Senior Security Analyst - Vulnerability Management

Tesco UK • Welwyn Garden City • Hybrid • Full-Time • Apply by 09-May-2025 About the role Tesco Technology are looking for a Senior Security Analyst reporting into the Vulnerability Management team. This is an exciting opportunity for a highly motivated security focused individual to join our expanding organisation. The scale and complexity of Tesco creates a huge opportunity for someone to apply their existing skills while developing new ones and make a difference to the millions of customers we serve. The role will involve being hands on with a focus on the availability and reliability of our data and reporting whilst having the freedom to leverage your knowledge and real-world experience to work with other teams and help drive innovation across our prevention, detection, and remediation capabilities. Your job is to provide actionable insight into the security posture of our systems and platforms prioritising remediation activities for our engineering colleagues and system owners to remediate as well as assurance that effective security controls and guardrails are in place across our on-prem and public What is in it for you We offer excellent benefits that help make Tesco a great place to work. These include but aren't limited to: An annual bonus scheme which you can achieve up to 20% of base salary Colleague Clubcard (including a 2nd card for a family member) after 6 months service with 10% off most purchases at Tesco Holiday starting at 25 days plus a personal day A retirement savings plan - 4%-7.5% contribution rate Life Assurance - 5 x contractual pay Buy As You Earn Scheme Save As You Earn Scheme Deals & Discounts through Tesco including Tesco Mobile & Tesco Bank Deals and Discounts through many other external businesses You will be responsible for Maintaining vulnerability scanning platforms to identify and analyse vulnerabilities. Taking a risk-based approach to prioritise remediation efforts. Working with engineering teams to remediate issues. Building a range of reporting capabilities to inform our stakeholders on the status and progress of VM remediation efforts across engineering and up to leadership and C level. Data correlation and identifying patterns and trends. Reviewing submissions from our active Bug Bounty Programs. Develop Guardrails and Standards to reduce exposure to vulnerabilities. You will need We welcome colleagues with diverse experiences who can bring unique perspectives to any discussion. Keen to cultivate a culture of collaboration, innovation and bringing industry standards to everything we do. Proactive and able to operate independently. Comfortable with ambiguity. You are resilient - you take ownership of seeing issues through to resolution whilst looking after yourself to be at your best. Have a passion for technology and can share that passion with others. Experience relevant for this role: 4+ Years of experience working in the IT Security Industry Experience with responding to security incidents in large scale corporate environments. Experience with Vulnerability Scanning tools such as Qualys and Tenable etc. Ability to categorise criticality as well as risk of a vulnerability. Expertise in networking, web services and application testing. Expert knowledge of DNS preventative network controls. Intelligence gathering and keeping up to date with current as well as evolving threats. Reporting at various levels to communicate risk, compliance and remediation activities. Produce and maintain evidence for audit and governance reporting. About us Our vision at Tesco is to become every customer's favourite way to shop, whether they are at home or out on the move. Our core purpose is'Serving our customers, communities and planet a little better every day'. Serving means more than a transactional relationship with our customers. It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of and for the planet. Diversity, equity and inclusion (DE&I) at Tesco means that whoever you are and whatever your background, we always want you to feel represented and that you can be yourself at work. In short, we're a place where Everyone's Welcome. We're proud to have been accredited Disability Confident Leader and we're committed to providing a fully inclusive and accessible recruitment process. We're a big business and we can offer a range of diverse full-time & part-time working patterns across our many business areas, which means that we can find something that works for you. We work in a more blended pattern -combining office and remote working. Our offices will continue to be where we connect, collaborate and innovate.