Security Manager - SOC

Our Security Operations Centre (SOC) is at the heart of monitoring and investigating cybersecurity incidents for the Tesco Group. They operate closely with other cybersecurity teams, including Digital Forensics and Incident Response, Threat Intelligence, Automation and Detection Engineering, to protect, detect, and respond to security threats across Tesco’s complex estate.

Beyond investigating security incidents, they maximise their expertise to collaborate with other teams, driving innovation and improving our overall security capabilities. The Security Operations Centre Manager will lead a skilled team, deliver high-quality service, and collaborate with cybersecurity professionals. Take charge of coordinating initiatives that integrate efforts across security teams and the wider Tesco Technology organization. Emphasize the development of team members and the maturity of the SOC's capabilities.

Drawing on extensive security operations experience and strong critical thinking skills, the SOC Manager will support incident analysis and maintain a clear view of the operational and threat landscape, ensuring a coordinated and effective response to emerging incidents.

At Tesco, we believe in the power of spending more time together, face to face, than apart. So, during your working week, you can expect to spend 60% of your time in one of our office locations or local sites and the rest remotely. We also recognise that life looks a little different for each of us. Some people are at the start of their careers, some want the freedom to do the things they love. Others are going through life-changing moments like becoming a carer, nearing retirement, adapting to parenthood, or something else. That’s why at Tesco, we always welcome a conversation about flexible working. So, talk to us throughout your application about how we can support.

We’re all about the little helps. That’s why we make sure our Tesco colleague benefits package takes care of you - both in and out of work.

• Annual bonus scheme of up to 20% of base salary
• Holiday starting at 25 days plus a personal day (plus Bank holidays)
• Private medical insurance, 26 weeks maternity and adoption leave (after 1 year's service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, and 4 weeks fully paid paternity leave
• Free 24/7 virtual GP service
• Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing

• Lead an effective and efficient SOC service that delivers timely detection, analysis, and response to security alerts and incidents.
• Ensure continuous improvement and alignment of new initiatives with the broader security strategy, keeping it central to all planning and execution, while also reporting on its implementation.
• Stay ahead of the cyber threat landscape and specifically those within Tesco verticals (retail, transport, fuel, pharmacy).
• Lead the team through complex operational landscapes and security incidents, ensuring accurate interrogation, analysis, and presentation of threat-related data and ensuring decisive actions.
• Develop team member leadership skills and technical capabilities.
• Encourage industry leading investigative analysis through comprehensive response playbooks, formulating detection use cases and automations, and research service-enhancing tools.
• Encourage and implement innovative practices in threat monitoring and response, fostering continuous improvement and adaptation to emerging threats.
• Use threat intelligence to focus investigation and detection efforts and adhere to the threat hunting strategy and processes.
• Develop, implement, and maintain policies, standards, and procedures for security operations investigations and incidents, ensuring alignment with legal and regulatory requirements.
• Conduct SOC service reviews, including evaluating capacity, assessing quality, conducting purple and red team exercises, and performing internal evaluations.
• Collaborate closely with teams across cybersecurity, technology, and beyond.
• Lead service improvements through projects and initiatives, ensuring clear communication of plans, implementation, and progress updates.
• Monitor and assess managed security service provider performance, ensuring alignment to contracted service and operational level agreements.
• Maintain high-quality standards through regular audits, evaluations, and the implementation of continuous improvement.
• Follow our Business Code of Conduct and always act with integrity and due diligence.