Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead the development of Tesco's cyber security detection capabilities and improve existing systems.
- Company: Join Tesco, a leading retailer committed to serving customers and communities sustainably.
- Benefits: Enjoy flexible working, an annual bonus, 25+ days holiday, and private medical insurance.
- Why this job: Be part of a dynamic team tackling real-world cyber threats in a supportive environment.
- Qualifications: Experience in security engineering, threat analysis, and familiarity with various operating systems required.
- Other info: Embrace a culture of inclusivity and innovation while working in a blended office and remote setting.
The predicted salary is between 30000 - 42000 £ per year.
Overview
Tesco UK • Welwyn Garden City • Hybrid • Full-Time • Apply by 04-Dec-2025
As a Cyber Security Detection Engineer, you will lead the development, implementation, and continuous improvement of Tesco\’s cyber security detection capability. You will understand the changing threat landscape, identify opportunities for improvement in existing detections, establish new detections, and ensure appropriate detection coverage for the organisation. You will work closely with multiple teams, including security operations, engineering, and risk & compliance, in a fast paced and agile environment.
Benefits
- Annual bonus scheme of up to 20% of base salary
- Holiday starting at 25 days plus a personal day (plus Bank holidays)
- Private medical insurance
- 26 weeks maternity and adoption leave (after 1 year’s service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, plus 4 weeks fully paid paternity leave
- Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing
Responsibilities
- Develop and drive the cyber security detection capability day-to-day and strategically for the Tesco Group.
- Seek out effective and comprehensive detection logic and capability, ensuring detections are robust, thoroughly tested, and that alerts and supporting information are available to and understood by operational cyber security teams.
- Prioritize the needs of operational teams and incident responders in development work, ensuring detections and alerts are relevant and provide practical response steps.
- Ensure detection capability is fit for on‑premises, private and public cloud environments, at significant scale and across a diverse range of asset types.
- Provide support during cyber security incidents, participate in threat hunts, and work with other security teams to deliver automation and standardisation to improve efficiency and response.
Requirements
- Operational skills in security engineering with the ability to assess and validate information from various sources on cyber and information security threats
- Ability to analyse and identify significance of processed intelligence to identify trends, threat actor TTPs, and potential capabilities; translate information into tangible actionable data
- Understanding of cyber security threat frameworks (e.g., MITRE ATT&CK, Lockheed Martin Kill Chain) and security lifecycle management
- Proficiency in detection development lifecycle with positive and negative test cases; ability to conduct code reviews and enhance or mitigate security issues
- Experience evaluating or testing threats/vulnerabilities and applying evaluation/testing methodologies to signature development/reviews
- Ability to quantify and define research goals to generate worthwhile detection ideas and to summarise findings for wider teams
- Experience developing queries and enabling robust detection of threats
- Working knowledge of Windows, macOS or Linux operating systems
- Ability to work independently and as part of a team; understanding of modern attacker TTPs
- Translate threat intelligence into actionable detection logic; solid grasp of detection technologies
- Analytical problem-solving skills and comfort working on production systems at scale
- Experience with query languages such as KQL or SPL
- Experience developing and maintaining basic automation scripts (e.g., Bash, Python, PowerShell, etc.)
Desirable Skills and Certifications
- Knowledge of cloud infrastructure, cloud security and cloud APIs
- Knowledge of attacker tools and evasion techniques within offensive engineering
- Working knowledge of at least one major programming language, including scripting languages like Python and PowerShell
- Experience developing detections as code
- Certifications such as CompTIA Security+, GIAC, CEH, SSCP or other industry-relevant certifications
About us
Our vision at Tesco is to become every customer\’s favourite way to shop, whether they are at home or out on the move. Our core purpose is \’Serving our customers, communities and planet a little better every day\’. Serving means more than a transactional relationship with our customers. It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of and for the planet.
We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves. We celebrate diversity and are committed to creating a workplace where differences are valued and all colleagues are given the same opportunities. We are a Disability Confident Leader and provide an accessible recruitment process. For accessibility support information, please click here.
We are a large organisation offering diverse full-time & part-time patterns across our many business areas, with blended office and remote working. If applying internally, speak to the Hiring Manager about how this can work for you.
#J-18808-Ljbffr
Security Engineer II employer: Tesco
Contact Detail:
Tesco Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Security Engineer II
✨Tip Number 1
Familiarise yourself with the MITRE ATT&CK framework and other threat models mentioned in the job description. Understanding these frameworks will help you demonstrate your knowledge of current cyber threats and how to develop effective detection strategies during interviews.
✨Tip Number 2
Showcase your experience with detection development lifecycle and automation scripts. Be prepared to discuss specific examples where you've implemented detection logic or automated processes, as this will highlight your practical skills and problem-solving abilities.
✨Tip Number 3
Network with professionals in the cyber security field, especially those who work in detection engineering. Engaging with industry peers can provide insights into the role and may even lead to referrals, increasing your chances of landing an interview.
✨Tip Number 4
Prepare for technical interviews by brushing up on your knowledge of query languages like KQL or SPL. Being able to write and explain queries that detect threats will be crucial, so practice common scenarios and be ready to demonstrate your skills.
We think you need these skills to ace Security Engineer II
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience and skills that align with the job description for the Security Engineer II role. Focus on your security engineering skills, threat analysis capabilities, and any experience with detection technologies.
Craft a Strong Cover Letter: In your cover letter, express your passion for cyber security and how your background makes you a great fit for Tesco. Mention specific projects or experiences that demonstrate your ability to develop and implement detection capabilities.
Showcase Relevant Skills: Clearly outline your operational skills, such as your understanding of cyber security frameworks like MITRE ATT&CK, and your proficiency in query languages like KQL or SPL. Highlight any programming or scripting experience that relates to the role.
Research Tesco's Culture: Familiarise yourself with Tesco's values and culture. In your application, reflect how your personal values align with their commitment to diversity and inclusion, as well as their focus on serving customers and communities.
How to prepare for a job interview at Tesco
✨Understand the Threat Landscape
Before your interview, make sure you have a solid grasp of the current cyber security threats. Familiarise yourself with recent incidents and trends in the industry, as this will demonstrate your proactive approach and understanding of the role's requirements.
✨Showcase Your Technical Skills
Be prepared to discuss your experience with detection technologies and query languages like KQL or SPL. Bring examples of how you've developed detection logic or automated processes in previous roles to highlight your technical expertise.
✨Emphasise Collaboration
Since the role involves working closely with various teams, be ready to share examples of how you've successfully collaborated in the past. Highlight your ability to communicate complex technical information to non-technical stakeholders, which is crucial for this position.
✨Prepare for Scenario-Based Questions
Expect questions that assess your problem-solving skills in real-world scenarios. Think about how you would respond to specific cyber security incidents or how you would improve existing detection capabilities, as this will showcase your analytical thinking and practical application of knowledge.
