Security Engineer - SIEM and SOC
||Welwyn Garden City
About The Cyber Security Team
Our cyber security team are the eyes and ears of our organisation. We use the latest technologies to increase visibility and protection of systems, services and data. To do this we need to stay ahead of the latest threats and continuously improve our tooling, techniques, and processes.
Responsible for developing and running security processes day-to-day for the Tesco Group, we're continually working to step change security capability to further enhance the protection and controls that we offer for our customers and colleagues across the UK, Europe and Asia, and we're looking to add great people to our growing team.
We're looking to add great people to our growing team because we believe that skilled and passionate people are our greatest asset in reducing risk to our business and customers. We encourage and support continual development and learning, and recognise the importance of keeping up with changes in technology and an evolving threat landscape.
Communication is key - working collaboratively with our software and systems engineering teams to support security throughout the development lifecycle, as well as to build proactive monitoring and responses to security events.
We offer excellent benefits that help make Tesco a great place to work. These include but aren't limited to:
* An annual bonus scheme which you can achieve up to 3.5% of base salary
* Colleague Clubcard (including a 2nd card for a family member) after 6 months service with 10% off most purchases at Tesco
* Holiday starting at 25 days plus a personal day
* A retirement savings plan - 4%-7.5% contribution rate
* Life Assurance - 5 x contractual pay
* Buy As You Earn Scheme
* Save As You Earn Scheme
* Deals & Discounts through Tesco including Tesco Mobile & Tesco Bank
* Deals and Discounts through many other external businesses
As a SOC Engineer, you will primarily focus on developing use cases, progressing threat hunts and developing custom tooling to improve our SOC and SIEM maturity. You will also be key to the detection, investigation, and resolution of security incidents by applying a blend of your technical skills, experience, and knowledge of security principles. Furthermore, you will need to keep abreast of the latest patterns and trends within the wider security arena and commit to maintain proficiency, research and share the latest attack techniques, new concepts, and other interesting security related topics.
You will be on your way to building a strong security-themed portfolio of experience and roles. You see this SOC Engineer role within Tesco, a leading international retailer and technology organisation, as the next logical step to develop and hone your skills. You will be enthusiastic, resourceful, and innovative. Furthermore, you will relish the challenge of solving complex problems by drawing upon your curiosity, technical knowledge, and ability to think outside the box.
Key Skills and Experience
Experience performing technical analysis involving security event data and evaluating malicious activity.
Knowledge of TCP/IP and related network protocols: knowledge of standard network protocols like TCP, ARP, ICMP, DHCP, DNS, HTTP, SNMP etc., and accompanying protocol/packet analysis/manipulation tools.
Knowledge of information security protection/detection and authentication systems (firewalls, IDS, IPS, anti-virus, etc).
Knowledge of commonly-accepted information security principles and practices, as well as techniques attackers would use to identify vulnerabilities, gain unauthorized access, escalate privileges and access restricted information.
Knowledge of current operating environments (Microsoft, Linux, & OS X).
Development / Configuration experience with any industry leading SIEM platform.
Experience of development using a programming language in a DevOps environment using agile techniques.
Exceptional analytical and critical thinking, willingness to challenge status quo.
Excellent interpersonal skills.
Advanced written and oral communications, self-motivator.
Team player and independent worker, highly adaptive.
Desirable Tools / Technologies:
Splunk (including Enterprise Security, UBA and CIM)
Cloud technologies including AWS and Azure
Devops toolsets - Github, Jenkins, Jira etc.
Academia: College degree or equivalent work experience.
Desirable Certifications: SSCP, GSEC, GCIH, GCIA or other industry relevant certifications.