Enable job alerts via email!
Security Engineer II - Detection Engineering
Tesco UK
Digswell
On-site
GBP 50,000 - 85,000
Full time
Generate a tailored resume in minutes
Land an interview and earn more. Learn more
Job summary
As a leading retailer in the UK, Tesco is seeking a Cyber Security Detection Engineer to enhance its security posture. This role involves developing and implementing robust detection capabilities while collaborating with various teams to ensure comprehensive coverage across all environments. Ideal candidates will possess strong skills in threat analysis, secure coding practices, and incident response.
Qualifications
- Experience in developing queries for threat detection.
- Proficient with KQL, SPL, Python, and PowerShell.
- Familiar with cyber security frameworks such as MITRE ATT&CK.
Responsibilities
- Lead the development of Tesco's cyber security detection capability.
- Design and test detection logic; ensure robust alerts.
- Support cyber security incidents and collaborate with other teams.
Skills
Job description
As a Cyber Security Detection Engineer, you will lead the development, implementation, and continuous improvement of Tesco's cyber security detection capability. You will be required to understand the changing threat landscape, identify opportunities for improvement, establish new detections, and ensure comprehensive detection coverage for the organization. You will work closely with security operations, engineering, and risk & compliance teams in a fast-paced, agile environment.
Responsibilities include developing and driving the cyber security detection capability both operationally and strategically for the Tesco Group. You should design effective detection logic, ensure detections are robust and thoroughly tested, and make alerts and supporting information accessible and understandable to operational cyber security teams.
You will prioritize the needs of incident responders and operational teams, ensuring detections and alerts are relevant and actionable. The detection capability must be adaptable for on-premises, private, and public cloud environments, operating at scale across diverse asset types.
You may also support cyber security incidents, participate in threat hunts, and collaborate with other security teams to automate processes and standardize responses.
- Threat Led: Ability to assess and validate threat information, analyze trends, threat actor TTPs, and translate intelligence into actionable data.
- Secure & Test-Driven Engineering: Knowledge of cyber security frameworks (MITRE ATT&CK, Lockheed Martin Kill Chain), secure development lifecycle, detection development, code review, and vulnerability assessment.
- Research: Ability to define research goals, generate detection ideas, and communicate findings effectively.
- Developing queries for threat detection.
- Knowledge of Windows, macOS, or Linux OS.
- Ability to work independently and in teams.
- Understanding attacker TTPs and translating threat intelligence into detection logic.
- Proficiency with detection technologies and scripting languages (e.g., KQL, SPL, Python, PowerShell).
- Knowledge of cloud infrastructure, security, and APIs.
- Experience with offensive security tools and techniques.
- Development of detections as code.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
Follow us
