Job Specifications
About the role
As a Cyber Security Detection Engineer, you will lead the development, implementation, and
continuous improvement of Tesco’s cyber security detection capability.
You will be required to understand the changing threat landscape, see opportunities for
improvement in existing detections, establish new detections, and ensure appropriate
detection coverage for the organisation. You will work closely with multiple teams, including
security operations, engineering, and risk & compliance, in a fast paced and agile
environment.
You will be responsible for
Responsible for developing and driving the cyber security detection capability both day-today and strategically for the Tesco Group. You are expected to seek out effective and
comprehensive detection logic and capability, ensuring detections are robust and not brittle,
thoroughly tested, and that alerts and supporting information is available to and understood
by operational cyber security teams.
You are expected to put the needs of operational teams and incident responders at the
centre of your development work, ensuring detections and alerts are relevant, of value, and
have practical response steps. You will need to ensure detection capability is fit for both onpremises, private and public cloud environments, working at significant scale, and across a
diverse range of asset types.
In addition, you may provide support during cyber security incidents, participate in threat
hunts, and work with other security teams to deliver automation and standardisation to
improve efficiency and response.
You will need
Relevant Operational skills:
Security Engineering Skills
Threat Led
• Ability to assess and validate information from various sources on cyber and
informational security threats to business
• Ability to analyse and identify significance of processed intelligence to identify trends,
threat actor TTPs and potential capabilities.
• Ability to break down and translate information into tangible actionable data.
Secure & Test-Driven Engineering
• Understanding of cyber security threat frameworks such as MITRE ATT&CK, Lockheed
Martin Killchain etc.
2
• Ability to specify/implement processes to maintain required level of security for a
component/product/system during its lifecycle.
• Proficient at detection development lifecycle covering all reasonable positive and
negative test cases.
• Ability to conducts code reviews of existing content and processes to identify and
enhance or mitigate security issues.
• Contribute to security evaluation of or testing of threat/vulnerabilities faced by
systems.
• Applies recognised evaluation/testing methodologies, tools and techniques to
signature development / reviews, suggesting new ones where appropriate.
Research
• Ability to quantify and define research goals to generate worthwhile relevant detection
ideas for further testing and exploration.
• Ability to summarise findings or technical information to be disseminated with wider
teams, factoring in business knowledge and summaries.
Experience relevant for this role:
• An ability to develop queries and enable robust detection of threats.
• Working knowledge of Windows, macOS or Linux operating systems
• Ability to work independently as well as part of a team.
• Understanding of modern attacker TTPs
• Translate threat intelligence into actionable detection logic.
• Solid grasp of detection technologies
• A broad understanding of security concepts; an interest and passion for cyber security
• An analytical approach; ability in problem solving and comfortable working on
production systems at scale.
• Query languages such as KQL or SPL
• Experience developing and maintaining basic automation scripts (e.g., Bash, Python,
Batch, PowerShell etc.)
Desirable Skills and Experience:
• Knowledge of cloud infrastructure, cloud security and cloud APIs a plus
• Knowledge of attacker tools and evasion techniques within offensive engineering
• Working knowledge of at least one major programming language, including scripting
languages like Python and PowerShell
• Experience of developing detections as code
Desirable Certifications
• One or more from: CompTIA Security+, GIAC, CEH, SSCP. Where appropriate other
industry relevant certifications will be considered.
Whats in it for you?
We’re all about the little helps. That’s why we make sure our Tesco colleague benefits package takes care of you – both in and out of work. Click Here to find out more!
Annual bonus scheme of up to 20% of base salary
Holiday starting at 25 days plus a personal day (plus Bank holidays)
Private medical insurance
26 weeks maternity and adoption leave (after 1 years’ service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 4 weeks fully paid paternity leave
Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing
About Us
Our vision at Tesco is
About the Company
We are Tesco, and we're always looking ahead. We use tech to make things a little better for everyone, every day.
Forget off- the-shelf. We love coming up with our own ideas and building things ourselves. We empower our technologists to play a part in Tesco's future. Solving crunchy tech problems, making customers' lives a little easier, and making a difference to our communities and the planet.
Our Technology team is made up of over 3,500 experts spread over 5 countries: UK, Poland, Hungary, Czech Republic and India....
Know more