Senior Red Teamer

We are passionate about step changing our cyber security capability to better protect customers and colleagues across our global business.

As part of this, we’re growing our security testing function to complement and further mature our defensive security capabilities.

This new role is an ideal opportunity for a red teamer who wants to help build a red team capability to complement our penetration testers. As we broaden our security testing to become more threat-led, we want to ensure we regularly test ourselves against potential threats.

We encourage positive engagement with our detection and response teams to push the boundaries of our security efforts at Tesco. You will have the opportunity to support and develop a mature blue team capability further.

You will also collaborate with application and infrastructure teams to address underlying issues you identify.

You’ll work in a security team that is offensively trained and defensively focused. Your primary responsibility will be to help us mature our security testing team by including a threat-led testing capability.

In this role, you’ll work alongside other testers and leverage internal knowledge, data sources, and tools to identify attack vectors and test hypotheses.

Additional opportunities include:

• Supporting our wider security capabilities by providing a red team perspective to penetration testing, detection, and prevention engineering
• Leading, mentoring, and developing team members to drive high performance
• Validating findings from our bug bounty program
• Triage and validate Tesco’s risk posture for new CVEs as part of vulnerability management

You will be supported in your career development, with time and opportunities for personal research and certifications to stay at the forefront of offensive security.

Requirements include:

• Experience leading or performing red team engagements in a corporate environment, exposing security weaknesses
• Familiarity with frameworks like TIBER-EU or MITRE ATT&CK
• Experience with at least one C2 framework (e.g., Cobalt Strike, Mythic, Havoc)
• Experience building or managing C2 infrastructure
• CRTO or similar certifications are desirable but not essential
• Knowledge of preventative and detective controls (EDR, firewalls, IDS, IPS, anti-virus)
• Analytical and critical thinking skills, willingness to challenge the status quo
• Good communication skills, both written and oral
• Ability to work independently and collaboratively in a diverse team

Our vision at Tesco is to become every customer's favorite way to shop, whether at home or on the move. Our core purpose is ‘Serving our customers, communities and planet a little better every day’. We aim to act responsibly and sustainably for all stakeholders, communities, and the planet.

We foster an inclusive culture where everyone can be themselves. We celebrate diversity and recognize its value. We are committed to providing an accessible recruitment process and supporting all colleagues. For accessibility support details, please click here.

We offer flexible full-time and part-time roles across various business areas, with a blended approach of office and remote work. Our offices are spaces for connection, collaboration, and innovation. Internal applicants should discuss flexible arrangements with the Hiring Manager. Everyone is welcome at Tesco.