Security Engineer (detection Engineering)

Tesco
Welwyn Garden City
1 week ago
Applications closed

Related Jobs

View all jobs

Security Engineer, Senior, London, Bank 75k

Security Engineer

Security Engineering Manager - Detection Engineering

Security Engineer

Security Engineer

Security Engineer

About the role

As a Cyber Security Detection Engineer, you will lead the development, implementation, and continuous improvement of Tesco's cyber security detection capability.

You will be required to understand the changing threat landscape, see opportunities for improvement in existing detections, establish new detections, and ensure appropriate detection coverage for the organisation. You will work closely with multiple teams, including security operations, engineering, and risk & compliance, in a fast paced and agile environment.

At Tesco, we believe in the power of spending more time together, face to face, than apart. So, during your working week, you can expect to spend 60% of your time in one of our office locations or local sites and the rest remotely. We also recognise that life looks a little different for each of us. That's why at Tesco, we always welcome a conversation about flexible working.

You will be responsible for

Responsible for developing and driving the cyber security detection capability both day-to-day and strategically for the Tesco Group. You are expected to seek out effective and comprehensive detection logic and capability, ensuring detections are robust and not brittle, thoroughly tested, and that alerts and supporting information is available to and understood by operational cyber security teams.

You are expected to put the needs of operational teams and incident responders at the centre of your development work, ensuring detections and alerts are relevant, of value, and have practical response steps. You will need to ensure detection capability is fit for both on-premises, private and public cloud environments, working at significant scale, and across a diverse range of asset types.

In addition, you may provide support during cyber security incidents, participate in threat hunts, and work with other security teams to deliver automation and standardisation to improve efficiency and response.

You will need

Security Engineering Skills

Threat Led

  1. Ability to assess and validate information from various sources on cyber and informational security threats to business.
  2. Ability to analyse and identify significance of processed intelligence to identify trends, threat actor TTPs and potential capabilities.
  3. Ability to break down and translate information into tangible actionable data.


Secure & Test-Driven Engineering

  1. Understanding of cyber security threat frameworks such as MITRE ATT&CK, Lockheed Martin Killchain etc.
  2. Ability to specify/implement processes to maintain required level of security for a component/product/system during its lifecycle.
  3. Proficient at detection development lifecycle covering all reasonable positive and negative test cases.
  4. Ability to conduct code reviews of existing content and processes to identify and enhance or mitigate security issues.
  5. Contribute to security evaluation of or testing of threat/vulnerabilities faced by systems.
  6. Applies recognised evaluation/testing methodologies, tools and techniques to signature development / reviews, suggesting new ones where appropriate.


Research

  1. Ability to quantify and define research goals to generate worthwhile relevant detection ideas for further testing and exploration.
  2. Ability to summarise findings or technical information to be disseminated with wider teams, factoring in business knowledge and summaries.


Key Skills and Experience

  1. An ability to develop queries and enable robust detection of threats.
  2. Working knowledge of Windows, macOS or Linux operating systems.
  3. Ability to work independently as well as part of a team.
  4. Understanding of modern attacker TTPs.
  5. Translate threat intelligence into actionable detection logic.
  6. Solid grasp of detection technologies.
  7. A broad understanding of security concepts; an interest and passion for cyber security.
  8. An analytical approach; ability in problem solving and comfortable working on production systems at scale.
  9. Query languages such as KQL or SPL.
  10. Experience developing and maintaining basic automation scripts (e.g., Bash, Python, Batch, PowerShell etc.).


Desirable Skills and Experience:

  1. Knowledge of cloud infrastructure, cloud security and cloud APIs a plus.
  2. Knowledge of attacker tools and evasion techniques within offensive engineering.
  3. Working knowledge of at least one major programming language, including scripting languages like Python and PowerShell.
  4. Experience of developing detections as code.


Desirable Certifications

  1. One or more from: CompTIA Security+, GIAC, CEH, SSCP. Where appropriate other industry relevant certifications will be considered.


What's in it for you

We're all about the little helps. That's why we make sure our Tesco colleague benefits package takes care of you - both in and out of work.

  1. Annual bonus scheme of up to 20% of base salary.
  2. Holiday starting at 25 days plus a personal day (plus Bank holidays).
  3. Private medical insurance.
  4. 26 weeks maternity and adoption leave (after 1 years' service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 6 weeks fully paid paternity leave.
  5. Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing.


About us

Our vision at Tesco is to become every customer's favourite way to shop, whether they are at home or out on the move. Our core purpose is 'Serving our customers, communities and planet a little better every day'. Serving means more than a transactional relationship with our customers. It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of and for the planet.

Diversity, equity and inclusion (DE&I) at Tesco means that whoever you are and whatever your background, we always want you to feel represented and that you can be yourself at work. In short, we're a place whereEveryone's Welcome. We're proud to have been accredited Disability Confident Leader and we're committed to providing a fully inclusive and accessible recruitment process.#J-18808-Ljbffr

Get the latest insights and jobs direct. Sign up for our newsletter.

By subscribing you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Jobs

Job-Hunting During Economic Uncertainty: Cyber Security Edition

The cybe rsecurity sector sits at the forefront of today’s digital landscape, defending businesses and governments alike from increasingly sophisticated threats. From incident response and network security to cloud protections and zero-trust architectures, cyber security professionals tackle an ever-evolving array of challenges. Yet, even this mission-critical field is not immune to economic turbulence. When broader financial markets experience uncertainty—whether through global recessions, regional downturns, or unexpected macro events—the hiring climate can shift, making roles more selective and budgets tighter. For job seekers in cyber security, this can be disconcerting. You might discover that once-abundant vacancies have become scarce, competition for the remaining positions is fiercer, or company priorities pivot away from large-scale expansions toward essential, cost-justified security projects. At the same time, data breaches and cyberattacks don’t pause during economic slowdowns—if anything, they may escalate as bad actors exploit organizational vulnerabilities. This paradox means that while the market feels tough, demand for cyber security expertise remains robust. In this article, we’ll look at: Why economic uncertainty affects cyber security hiring trends. Strategies for staying competitive, even if the number of open roles shrinks. Methods to highlight your skills, adapt to shifting priorities, and network effectively. Approaches for preserving mental well-being during prolonged searches or uncertain feedback loops. How www.cybersecurityjobs.tech can help you find the ideal security-focused role. By proactively sharpening your skill set, tailoring your professional profile, and engaging with a focused community, you can secure a rewarding cyber security job—even when the broader market feels volatile.

Careers

How to Achieve Work-Life Balance in Cyber Security Jobs: Realistic Strategies and Mental Health Tips

Cyber security is one of today’s most vital and rapidly expanding sectors. As data breaches, ransomware, and other cyber threats continue to evolve, the demand for skilled professionals is surging across industries—from finance and healthcare to government and e-commerce. Whether you’re a penetration tester, security analyst, or threat intelligence expert, you play a key role in safeguarding digital infrastructure and sensitive information. This high-stakes environment, however, often comes with intense pressure. Long hours, constant vigilance, and an ever-changing threat landscape can make it challenging to find time for personal well-being. Many cyber security specialists report difficulty striking a sustainable work-life balance, unsure if it’s even possible in a field that never truly sleeps. Yet, as concerns about mental health and burnout become more pressing, professionals and employers alike are seeking better ways to combine career advancement with a fulfilling personal life. In this comprehensive article, we’ll explore how to achieve a work-life balance in cyber security. You’ll discover strategies for managing 24/7 threat alerts, the importance of realistic expectations, ways to maintain mental health in high-intensity roles, and tips for setting boundaries without compromising your professional growth. Whether you’re new to this dynamic arena or already an established specialist, these insights can help you thrive personally and professionally in the fast-paced world of cyber security.

Careers

Transitioning from Academia to the Cyber Security Industry: How Researchers Can Harness Their Skills to Protect Commercial Environments

Cyber security has become a mission-critical field in an era where data breaches, ransomware attacks, and sophisticated hacking techniques threaten businesses and public institutions alike. As digital transformation touches nearly every facet of modern life, the need for highly skilled individuals capable of defending systems and networks continues to grow. For PhDs and academic researchers with expertise in areas like cryptography, network security, or threat intelligence, this presents an exciting opportunity to deploy your analytical prowess in a high-impact, fast-paced commercial setting. In this guide we’ll explore how academics can successfully pivot from the research lab to the cyber security industry. Learn how to apply rigorous, theory-driven approaches to real-world challenges, from designing secure software architectures to neutralising advanced persistent threats. By embracing the industry’s urgency and end-to-end mindset, you can transform your scholarly insights into robust, market-facing security solutions that protect companies and users on a global scale.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.