Our Digital Forensics and Incident Response (DFIR) team leads the technical investigation and response to security incidents at Tesco. As part of this team, you’ll work alongside our security operations, threat intelligence, and security engineering teams to protect, detect, and respond to security threats across Tesco’s diverse and evolving estate.

You’ll apply your deep technical knowledge and critical thinking ability to investigate and understand the full extent of security incidents and threats. Your ability to distil and clearly convey technical information will allow you to provide key contextual information to decision makers, enabling informed decisions.

As a senior team member, when not investigating security incidents, you’ll leverage your knowledge and experience to improve and automate the team’s workflows, collaborating with other teams to drive innovation in prevention, automation, detection, and response capabilities. Your role as a senior incident responder also involves serving as a role model for engineers and analysts across Security Operations.

Responsibilities include:

1. Investigation and Response: Conduct host, network, and cloud forensic analysis to understand security incidents and take appropriate actions to contain, remediate, and recover.
2. Incident Handling: Support incident managers and decision makers with root cause analysis and recommendations for detection and prevention controls.
3. Technical Projects: Enhance existing processes and develop new methods to deliver DFIR services aligned with evolving technology needs.
4. Threat Hunting & Detection Engineering: Lead threat hunts to identify anomalous behaviors and contribute to detection engineering programs.

Minimum Requirements:

• 4+ years of relevant experience.
• Experience responding to security incidents in large-scale on-premises and cloud environments (preferably Microsoft Azure).
• Experience with forensic analysis on Windows, MacOS, and Unix systems.
• Knowledge of security technologies such as EDR, SOAR, and SIEM.
• Proficiency in at least one scripting language like Python or PowerShell.
• Strong critical thinking and leadership in investigations.
• Ability to handle high-pressure situations professionally.
• Experience with static and dynamic malware analysis is desirable.

Our vision at Tesco is to become every customer's favourite way to shop, whether at home or on the move. Our core purpose is to serve our customers, communities, and planet better every day, acting responsibly and sustainably.

We foster an inclusive culture where everyone can be themselves, celebrating diversity and ensuring equal opportunities. We are proud to be a Disability Confident Leader and committed to accessible recruitment. For support details, please click here.

We offer flexible full-time and part-time roles across various business areas, combining office and remote work. Our offices are spaces for connection, collaboration, and innovation. Internal applicants should discuss flexible arrangements with their Hiring Manager. Everyone is welcome at Tesco.