Security Engineer - SIEM and SOC
||Welwyn Garden City
This job has now expired please search on the home page to find live IT Jobs.
About The Security & Capability Team
Our team is responsible for providing and maintaining tools used by Tesco in order to monitor and secure our systems, while also helping our colleagues globally.
The opening date for this role is 20th August 2018 and the closing date will be 17th September 2017.
We maintain global hybrid instances of our chosen tools for SIEM, Application Performance Monitoring, Log Monitoring, Backlog Management, Identity Access Management, Service Desk, self-help portals for colleagues and incident communications. In addition to the challenges delivering this capability brings, we're also the team responsible for the security operations centre and our security architecture, working across Tesco globally to secure our systems and data! Our Technology Risk & Compliance team works tirelessly to further develop a risk aware culture and drive audit and regulatory improvements across the technology team in all Tesco countries.
We aim to provide colleagues with a great experience by providing world class tooling, processes and advice. We believe in solutions that are either self-service or invisible to the end user - that's not always easy to achieve, but it's what we strive for.
We offer excellent benefits that help make Tesco a great place to work. These include but aren't limited to:
* An annual bonus scheme which you can achieve up to 3.5% of base salary
* Colleague Clubcard (including a 2nd card for a family member) after 6 months service with 10% off most purchases at Tesco
* Holiday starting at 25 days plus a personal day
* A retirement savings plan - 4%-7.5% contribution rate
* Life Assurance - 5 x contractual pay
* Buy As You Earn Scheme
* Save As You Earn Scheme
* Deals & Discounts through Tesco including Tesco Mobile & Tesco Bank
* Deals and Discounts through many other external businesses
You will focus on improving the telemetry, processes and tools for Tesco's SIEM system and SOC team. This role requires proven experience with security telemetry, security intelligence, anomaly hunting and incident response.
The Engineer must leverage intuition, security knowledge and a broad of array of tools and advanced security techniques to help us uncover and stay alert to malicious activity. Bilaterally, we're building a threat hunting capability to feed back into our telemetry and processes.
Key Skills and Experience
* Experience performing technical analysis involving security event data and evaluating malicious activity.
* Knowledge of TCP/IP and related network protocols: knowledge of standard network protocols like TCP, ARP, ICMP, DHCP, DNS, HTTP, SNMP etc., and accompanying protocol/packet analysis/manipulation tools.
* Knowledge of information security protection/detection and authentication systems (firewalls, IDS, IPS, anti-virus, etc).
* Knowledge of commonly-accepted information security principles and practices, as well as techniques attackers would use to identify vulnerabilities, gain unauthorized access, escalate privileges and access restricted information.
* Knowledge of current operating environments (Microsoft, Linux, & OS X).
* Development / Configuration experience with any industry leading SIEM platform.
* Experience of development using a programming language in a DevOps environment using agile techniques.
* Exceptional analytical and critical thinking, willingness to challenge status quo.
* Excellent interpersonal skills.
* Advanced written and oral communications, self-motivator.
* Team player and independent worker, highly adaptive.
Desirable Tools / Technologies:
* Splunk (including Enterprise Security, UBA and CIM)
* Devops toolsets - Github, Jenkins, Jira etc.
* Python, Java
Academia: College degree or equivalent work experience.
Desirable Certifications: SSCP, GSEC, GCIH, GCIA or other industry relevant certifications.