Join to apply for the Penetration Tester role at Tesco Technology
About the role
We are passionate about step‑changing our cyber security capability to better protect customers and colleagues across our global business. We’re building an internal penetration testing function to complement and help further mature our defensive security capabilities.
This new role challenges you to use your offensive skills to discover and demonstrate vulnerabilities and weaknesses in our systems. Tesco Technology has hundreds of software and infrastructure engineers deploying solutions at scale using many different technology stacks, from traditional on‑premise infrastructure to cloud‑centric containerised deployments.
Working collaboratively with our developers is key to identifying and addressing findings, efficiently and at scale across Tesco. You will have the opportunity to help application teams remediate issues, help infrastructure teams build better supporting functions, and help improve our detection and response teams by proposing new detection ideas or providing your offensive security knowledge to aid incident response.
We believe that skilled and hard‑working people are our greatest asset in reducing cyber risk to our business and customers. We encourage and support continual development and recognise the importance of keeping up with the latest technology (as well as all the older stuff) and an evolving threat landscape.
Are you up for this challenge?
You will be responsible for
* Delivering high‑quality security assessments in a variety of areas including web application, API, mobile, and infrastructure.
* Using internal knowledge, data sources, and tools to help identify attack vectors and test hypotheses.
* Working with our security engineers to refine and develop our detections.
* Participating in purple teaming exercises carrying out wider assessments of our security posture.
* Helping triage and validate findings from our bug bounty program.
* Triage and validate Tesco’s risk posture for newly released CVEs as part of vulnerability management.
You will need
* Penetration testing experience performing authorised tests on computer systems, exposing weaknesses in security that could be exploited.
* GPEN, CREST, OSCP, OSEP or other industry relevant certifications are helpful but not crucial.
* An understanding of operating system and networking fundamentals, and underlying principles.
* Knowledge of preventative and detective controls (EDR, firewalls, IDS, IPS, anti‑virus, etc).
* Analytical and critical thinking skills; willingness to challenge the status quo.
* Good written and oral communication skills.
* Comfortable working both independently and collaboratively in a diverse team.
Whats in it for you?
* Annual bonus scheme of up to 20% of base salary.
* Holiday starting at 25 days plus a personal day (plus Bank holidays).
* Private medical insurance.
* 26 weeks maternity and adoption leave (after 1 year’s service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay; 4 weeks fully paid paternity leave.
* Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental well‑being.
About Us
Our vision at Tesco is to become every customer’s favourite way to shop, whether they are at home or out on the move. Our core purpose is ‘Serving our customers, communities and planet a little better every day’. We are proud to have an inclusive culture where everyone can be themselves and where diversity is valued.
We are committed to an accessible recruitment process and we offer a range of full‑time and part‑time working patterns across many business areas, combining office and remote work.
Key Details
* Seniority level: Entry level
* Employment type: Full‑time
* Job function: Information Technology
* Industry: Retail
Referrals increase your chances of interviewing at Tesco Technology by 2x.
#J-18808-Ljbffr