Senior Incident Responder

Our Digital Forensics and Incident Response (DFIR) team lead the technical investigation and response tosecurity incidents at Tesco. As part of this team, you'll work alongside our security operations, threatintelligence, and security engineering teams to protect, detect, and respond to security threats acrossTesco's diverse and evolving estate.

You'll apply your deep technical knowledge and critical thinking ability to investigate and understand the full extent of security incidents and threats. Your ability to distil and clearly convey technical information will allowyou to provide the key contextual information to decision makers that enables them to make informeddecisions.

As a senior position, when you're not investigating security incidents, you'll have the freedom to leverageyour knowledge and real-world experience to help improve and automate the team's technical workflows,working alongside other teams to help drive innovation across our prevention, automation, detection andresponse capabilities. Your status as a senior incident responder means you'll serve as a role model forengineers and analysts across Security Operations.

• Investigation and Response: Perform host, network, and cloud-based forensic analysis to understandthe full extent of security incidents and take appropriate response actions to contain, remediate, and recover.
• Incident Handling: Support cyber-security incident managers and decision makers with root causeanalysis and formulating recommendations for detection and prevention controls.
• Technical Project Work: Use your technical capabilities to enhance our existing processes as well asidentifying and working on new methods to deliver DFIR services to the ever-changing technologyrequirements of the business.
• Threat Hunting & Detection Engineering: Lead intelligence-based threat hunts to uncover anomalousbehaviour in our estate that is representative of the security threats most relevant to Tesco, testing andraising potential detections to contribute to our internal detection engineering programme.

• 4+ years of relevant experience.
• Experience with responding to security incidents in large scale corporate on-premises and public cloudenvironments (preferably Microsoft Azure).
• Experience with forensic analysis of cyber-security incidents on Windows, MacOS, and Unix operatingsystems and in-depth understanding of those operating systems.
• Ability to perform static and dynamic analysis of suspicious scripts, executables etc.
• Experience with a broad range of security technologies such as EDR, SOAR, and SIEM.
• Ability to think critically and lead technical investigations.
• Ability to handle high pressure situations in a calm, productive, and professional manner.
• Proficiency in at least one programming or scripting language.