Penetration Tester

We are building an internal penetration testing function to strengthen our defensive security capabilities. This role uses offensive skills to discover and demonstrate vulnerabilities in our systems. Tesco Technology deploys solutions across a range of stacks, from on‑premise infrastructure to cloud‑centric deployments. You will work with developers to address findings at scale across Tesco, help application teams remediate issues, assist infrastructure teams, and contribute to detection and incident response with your offensive security knowledge.

We believe skilled, hard‑working people are our greatest asset in reducing cyber risk. We support continual development and keeping up with the evolving threat landscape.

Are you up for this challenge?

You will be working in an offensively trained and defensively focused security team. Your primary responsibility is to deliver high‑quality security assessments in areas including web applications, APIs, mobile, and infrastructure. You will have access to internal knowledge, data sources, and tools to identify attack vectors and test hypotheses.

There are opportunities to stretch your skills, including:

• Refining and developing our detections with security engineers
• Participating in purple teaming exercises to assess broader security posture
• Triaging and validating findings from our bug bounty program
• Triaging and validating Tesco’s risk posture for newly released CVEs as part of vulnerability management

We support colleagues’ career development with time and opportunities for research, plus training to develop and innovate in offensive security.

• Penetration testing experience performing authorised tests on computer systems, identifying weaknesses that could be exploited
• GPEN, CREST, OSCP, OSEP or other industry certifications are helpful but not essential
• Understanding of operating systems and networking fundamentals
• Knowledge of preventative and detective controls (EDR, firewalls, IDS/IPS, anti‑virus, etc.)
• Analytical and critical thinking, willingness to challenge the status quo
• Good written and oral communication skills
• Ability to work independently and collaboratively in a diverse team

We offer a benefits package that takes care of you both in and out of work. Click here to find out more.

• Annual bonus scheme of up to 20% of base salary
• Holiday starting at 25 days plus a personal day plus Bank holidays
• Private medical insurance
• 26 weeks maternity and adoption leave (after 1 year’s service) at full pay, followed by statutory pay; fully paid paternity leave is also offered
• Free 24/7 virtual GP service and Employee Assistance Programme (EAP) for you and your family

Tesco is on a mission to become every customer’s favourite way to shop. Our core purpose is to serve customers, communities, and the planet a little better every day. We are committed to an inclusive culture and providing equal opportunities. We are a Disability Confident Leader and offer an accessible recruitment process. We support flexible working patterns and a blended office/remote setup. Internal applicants should discuss arrangements with the Hiring Manager.