (Python, PowerShell); experience of developing detections as code.

What’s in it for you?

We’re all about the little helps. Tesco’s colleague benefits package takes care of you in and out of work. Click here to find out more.

• Annual bonus scheme of up to 20% of base salary
• Holiday starting at 25 days plus a personal day (plus Bank holidays)
• Private medical insurance
• 26 weeks maternity and adoption leave (after 1 year’s service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay; 4 weeks fully paid paternity leave
• Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing

About Us

Our vision at Tesco is to become every customer's favourite way to shop, whether they are at home or out on the move. Our core purpose is ‘Serving our customers, communities and planet a little better every day’. We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves. We’re committed to creating a workplace where differences are valued, and we’re proud to have been accredited Disability Confident Leader. We’re committed to providing a fully inclusive and accessible recruitment process. We’re a big business with diverse full-time & part-time patterns, and a blended pattern of office and remote working. If you are applying internally, please speak to the Hiring Manager about how this can work for you. Everyone is welcome at Tesco.

Seniority level

• Entry level

Employment type

• Full-time

Job function

• Information Technology

Industries

• Retail