About The Security & Capability Team
Our team is responsible for providing and maintaining tools used by Tesco in order to monitor and secure our systems, while also helping our colleagues globally.
We maintain global hybrid instances of our chosen tools for SIEM, Application Performance Monitoring, Log Monitoring, Backlog Management, Identity Access Management, Service Desk, self-help portals for colleagues and incident communications. In addition to the challenges delivering this capability brings, we're also the team responsible for the security operations centre and our security architecture, working across Tesco globally to secure our systems and data! Our Technology Risk & Compliance team works tirelessly to further develop a risk aware culture and drive audit and regulatory improvements across the technology team in all Tesco countries.
We aim to provide colleagues with a great experience by providing world class tooling, processes and advice. We believe in solutions that are either self-service or invisible to the end user - that's not always easy to achieve, but it's what we strive for.
We offer excellent benefits that help make Tesco a great place to work. These include but aren't limited to:
- An annual bonus scheme which you can achieve up to 3.5% of base salary
- Colleague Clubcard (including a 2nd card for a family member) after 6 months service with 10% off most purchases at Tesco
- Holiday starting at 25 days plus a personal day
- A retirement savings plan - 4%-7.5% contribution rate
- Life Assurance - 5 x contractual pay
- Buy As You Earn Scheme
- Save As You Earn Scheme
- Deals & Discounts through Tesco including Tesco Mobile & Tesco Bank
- Deals and Discounts through many other external businesses
The Role - Security Engineer
You will focus on improving the telemetry, processes and tools for Tesco's SIEM system and SOC team. This role requires proven experience with security telemetry, security intelligence, anomaly hunting and incident response.
The Engineer must leverage intuition, security knowledge and a broad of array of tools and advanced security techniques to help us uncover and stay alert to malicious activity. Bilaterally, we're building a threat hunting capability to feed back into our telemetry and processes.
Key Skills and Experience
- Experience performing technical analysis involving security event data and evaluating malicious activity.
- Knowledge of TCP/IP and related network protocols: knowledge of standard network protocols like TCP, ARP, ICMP, DHCP, DNS, HTTP, SNMP etc., and accompanying protocol/packet analysis/manipulation tools.
- Knowledge of information security protection/detection and authentication systems (firewalls, IDS, IPS, anti-virus, etc).
- Knowledge of commonly-accepted information security principles and practices, as well as techniques attackers would use to identify vulnerabilities, gain unauthorized access, escalate privileges and access restricted information.
- Knowledge of current operating environments (Microsoft, Linux, & OS X).
- Development / Configuration experience with any industry leading SIEM platform.
- Experience of development using a programming language in a DevOps environment using agile techniques.
- Exceptional analytical and critical thinking, willingness to challenge status quo.
- Excellent interpersonal skills.
- Advanced written and oral communications, self-motivator.
- Team player and independent worker, highly adaptive.
Desirable Tools / Technologies:
- Splunk (including Enterprise Security, UBA and CIM)
- Devops toolsets - Github, Jenkins, Jira etc.
- Python, Java
Academia: College degree or equivalent work experience.
Desirable Certifications: SSCP, GSEC, GCIH, GCIA or other industry relevant certifications.