Senior Red Teamer

We are passionate about step changing our cyber security capability to better protect customers and colleagues across our global business.

As part of this, we’re growing our security testing function to enhance and mature our defensive security capabilities.

This new role is an ideal opportunity for a red teamer eager to help build a red team capability that complements our team of penetration testers. As we shift towards a more threat-led security testing approach, we want to ensure we regularly test ourselves against potential threats.

We encourage positive engagement with our detection and response teams to push the boundaries of our security efforts at Tesco. You will have the opportunity to support and develop a mature blue team capability further.

You will also collaborate with application and infrastructure teams to address any underlying issues you identify.

You will work within an offensively trained, defensively focused security team. Your primary responsibility will be to help mature our security testing team to include a threat-led testing capability.

In this role, you will work alongside other testers and leverage internal knowledge, data sources, and tools to identify attack vectors and test hypotheses, unlike typical consultancy roles.

Opportunities to further develop your skills include:

• Supporting our wider security capability by providing a red team perspective to pentesting, detection, and prevention engineering
• Leading, mentoring, and developing team members to drive high performance
• Validating findings from our bug bounty program
• Triage and validate Tesco’s risk posture for newly released CVEs as part of vulnerability management

You will be supported in your career growth and encouraged to undertake personal research and certifications to stay at the forefront of offensive security.

Requirements include:

• Experience leading or performing red team engagements in a corporate environment, identifying exploitable security weaknesses
• Familiarity with frameworks like TIBER-EU or MITRE ATT&CK
• Experience with at least one C2 framework (e.g., Cobalt Strike, Mythic, Havoc)
• Experience building or managing C2 infrastructure
• Certifications like CRTO are desirable but not essential
• Knowledge of preventative and detective controls (EDR, firewalls, IDS, IPS, anti-virus, etc.)
• Analytical and critical thinking skills, with a willingness to challenge the status quo
• Good communication skills, both written and oral
• Ability to work independently and collaboratively within a diverse team

Our vision at Tesco is to become every customer's favorite way to shop, whether at home or on the go. Our core purpose is to serve our customers, communities, and the planet better every day. We aim to act as a responsible and sustainable business for all stakeholders and the communities we serve.

We foster an inclusive culture where everyone can be themselves. We celebrate diversity and value the opportunities it brings. Tesco is a Disability Confident Leader and committed to an accessible recruitment process. For accessibility support, please click here.

We offer various full-time and part-time working patterns across our business areas, combining office and remote work. Our offices are spaces for connection, collaboration, and innovation. Internal applicants should discuss flexible arrangements with their Hiring Manager. Everyone is welcome at Tesco.