Security Analyst II - SOC in Welwyn Garden City

Our Security Operations Centre (SOC) is at the forefront of protecting Tesco's technology estate. We lead real-time threat monitoring, incident response, and proactive threat hunting across the Tesco Group. We also collaborate with Digital Forensics & Incident Response, Threat Intelligence, Automation, and Detection Engineering teams to ensure rapid detection, analysis, and mitigation of security threats. Beyond investigating security incidents, we use our expertise to work with other teams, driving continuous service improvements and improving our overall security capabilities. We are seeking a highly skilled SOC Analyst to join the team. In this role, you will monitor, analyse, and respond to security events across multiple environments and locations, while proactively hunting for threats and driving continuous improvement of detection and response mechanisms.

We closely collaborate with multi-functional cybersecurity teams, using our expertise to assess alerts, take charge of investigations, and efficiently implement necessary actions to address any issues. Our critical thinking skills are important in identifying emerging threats and strengthening Tesco's overall security posture, directly supporting the reduction of incident response times and enhancing our detection capabilities to ensure the ongoing protection of our digital ecosystem.

What is in it for you

• Annual bonus scheme of up to 20% of base salary
• Holiday starting at 25 days plus a personal day (plus Bank holidays)
• Private medical insurance
• 26 weeks maternity and adoption leave (after 1 years' service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 6 weeks fully paid paternity leave
• Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing

You will be responsible for

• Following our Business Code of Conduct and always acting with integrity and due diligence
• Proactively monitor and analyse security events using SIEM/XDR platforms and other security tools to identify and respond to potential threats across various environments.
• Evaluate and handle alerts, bringing your technical expertise to analyse risk, gauge the severity of incidents, and promptly initiate necessary actions for resolution.
• Respond to security incidents with a focus on thorough investigation, containment, remediation, and post-incident analysis to prevent future occurrences.
• Conduct proactive threat hunting across the environment to detect unknown threats and enhance early detection capabilities.
• Maintain situational awareness of the current operational and threat landscape by staying informed of new attacker techniques, vulnerabilities, and trends.
• Help build and implement security measures, standards, and playbooks to ensure compliance with industry standards.
• Support the continuous improvement of SOC processes, detection, and automation use-cases to enhance operational efficiency and effectiveness.
• Collaborate with Incident Managers, the Cyber Threat Intelligence team, and other partners to ensure a unified response and situational awareness across the organisation.
• Expand your knowledge of emerging threats, vulnerabilities, and cybersecurity technologies by applying threat intelligence feeds, research, and training.

You will need

• 3+ years of experience in successful SOC analyst positions, preferably within an internal SOC environment.
• Proficient in technical analysis, investigations, and handling security incidents in large-scale, fast-paced corporate environments, both on-premises and in the cloud.
• Proficient in security monitoring tools and technologies.
• In-depth knowledge of operating systems and networking concepts (e.g., TCP/IP, DNS).
• Experience with enterprise security technologies including XDR, SOAR, and SIEM.
• Familiarity with cloud platforms and their security features.
• Understanding of incident response frameworks (e.g., NIST, MITRE ATT&CK).
• Strong analytical and problem-solving skills for identifying and responding to security incidents.
• Ability to work effectively in a team and communicate clearly with both technical and non-technical partners.
• Experience with scripting languages such as Python or PowerShell for automating tasks.
• Excellent written and verbal skills for documenting incidents and communicating with partners.
• Critical thinking for making informed decisions during incidents.
• Ability to handle high-stress situations with composure, efficiency, and integrity.
• Relevant certifications (e.g., CompTIA Security+/CSA+) are a plus. Certifications (or equivalents) are desirable but not a requirement.
• Desirable - completion of relevant training courses such as SEC450 (Blue Team Fundamentals), SEC511 (Continuous Monitoring and Security Operations), SEC530 (Defensible Security Architecture and Engineering), and SEC555 (SIEM with Tactical Analytics).
• Commitment to staying updated with the latest security trends and threats to ensure effective performance in the role.

About us

Our vision at Tesco is to become every customer's favourite way to shop, whether they are at home or out on the move. Our core purpose is 'Serving our customers, communities and planet a little better every day'. Serving means more than a transactional relationship with our customers. It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of and for the planet. We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves. At Tesco, we not only celebrate diversity, but recognise the value and opportunity it brings. We're committed to creating a workplace where differences are valued, and make sure that all colleagues are given the same opportunities. We're proud to have been accredited Disability Confident Leader and we're committed to providing a fully inclusive and accessible recruitment process.

We're a big business and we can offer a range of diverse full-time & part-time working patterns across our many business areas, which means that we can find something that works for you. We work in a more blended pattern - combining office and remote working. Our offices will continue to be where we connect, collaborate and innovate. If you are applying internally, please speak to the Hiring Manager about how this can work for you - Everyone is welcome at Tesco.