Overview

Tesco UK • Welwyn Garden City • Full-Time • Apply by 05-Dec-2025As a Cyber Security Detection Engineer, you will lead the development, implementation, and continuous improvement of Tesco''s cyber security detection capability. You will understand the changing threat landscape, identify opportunities for improvement in existing detections, establish new detections, and ensure appropriate detection coverage for the organisation. You will work closely with multiple teams, including security operations, engineering, and risk and compliance, in a fast paced and agile environment.Benefits

Annual bonus scheme of up to 20% of base salaryHoliday starting at 25 days plus a personal day (plus Bank holidays)Private medical insurance26 weeks maternity and adoption leave (after 1 year’s service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, plus 4 weeks fully paid paternity leaveFree 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing

You will be responsible forDeveloping and driving the cyber security detection capability both day-to-day and strategically for the Tesco Group. You are expected to seek out effective and comprehensive detection logic and capability, ensuring detections are robust, thoroughly tested, and that alerts and supporting information are available to and understood by operational cyber security teams.You are expected to put the needs of operational teams and incident responders at the centre of your development work, ensuring detections and alerts are relevant, of value, and have practical response steps. You will need to ensure detection capability is fit for both on-premises, private and public cloud environments, working at significant scale, and across a diverse range of asset types.In addition, you may provide support during cyber security incidents, participate in threat hunts, and work with other security teams to deliver automation and standardisation to improve efficiency and response.What you will need

Security Engineering SkillsThreat Led: Ability to assess and validate information from various sources on cyber and informational security threats to the businessAbility to analyse and identify significance of processed intelligence to identify trends, threat actor TTPs and potential capabilitiesAbility to break down and translate information into tangible actionable dataSecure and Test-Driven EngineeringUnderstanding of cyber security threat frameworks such as MITRE ATTandCK, Lockheed Martin Kill Chain etc.Ability to specify/implement processes to maintain required level of security for a component/product/system during its lifecycleProficient at detection development lifecycle covering all reasonable positive and negative test casesAbility to conduct code reviews of existing content and processes to identify and enhance or mitigate security issuesContribute to security evaluation or testing of threats/vulnerabilities faced by systemsApplies recognised evaluation/testing methodologies, tools and techniques to signature development / reviewsResearchAbility to quantify and define research goals to generate worthwhile detection ideas for further testing and explorationAbility to summarise findings or technical information to be disseminated with wider teams, factoring in business knowledge and summariesExperience relevant for this roleAbility to develop queries and enable robust detection of threatsWorking knowledge of Windows, macOS or Linux operating systemsAbility to work independently as well as part of a teamUnderstanding of modern attacker TTPsTranslate threat intelligence into actionable detection logicSolid grasp of detection technologiesA broad understanding of security concepts; an interest and passion for cyber securityAn analytical approach; ability in problem solving and comfortable working on production systems at scaleQuery languages such as KQL or SPLExperience developing and maintaining basic automation scripts (e.g., Bash, Python, Batch, PowerShell)Desirable Skills and ExperienceKnowledge of cloud infrastructure, cloud security and cloud APIsKnowledge of attacker tools and evasion techniques within offensive engineeringWorking knowledge of at least one major programming language, including scripting languages like Python and PowerShellExperience of developing detections as codeAbout us

Our vision at Tesco is to become every customer''s favourite way to shop, whether they are at home or out on the move. Our core purpose is “Serving our customers, communities and planet a little better every day.” Serving means more than a transactional relationship with our customers. It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of and for the planet.We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves. At Tesco, we not only celebrate diversity, but recognise the value and opportunity it brings. We\''re committed to creating a workplace where differences are valued, and make sure that all colleagues are given the same opportunities. We\''re proud to have been accredited Disability Confident Leader and we\''re committed to providing a fully inclusive and accessible recruitment process. For further information on the accessibility support we can offer, please click here.We\''re a big business and we can offer a range of diverse full-time and part-time working patterns across our many business areas, which means that we can find something that works for you. We work in a more blended pattern - combining office and remote working. Our offices will continue to be where we connect, collaborate and innovate. If you are applying internally, please speak to the Hiring Manager about how this can work for you - Everyone is welcome at Tesco.

#J-18808-Ljbffr