Job Specifications
About the role
Our Security
Operations Centre (SOC) is at the forefront of protecting Tesco’s technology
estate. We lead real-time threat monitoring, incident response, and proactive
threat hunting across the Tesco Group. We also collaborate with Digital
Forensics & Incident Response, Threat Intelligence, Automation, and
Detection Engineering teams to ensure rapid detection, analysis, and mitigation
of security threats. Beyond investigating security incidents, we use our
expertise to work with other teams, driving continuous service improvements and
improving our overall security capabilities.
We are seeking
a highly skilled SOC Analyst to join the team. In this role, you will monitor,
analyse, and respond to security events across multiple environments and
locations, while proactively hunting for threats and driving continuous
improvement of detection and response mechanisms.
We closely collaborate with
multi-functional cybersecurity teams, using our expertise to assess alerts,
take charge of investigations, and efficiently implement necessary actions to
address any issues. Our critical thinking skills are important in identifying
emerging threats and strengthening Tesco’s overall security posture, directly
supporting the reduction of incident response times and enhancing our detection
capabilities to ensure the ongoing protection of our digital ecosystem.
You will be responsible for
·
Following our Business Code of Conduct and
always acting with integrity and due diligence
·
Proactively
monitor and analyse security events using SIEM/XDR platforms and other security
tools to identify and respond to potential threats across various environments.
·
Evaluate and
handle alerts, bringing your technical expertise to analyse risk, gauge the
severity of incidents, and promptly initiate necessary actions for resolution.
·
Respond to
security incidents with a focus on thorough investigation, containment,
remediation, and post-incident analysis to prevent future occurrences.
·
Conduct
proactive threat hunting across the environment to detect unknown threats and
enhance early detection capabilities.
·
Maintain
situational awareness of the current operational and threat landscape by
staying informed of new attacker techniques, vulnerabilities, and trends.
·
Help build and
implement security measures, standards, and playbooks to ensure compliance with
industry standards.
·
Support the
continuous improvement of SOC processes, detection, and automation use-cases to
enhance operational efficiency and effectiveness.
·
Collaborate with
Incident Managers, the Cyber Threat Intelligence team, and other partners to
ensure a unified response and situational awareness across the organisation.
Expand your knowledge of emerging threats, vulnerabilities, and
cybersecurity technologies by applying threat intelligence feeds, research, and
training.
You will need
·
3+ years of
experience in successful SOC analyst positions, preferably within an internal
SOC environment.
·
Proficient in
technical analysis, investigations, and handling security incidents in
large-scale, fast-paced corporate environments, both on-premises and in the
cloud.
·
Proficient in
security monitoring tools and technologies.
·
In-depth
knowledge of operating systems and networking concepts (e.g., TCP/IP, DNS).
·
Experience with
enterprise security technologies including XDR, SOAR, and SIEM.
·
Familiarity with
cloud platforms and their security features.
·
Understanding of
incident response frameworks (e.g., NIST, MITRE ATT&CK).
·
Strong
analytical and problem-solving skills for identifying and responding to
security incidents.
·
Ability to work
effectively in a team and communicate clearly with both technical and
non-technical partners.
·
Experience with
scripting languages such as Python or PowerShell for automating tasks.
·
Excellent
written and verbal skills for documenting incidents and communicating with
partners.
·
Critical
thinking for making informed decisions during incidents.
·
Ability to
handle high-stress situations with composure, efficiency, and integrity.
·
Relevant
certifications (e.g., CompTIA Security+/CSA+) are a plus. Certifications (or
equivalents) are desirable but not a requirement.
·
Desirable -
completion of relevant training courses such as SEC450 (Blue Team
Fundamentals), SEC511 (Continuous Monitoring and Security Operations), SEC530
(Defensible Security Architecture and Engineering), and SEC555 (SIEM with
Tactical Analytics).
·
Commitment to
staying updated with the latest security trends and threats to ensure effective
performance in the role.
Whats in it for you?
We’re all about the little helps. That’s why we make sure our Tesco colleague benefits package takes care of you – both in and out of work. Click Here to find out more!
Annual bonus scheme of up
About the Company
We are Tesco, and we're always looking ahead. We use tech to make things a little better for everyone, every day.
Forget off- the-shelf. We love coming up with our own ideas and building things ourselves. We empower our technologists to play a part in Tesco's future. Solving crunchy tech problems, making customers' lives a little easier, and making a difference to our communities and the planet.
Our Technology team is made up of over 3,500 experts spread over 5 countries: UK, Poland, Hungary, Czech Republic and India....
Know more