About the role

As a Cyber Security Detection Engineer, you will lead the development, implementation, and continuous improvement of Tesco’s cyber security detection capability. You will understand the changing threat landscape, identify opportunities for improvement in existing detections, establish new detections, and ensure appropriate detection coverage for the organisation. You will work closely with security operations, engineering, and risk & compliance in a fast paced and agile environment.

Responsibilities

• Develop and drive the cyber security detection capability day-to-day and strategically for the Tesco Group.
• Seek out effective and comprehensive detection logic and capability, ensuring detections are robust, thoroughly tested, and that alerts and supporting information are available to and understood by operational cyber security teams.
• Put the needs of operational teams and incident responders at the centre of development work, ensuring detections and alerts are relevant, of value, and have practical response steps.
• Ensure detection capability is fit for on‑premises, private and public cloud environments, and operate at scale across a diverse range of asset types.
• Provide support during cyber security incidents, participate in threat hunts, and collaborate with other security teams to deliver automation and standardisation to improve efficiency and response.

Requirements and qualifications

• Operational skills: Security Engineering Skills; Threat Led approach; ability to assess and validate information from multiple sources on cyber and informational security threats; analyse trends, threat actor TTPs and potential capabilities; translate information into tangible actionable data.
• Secure & Test-Driven Engineering: Understanding of cyber security threat frameworks (e.g., MITRE ATT&CK, Lockheed Martin Kill Chain); maintain security for components/systems throughout their lifecycle; proficient in detection development lifecycle with positive and negative test cases; conduct code reviews to enhance or mitigate security issues; contribute to security evaluation/testing of threats and vulnerabilities; apply evaluation/testing methodologies and tools to signature development/reviews.
• Research: ability to quantify research goals to generate worthwhile detection ideas; summarize findings for wider teams with business context.
• Experience relevant for this role: develop queries for robust threat detection; working knowledge of Windows, macOS, or Linux; ability to work independently and in a team; understanding of modern attacker TTPs; translate threat intelligence into actionable detection logic; solid grasp of detection technologies; strong analytical problem-solving skills; experience with query languages such as KQL or SPL; experience with automation scripts (e.g., Bash, Python, PowerShell).
• Desirable Skills and Experience: knowledge of cloud infrastructure/security and cloud APIs; knowledge of attacker tools and evasion techniques; experience with at least one major programming language and scripting languages; experience developing detections as code.
• Desirable Certifications: CompTIA Security+, GIAC, CEH, SSCP or other industry-relevant certifications where appropriate.

What’s in it for you?

We’re all about the little helps. Tesco’s colleague benefits package takes care of you both in and out of work. Click here to find out more.

About Us

Our vision at Tesco is to become every customer's favourite way to shop. Our core purpose is “Serving our customers, communities and planet a little better every day.” We are committed to an inclusive culture and to providing a fully inclusive and accessible recruitment process. We’re a big business offering diverse full-time and part-time patterns, with blended office and remote working. If applying internally, speak to the Hiring Manager about how this can work for you.

Seniority level

• Entry level

Employment type

• Full-time

Job function

• Information Technology
• Industries: Retail

Is this role expired or filled? The description does not indicate a current closing date; ensure to verify on the posting platform.