Overview
Penetration Tester at Tesco – Tesco Technology is building an internal penetration testing function to mature our defensive security capabilities. We are passionate about stepping change our cyber security capability to better protect customers and colleagues across our global business. The role challenges you to use offensive skills to discover and demonstrate vulnerabilities and weaknesses in our systems. Tesco Technology has hundreds of software and infrastructure engineers deploying solutions at scale using many different technology stacks, from traditional on-premise infrastructure to cloud-centric containerised deployments. Working collaboratively with our developers is key to identifying and addressing these findings, efficiently and at scale across Tesco. You will have the opportunity to help application teams remediate issues, help infrastructure teams to build better supporting functions and to help improve our detection and response teams by proposing new detection ideas or providing your offensive security knowledge to aid in incident response. We believe that skilled and hard-working people are our greatest asset in reducing cyber risk to our business and customers. We encourage and support continual development and recognise the importance of keeping up with the latest technology and evolving threat landscape. Are you up for this challenge?
Responsibilities
* Deliver high-quality security assessments in web applications, APIs, mobile, and infrastructure.
* Test using internal knowledge, data sources and tools to identify attack vectors and test hypotheses.
* Help application teams remediate issues and assist infrastructure teams to build better supporting functions.
* Improve detection and incident response by proposing new detection ideas or contributing offensive security knowledge.
* Work with security engineers to refine and develop detections.
* Participate in purple teaming exercises carrying out broader assessments of Tesco’s security posture.
* Help triage and validate findings from Tesco’s bug bounty program.
* Triage and validate Tesco’s risk posture for newly released CVEs as part of vulnerability management.
* Take advantage of opportunities to stretch skills and engage in career development through research and training in offensive security.
You will need
* Penetration testing experience performing authorised tests on computer systems, exposing weaknesses in security that could be exploited.
* GPEN, CREST, OSCP, OSEP or other industry-relevant certifications are helpful but not crucial.
* An understanding of operating system and networking fundamentals, and underlying principles.
* Knowledge of preventative and detective controls (EDR, firewalls, IDS/IPS, anti-virus, etc.).
* Analytical and critical thinking skills, willingness to challenge status quo.
* Good written and oral communication skills.
* Ability to work both independently and collaboratively in a diverse team.
What’s in it for you?
We’re all about the little helps. That’s why we make sure our Tesco colleague benefits package takes care of you – both in and out of work. Click Hereto find out more!
Benefits
* Annual bonus scheme of up to 20% of base salary
* Holiday starting at 25 days plus a personal day (plus Bank holidays)
* Private medical insurance
* 26 weeks maternity and adoption leave (after 1 year’s service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay; we also offer 4 weeks fully paid paternity leave
* Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing
About Tesco
Our vision at Tesco is to become every customer’s favourite way to shop, whether they are at home or out on the move. Our core purpose is ‘Serving our customers, communities and planet a little better every day’. Serving means more than a transactional relationship with our customers. It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of and for the planet.
We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves. At Tesco, we not only celebrate diversity, but recognise the value and opportunity it brings. We’re committed to creating a workplace where differences are valued, and make sure that all colleagues are given the same opportunities. We’re proud to have been accredited Disability Confident Leader and we’re committed to providing a fully inclusive and accessible recruitment process. For further information on the accessibility support we can offer, please click here.
We work in a more blended pattern - combining office and remote working. Our offices will continue to be where we connect, collaborate and innovate. If you are applying internally, please speak to the Hiring Manager about how this can work for you - Everyone is welcome at Tesco.
#J-18808-Ljbffr