Join to apply for the Senior Incident Responder (DFIR) role at Tesco Technology.
Our Digital Forensics and Incident Response (DFIR) team leads the technical investigation and response to security incidents at Tesco. As part of this team, you’ll work alongside our security operations, threat intelligence, and security engineering teams to protect, detect, and respond to security threats across Tesco’s diverse and evolving estate.
You’ll apply your deep technical knowledge and critical thinking ability to investigate and understand the full extent of security incidents and threats. Your ability to distil and clearly convey technical information will allow you to provide the key contextual information to decision makers that enables them to make informed decisions.
As a senior position, when you’re not investigating security incidents, you’ll have the freedom to leverage your knowledge and real‑world experience to help improve and automate the team’s technical workflows, working alongside other teams to help drive innovation across our prevention, automation, detection and response capabilities. Your status as a senior incident responder means you’ll serve as a role model for engineers and analysts across Security Operations.
Responsibilities
* Investigation and Response: Perform host, network, and cloud‑based forensic analysis to understand the full extent of security incidents and take appropriate response actions to contain, remediate, and recover.
* Incident Handling: Support cyber‑security incident managers and decision makers with root‑cause analysis and formulating recommendations for detection and prevention controls.
* Technical Project Work: Use your technical capabilities to enhance existing processes as well as identifying and working on new methods to deliver DFIR services to the ever‑changing technology requirements of the business.
* Threat Hunting & Detection Engineering: Lead intelligence‑based threat hunts to uncover anomalous behaviour in our estate that is representative of the security threats most relevant to Tesco, testing and raising potential detections to contribute to our internal detection engineering programme.
Qualifications
* 4+ years of relevant experience.
* Experience with responding to security incidents in large‑scale corporate on‑premises and public cloud environments (preferably Microsoft Azure).
* Experience with forensic analysis of cyber‑security incidents on Windows, macOS, and Unix operating systems and in‑depth understanding of those operating systems.
* Experience with a broad range of security technologies such as EDR, SOAR, and SIEM.
* Proficiency in at least one programming or scripting language e.g. Python or PowerShell.
* Ability to think critically and lead technical investigations.
* Ability to handle high‑pressure situations in a calm, productive, and professional manner.
* Experience with static and dynamic file/malware triage desirable.
Whats in it for you?
* Annual bonus scheme of up to 20% of base salary.
* Holiday starting at 25 days plus a personal day (plus Bank holidays).
* Private medical insurance.
* 26 weeks maternity and adoption leave (after 1 year’s service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 4 weeks fully paid paternity leave.
* Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing.
About Us
Our vision at Tesco is to become every customer’s favourite way to shop, whether they are at home or out on the move. Our core purpose is ‘Serving our customers, communities and planet a little better every day’. We are proud to have an inclusive culture where everyone truly feels able to be themselves. We are committed to creating a workplace where differences are valued, and we provide a fully inclusive and accessible recruitment process.
#J-18808-Ljbffr