OverviewTesco UK • Welwyn Garden City • Hybrid • Full-Time • Apply by 04-Dec-2025

As a Cyber Security Detection Engineer, you will lead the development, implementation, and continuous improvement of Tesco''s cyber security detection capability. You will understand the changing threat landscape, identify opportunities for improvement in existing detections, establish new detections, and ensure appropriate detection coverage for the organisation. You will work closely with multiple teams, including security operations, engineering, and risk and compliance, in a fast paced and agile environment.

Benefits

Annual bonus scheme of up to 20% of base salary

Holiday starting at 25 days plus a personal day (plus Bank holidays)

Private medical insurance

26 weeks maternity and adoption leave (after 1 year’s service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, plus 4 weeks fully paid paternity leave

Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing

Responsibilities

Develop and drive the cyber security detection capability day-to-day and strategically for the Tesco Group.

Seek out effective and comprehensive detection logic and capability, ensuring detections are robust, thoroughly tested, and that alerts and supporting information are available to and understood by operational cyber security teams.

Prioritize the needs of operational teams and incident responders in development work, ensuring detections and alerts are relevant and provide practical response steps.

Ensure detection capability is fit for on-premises, private and public cloud environments, at significant scale and across a diverse range of asset types.

Provide support during cyber security incidents, participate in threat hunts, and work with other security teams to deliver automation and standardisation to improve efficiency and response.

Requirements

Operational skills in security engineering with the ability to assess and validate information from various sources on cyber and information security threats

Ability to analyse and identify significance of processed intelligence to identify trends, threat actor TTPs, and potential capabilities; translate information into tangible actionable data

Understanding of cyber security threat frameworks (e.g., MITRE ATTandCK, Lockheed Martin Kill Chain) and security lifecycle management

Proficiency in detection development lifecycle with positive and negative test cases; ability to conduct code reviews and enhance or mitigate security issues

Experience evaluating or testing threats/vulnerabilities and applying evaluation/testing methodologies to signature development/reviews

Ability to quantify and define research goals to generate worthwhile detection ideas and to summarise findings for wider teams

Experience developing queries and enabling robust detection of threats

Working knowledge of Windows, macOS or Linux operating systems

Ability to work independently and as part of a team; understanding of modern attacker TTPs

Translate threat intelligence into actionable detection logic; solid grasp of detection technologies

Analytical problem-solving skills and comfort working on production systems at scale

Experience with query languages such as KQL or SPL

Experience developing and maintaining basic automation scripts (e.g., Bash, Python, PowerShell, etc.)

Desirable Skills and Certifications

Knowledge of cloud infrastructure, cloud security and cloud APIs

Knowledge of attacker tools and evasion techniques within offensive engineering

Working knowledge of at least one major programming language, including scripting languages like Python and PowerShell

Experience developing detections as code

Certifications such as CompTIA Security+, GIAC, CEH, SSCP or other industry-relevant certifications

About usOur vision at Tesco is to become every customer''s favourite way to shop, whether they are at home or out on the move. Our core purpose is ''Serving our customers, communities and planet a little better every day''. Serving means more than a transactional relationship with our customers. It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of and for the planet.

We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves. We celebrate diversity and are committed to creating a workplace where differences are valued and all colleagues are given the same opportunities. We are a Disability Confident Leader and provide an accessible recruitment process. For accessibility support information, please click here.

We are a large organisation offering diverse full-time and part-time patterns across our many business areas, with blended office and remote working. If applying internally, speak to the Hiring Manager about how this can work for you.

#J-18808-Ljbffr