Overview

The Security Operations Centre (SOC) monitors and investigates cybersecurity incidents for the Tesco Group, collaborating with Digital Forensics and Incident Response, Threat Intelligence, Automation and Detection Engineering, and other cybersecurity teams to protect, detect, and respond to security threats across Tesco’s estate. The SOC Manager will lead a skilled team, deliver high-quality service, coordinate initiatives across security teams and the wider Tesco Technology organisation, and focus on developing team members and maturing the SOC’s capabilities.

Drawing on extensive security operations experience and strong critical thinking, the SOC Manager will support incident analysis and maintain a clear view of the operational and threat landscape, ensuring a coordinated and effective response to emerging incidents. Tesco supports flexible working and collaboration: you can expect to spend 60% of your time in office or local sites, with the rest remotely.

We welcome conversations about flexible working and how we can support your needs during the application and beyond.

Responsibilities

• Lead an effective and efficient SOC service that delivers timely detection, analysis, and response to security alerts and incidents.
• Ensure continuous improvement and alignment of new initiatives with the broader security strategy, reporting on implementation.
• Stay ahead of the cyber threat landscape, with emphasis on Tesco verticals (retail, transport, fuel, pharmacy).
• Lead the team through complex operational landscapes and security incidents, ensuring accurate interrogation, analysis, and presentation of threat-related data and decisive actions.
• Develop leadership and technical capabilities within the team; foster industry-leading investigative analysis through response playbooks, detection use cases, automations, and service-enhancing tools.
• Encourage innovative practices in threat monitoring and response; apply threat intelligence to focus investigations and detections in line with threat hunting processes.
• Develop, implement, and maintain policies, standards, and procedures for security operations investigations and incidents, ensuring alignment with legal and regulatory requirements.
• Conduct SOC service reviews, including capacity evaluation, quality assessment, purple and red team exercises, and internal evaluations.
• Collaborate across cybersecurity, technology, and other teams; lead service improvements through projects with clear plans, implementation, and progress updates.
• Monitor and assess managed security service provider performance; ensure alignment to contracted service and SLAs.
• Maintain high-quality standards through regular audits and continuous improvement.

Experience and Qualifications

• Demonstrable experience (4+ years) leading a high-performance team, including security analysts at all levels.
• Proficient in security operations, including technical analysis, investigations, and handling incidents in large-scale, fast-paced corporate environments (on‑premise and cloud).
• Strong understanding of threats facing large enterprises and SOC challenges.
• Experience with enterprise security technologies (EDR, SIEM, SOAR) and with analysis of enterprise systems (OS, networks, cloud, complex architectures).
• Familiarity with at least one scripting language (e.g., Python, PowerShell).
• Awareness of how AI can be applied in offensive and defensive team operations to enhance security posture.
• Excellent written and verbal communication; ability to think critically and lead technical investigations; able to handle high-stress situations with composure and integrity.
• Desirable training or certifications (e.g., SANS LDR551, SEC504, FOR508, ITIL), though not required.

Working Arrangements and Inclusion

At Tesco, we champion a balance that lets you thrive both in and out of work. Spend 60% of your week collaborating with colleagues at our office locations or local sites and the rest remotely. We recognise that life looks different for everyone and we welcome conversations about flexible working.

We are proud to be an accredited Disability Confident Leader, committed to an inclusive and accessible recruitment process. If you need support with your application, please contact us for more information. If you’re interested in joining our team but don’t tick every box, please apply anyway.