Skip to content
Tesco UK Welwyn Garden City Full-Time Working hours 36 Apply by 10-Mar-2026
About the role

To build and mature a cyber threat intelligence capability that serves as the predictive and proactive heart of our security programme. You will act as the technical authority for collecting, processing, and analysing intelligence, ensuring it enables a truly threat-informed defence. By converging intelligence tradecraft with engineering principles, you will drive the "Intelligence-to-Action" cycle and ruthlessly prioritise the efforts of our detection and response functions.


What is in it for you
We’re all about the little helps. That’s why we make sure our Tesco colleague benefits package takes care of you – both in and out of work. Click Here to find out more! 
 
  • Annual bonus scheme of up to 20% of base salary 
  • Holiday starting at 25 days plus a personal day (plus Bank holidays) 
  • Private medical insurance 
  • 26 weeks maternity and adoption leave (after 1 years’ service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 6 weeks fully paid paternity leave 
  • Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing 
You will be responsible for

Intelligence-to-Action Engineering

  • Operationalise the "Intelligence-to-Action Cycle," prioritising security engineering efforts based on business risk and validated threats.
  • Define and manage intelligence requirements to guide collection and ensure resources focus on the most relevant risks.
  • Design "Threat Intelligence-as-Code" workflows that automatically trigger hunting packages or detection stubs in our data platform when CTI outputs are available.

Maintenance of CTI Systems

  • Implement, manage and optimise the Threat Intelligence Platform (TIP) and analytical tools to automate across the intelligence cycle.
  • Drive technical initiatives to reduce technical debt and ensure tools scale to meet the organisation's evolving needs.
  • Ensure seamless integration between CTI systems, SIEMs, SOAR,and endpoint detection platforms to correlate threats against internal telemetry and take suitable action.

Detection & Hunt Support

  • Translate unstructured intelligence into actionable detection suggestions, collaborating with engineers to address coverage gaps for high-priority adversary behaviours.
  • Support proactive threat hunting by defining process and systems which enable hypothesis-driven hunts based on adversary TTPs and specific business risks.

Automation & Force Multipliers

  • Champion "Automation-First" principles, using scripting (Python, PowerShell) to automate repetitive data collection and enrichment tasks.
  • Leverage AI and machine learning as "Force Multipliers" to summarise complex threat reports and accelerate code generation and deployment.
  • Develop advanced workflows that integrate intelligence feeds directly into defensive controls for real-time blocking.

Strategic & Tactical Reporting

  • Support the production of tiered intelligence products, from strategic executive briefings to operational reports on specific adversary campaigns.
  • Disseminate machine-readable indicators (IOCs) to enable immediate detection and response actions.

Partnership & Sharing

  • Act as the technical intelligence partner to Detection Engineering, Security Operations and Incident Response, ensuring a seamless flow of actionable data.
  • Establish and mature intelligence-sharing partnerships with industry peers and intelligence-sharing communities to strengthen collective defence.

You will need
  • Experience: 3-5+ years in cybersecurity, specifically in Security Engineering, Threat Intelligence, Security Operations (SOC), Incident Response.
  • Tradecraft: Advanced understanding of frameworks relating to threat modelling, threat intelligence, threat hunting and detection engineering (ATT&CK, D3FEND, Kill Chain, Attack Flow, STRIDE, DREAD, etc).
  • Technical Skills: Proficiency in scripting languages (e.g., Python, PowerShell) for analysis, automation, and workflow improvement.
  • Tooling: Hands-on experience with Threat Intelligence Platforms (TIPs) (MISP, ThreatConnect, etc) and SIEM technologies (Splunk, Sentinel, etc).
  • Communication: Strong ability to translate complex threat data into actionable insights for both technical and executive audiences.
About us
Our vision at Tesco is to become every customer's favourite way to shop, whether they are at home or out on the move. Our core purpose is ‘Serving our customers, communities and planet a little better every day’. Serving means more than a transactional relationship with our customers. It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of and for the planet. 
 
We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves. At Tesco, we not only celebrate diversity, but recognise the value and opportunity it brings. We're committed to creating a workplace where differences are valued, and make sure that all colleagues are given the same opportunities. We’re proud to have been accredited Disability Confident Leader and we’re committed to providing a fully inclusive and accessible recruitment process. For further information on the accessibility support we can offer, please click here. 
 
We’re a big business and we can offer a range of diverse full-time & part-time working patterns across our many business areas, which means that we can find something that works for you.  We work in a more blended pattern - combining office and remote working.  Our offices will continue to be where we connect, collaborate and innovate.  If you are applying internally, please speak to the Hiring Manager about how this can work for you - Everyone is welcome at Tesco. 
© Tesco Careers 2026. All rights reserved.