About The Security & Capability Team

Our team is responsible for providing and maintaining tools used by Tesco in order to monitor and secure our systems, while also helping our colleagues globally.

We maintain global hybrid instances of our chosen tools for SIEM, Application Performance Monitoring, Log Monitoring, Backlog Management, Identity Access Management, Service Desk, self-help portals for colleagues and incident communications. In addition to the challenges delivering this capability brings, were also the team responsible for the security operations centre and our security architecture, working across Tesco globally to secure our systems and data! Our Technology Risk & Compliance team works tirelessly to further develop a risk aware culture and drive audit and regulatory improvements across the technology team in all Tesco countries.

We aim to provide colleagues with a great experience by providing world class tooling, processes and advice. We believe in solutions that are either self-service or invisible to the end user thats not always easy to achieve, but its what we strive for.

The Role Security Engineer

You will focus on improving the telemetry, processes and tools for Tescos SIEM system and SOC team. This role requires proven experience with security telemetry, security intelligence, anomaly hunting and incident response.

The Engineer must leverage intuition, security knowledge and a broad of array of tools and advanced security techniques to help us uncover and stay alert to malicious activity. Bilaterally, were building a threat hunting capability to feed back into our telemetry and processes.

Key Skills and Experience

• Experience performing technical analysis involving security event data and evaluating malicious activity.
• Knowledge of TCP/IP and related network protocols: knowledge of standard network protocols like TCP, ARP, ICMP, DHCP, DNS, HTTP, SNMP etc., and accompanying protocol/packet analysis/manipulation tools.
• Knowledge of information security protection/detection and authentication systems (firewalls, IDS, IPS, anti-virus, etc).
• Knowledge of commonly-accepted information security principles and practices, as well as techniques attackers would use to identify vulnerabilities, gain unauthorized access, escalate privileges and access restricted information.
• Knowledge of current operating environments (Microsoft, Linux, & OS X).
• Development / Configuration experience with any industry leading SIEM platform.
• Experience of development using a programming language in a DevOps environment using agile techniques.
• Exceptional analytical and critical thinking, willingness to challenge status quo.
• Excellent interpersonal skills.
• Advanced written and oral communications, self-motivator.
• Team player and independent worker, highly adaptive.

Desirable Tools / Technologies:

• Splunk (including Enterprise Security, UBA and CIM)
• AWS
• Devops toolsets Github, Jenkins, Jira etc.
• Python, Java

Academia: College degree or equivalent work experience.

Desirable Certifications: SSCP, GSEC, GCIH, GCIA or other industry relevant certifications.