Tesco UK • Welwyn Garden City • Hybrid • Full-Time • Apply by 01-Aug-2025 About the role Our Security Operations Centre (SOC) is at the heart of monitoring and investigating cybersecurity incidents for the Tesco Group. They operate closely with other cybersecurity teams, including Digital Forensics and Incident Response, Threat Intelligence, Automation and Detection Engineering, to protect, detect, and respond to security threats across Tesco’s complex estate. Beyond investigating security incidents, they maximise their expertise to collaborate with other teams, driving innovation and improving our overall security capabilities. The Security Operations Centre Manager will lead a skilled team, deliver high-quality service, and collaborate with cybersecurity professionals. Take charge of coordinating initiatives that integrate efforts across security teams and the wider Tesco Technology organization. Emphasize the development of team members and the maturity of the SOC's capabilities. Drawing on extensive security operations experience and strong critical thinking skills, the SOC Manager will support incident analysis and maintain a clear view of the operational and threat landscape, ensuring a coordinated and effective response to emerging incidents. At Tesco, we believe in the power of spending more time together, face to face, than apart. So, during your working week, you can expect to spend 60% of your time in one of our office locations or local sites and the rest remotely. We also recognise that life looks a little different for each of us. Some people are at the start of their careers, some want the freedom to do the things they love. Others are going through life-changing moments like becoming a carer, nearing retirement, adapting to parenthood, or something else. That’s why at Tesco, we always welcome a conversation about flexible working. So, talk to us throughout your application about how we can support. What is in it for you We’re all about the little helps. That’s why we make sure our Tesco colleague benefits package takes care of you - both in and out of work.
* Annual bonus scheme of up to 20% of base salary
* Holiday starting at 25 days plus a personal day (plus Bank holidays)
* Private medical insurance 26 weeks maternity and adoption leave (after 1 years’ service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 4 weeks fully paid paternity leave
* Free 24/7 virtual GP service,
* Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing You will be responsible for Lead an effective and efficient SOC service that delivers timely detection, analysis, and response to security alerts and incidents. Ensure continuous improvement and alignment of new initiatives with the broader security strategy, keeping it central to all planning and execution, while also reporting on its implementation. Stay ahead of the cyber threat landscape and specifically those within Tesco verticals (., retail, transport, fuel, pharmacy). Lead the team through complex operational landscapes and security incidents, ensuring accurate interrogation, analysis, and presentation of threat-related data and ensuring decisive actions. Develop team member leadership skills and technical capabilities. Encourage industry leading investigative analysis through comprehensive response playbooks, formulating detection use cases and automations, and research service-enhancing tools. Encourage and implement innovative practices in threat monitoring and response, fostering continuous improvement and adaptation to emerging threats. Use threat intelligence to focus investigation and detection efforts and adhering to the threat hunting strategy and processes. Develop, implement, and maintain policies, standards, and procedures for security operations investigations and incidents, ensuring alignment with legal and regulatory requirements. Conduct SOC service reviews, including evaluating capacity, assessing quality, conducting purple and red team exercises, and performing internal evaluations. Collaborate closely with teams across cybersecurity, technology, and beyond. Lead service improvements through projects and initiatives, ensuring clear communication of plans, implementation, and progress updates. Monitor and assess managed security service provider performance, ensuring alignment to contracted service and operational level agreements. Maintain high-quality standards through regular audits, evaluations, and the implementation of continuous improvement. Following our Business Code of Conduct and always acting with integrity and due diligence You will need Operational skills relevant for the role: SOCS Service Management: Operate SOC within large enterprise. Define and measure key performance indicators (., MTTD, MTTR) to evaluate SOC performance and meet objectives and SLAs. SOC Process Optimisation: Continuously improve SOC workflows, alert triage, and incident resolution. Automation and Orchestration: Use automation tools to improve Manually tasks, reduce response times, and improve detection. Service Level Agreement (SLA) Management: Ensure alignment to SLAs with internal teams and external service providers. Collaboration Across Teams: Work across cybersecurity and IT teams to drive integrated security solutions. Security Tool Management: Manage and optimise SOC technologies like SIEM, EDR, and SOAR for effective threat detection. Training and Development: Implement training programs to enhance SOC analysts' technical skills and incident response. Vendor Management: Manage third-party vendors and MSSPs to ensure they meet performance expectations. Experience relevant for this role: Demonstrable experience (4+ years') in successfully leading a high-performance team, including security analysts at all levels. Proficient in security operations, including technical analysis, investigations, and handling security incidents in large-scale, fast-paced corporate environments both on premise and in the cloud. A strong, up-to-date understanding of the security threats facing large enterprises and the challenges these present to the SOC. Experience with technical analysis of enterprise systems including operating systems, networks, cloud, and complex architectures. Experience with a broad range of enterprise security technologies including EDR, SIEM and SOAR. Familiarity with at least one scripting language such as Python, PowerShell etc. Awareness of how AI can be applied in both offensive and defensive team operations, including its potential for threat detection and incident response to enhance security posture. Excellent written and verbal communication skills Ability to think critically and lead technical investigation. Ability to handle high stress situations with composure, efficiency, and integrity. Completion of relevant training courses such as SANS LDR551, SEC504, FOR508, ITIL Framework; certifications (or equivalents) are desirable but not needed. About us
You might know us as a supermarket, technology company or even for our award-winning mobile network. Truth is, we’re all of those things, and much more. Our colleagues work with one goal in mind, helping to make every day a little better for our customers, colleagues and communities all over the world. No two customers are the same, neither are our colleagues.
At Tesco, we champion a balance that lets you thrive both in and out of work. Spend 60% of your week collaborating with colleagues at our office locations or local sites and the rest remotely. Whether you're just kicking off your career, juggling passions, or navigating big life events, we're here to support you. We always welcome a conversation about flexible working, so talk to us throughout your application about how we can support.
We're proud to be an accredited Disability Confident Leader, where everyone’s welcome. That’s why we commit to providing a fully inclusive and accessible recruitment process. If you need support with your application, for more information. And if you're interested in joining our team but don't tick every box, don't let that hold you back from applying.