Our Digital Forensics and Incident Response (DFIR) team lead the technical investigation and response to security incidents at Tesco. As part of this team, you’ll work alongside our security operations, threat intelligence, and security engineering teams to protect, detect, and respond to security threats across Tesco’s diverse and evolving estate.
You’ll apply your deep technical knowledge and critical thinking ability to investigate and understand the full extent of security incidents and threats. Your ability to distil and clearly convey technical information will allow you to provide the key contextual information to decision makers that enables them to make informed decisions.
As a senior position, when you’re not investigating security incidents, you’ll have the freedom to leverage your knowledge and real-world experience to help improve and automate the team’s technical workflows, working alongside other teams to [RR1] [RR2] help drive innovation across our prevention, automation, detection, and response capabilities. Your status as a senior incident responder means you’ll serve as a role model for engineers and analysts across Security Operations.
- Annual bonus scheme of up to 20% of base salary
- Holiday starting at 25 days plus a personal day (plus Bank holidays)
- Private medical insurance
- 26 weeks maternity and adoption leave (after 1 years’ service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 4 weeks fully paid paternity leave
- Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing
- Investigation and Response: Perform host, network, and cloud-based forensic analysis to understand the full extent of security incidents and take appropriate response actions to contain, remediate, and recover.
- Incident Handling: Support cyber-security incident managers and decision makers with root cause analysis and formulating recommendations for detection and prevention controls.
- Technical Project Work: Use your technical capabilities to enhance our existing processes as well as identifying and working on new methods to deliver DFIR services to the ever-changing technology requirements of the business.
- Threat Hunting & Detection Engineering: Lead intelligence-based threat hunts to uncover anomalous behaviour in our estate that is representative of the security threats most relevant to Tesco, testing and raising potential detections to contribute to our internal detection engineering programme
· 4+ years of relevant experience.
· Experience with responding to security incidents in large scale corporate on-premises and public cloud environments (preferably Microsoft Azure).
· Experience with forensic analysis of cyber-security incidents on Windows, MacOS, and Unix operating systems and in-depth understanding of those operating systems.
· Experience with a broad range of security technologies such as EDR, SOAR, and SIEM.
· Proficiency in at least one programming or scripting language e.g. Python or PowerShell.
· Ability to think critically and lead technical investigations.
· Ability to handle high pressure situations in a calm, productive, and professional manner.
· Experience with static and dynamic file/malware triage desirable.