Security Engineer II

Overview Tesco UK • Welwyn Garden City • Hybrid • Full-Time • Apply by 04-Dec-2025 As a Cyber Security Detection Engineer, you will lead the development, implementation, and continuous improvement of Tesco's cyber security detection capability. You will understand the changing threat landscape, identify opportunities for improvement in existing detections, establish new detections, and ensure appropriate detection coverage for the organisation. You will work closely with multiple teams, including security operations, engineering, and risk & compliance, in a fast paced and agile environment. Benefits Annual bonus scheme of up to 20% of base salary Holiday starting at 25 days plus a personal day (plus Bank holidays) Private medical insurance 26 weeks maternity and adoption leave (after 1 year’s service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, plus 4 weeks fully paid paternity leave Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing Responsibilities Develop and drive the cyber security detection capability day-to-day and strategically for the Tesco Group. Seek out effective and comprehensive detection logic and capability, ensuring detections are robust, thoroughly tested, and that alerts and supporting information are available to and understood by operational cyber security teams. Prioritize the needs of operational teams and incident responders in development work, ensuring detections and alerts are relevant and provide practical response steps. Ensure detection capability is fit for on‑premises, private and public cloud environments, at significant scale and across a diverse range of asset types. Provide support during cyber security incidents, participate in threat hunts, and work with other security teams to deliver automation and standardisation to improve efficiency and response. Requirements Operational skills in security engineering with the ability to assess and validate information from various sources on cyber and information security threats Ability to analyse and identify significance of processed intelligence to identify trends, threat actor TTPs, and potential capabilities; translate information into tangible actionable data Understanding of cyber security threat frameworks (e.g., MITRE ATT&CK, Lockheed Martin Kill Chain) and security lifecycle management Proficiency in detection development lifecycle with positive and negative test cases; ability to conduct code reviews and enhance or mitigate security issues Experience evaluating or testing threats/vulnerabilities and applying evaluation/testing methodologies to signature development/reviews Ability to quantify and define research goals to generate worthwhile detection ideas and to summarise findings for wider teams Experience developing queries and enabling robust detection of threats Working knowledge of Windows, macOS or Linux operating systems Ability to work independently and as part of a team; understanding of modern attacker TTPs Translate threat intelligence into actionable detection logic; solid grasp of detection technologies Analytical problem-solving skills and comfort working on production systems at scale Experience with query languages such as KQL or SPL Experience developing and maintaining basic automation scripts (e.g., Bash, Python, PowerShell, etc.) Desirable Skills and Certifications Knowledge of cloud infrastructure, cloud security and cloud APIs Knowledge of attacker tools and evasion techniques within offensive engineering Working knowledge of at least one major programming language, including scripting languages like Python and PowerShell Experience developing detections as code Certifications such as CompTIA Security+, GIAC, CEH, SSCP or other industry-relevant certifications About us Our vision at Tesco is to become every customer's favourite way to shop, whether they are at home or out on the move. Our core purpose is 'Serving our customers, communities and planet a little better every day'. Serving means more than a transactional relationship with our customers. It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of and for the planet. We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves. We celebrate diversity and are committed to creating a workplace where differences are valued and all colleagues are given the same opportunities. We are a Disability Confident Leader and provide an accessible recruitment process. For accessibility support information, please click here. We are a large organisation offering diverse full-time & part-time patterns across our many business areas, with blended office and remote working. If applying internally, speak to the Hiring Manager about how this can work for you. #J-18808-Ljbffr