Security Engineer (Digital Forensics and Incident Response)

This job has now expired please search on the home page to find live IT Jobs.

About The Security & Capability Team

Our team is responsible for providing and maintaining tools used by Tesco in order to monitor and secure our systems, while also helping our colleagues globally.

We maintain global hybrid instances of our chosen tools for SIEM, Application Performance Monitoring, Log Monitoring, Backlog Management, Identity Access Management, Service Desk, self-help portals for colleagues and incident communications. In addition to the challenges delivering this capability brings, we're also the team responsible for the security operations centre and our security architecture, working across Tesco globally to secure our systems and data! Our Technology Risk & Compliance team works tirelessly to further develop a risk aware culture and drive audit and regulatory improvements across the technology team in all Tesco countries.

We aim to provide colleagues with a great experience by providing world class tooling, processes and advice. We believe in solutions that are either self-service or invisible to the end user - that's not always easy to achieve, but it's what we strive for. With over 460,000 colleagues globally, this is an opportunity to make your mark.

The Role - Security Engineer (Digital Forensics and Incident Response)

A Digital Forensics and Incident Response engineer will need to be able to cover three key areas; host forensics, memory forensics and network forensics. The ideal candidate will be the go to person for on-going forensic incident response as part of the Technology security team, where potential threats are identified you contribute to and lead response and investigation required to obtain all of the facts. A typical day will involve close working with security teams, responding to incident tickets and alerts, aiding investigations, and continually improving our response, detect and prevention processes.

Whilst specific responsibilities will be dependent upon the changing needs of the Tesco business, the following provides an overview of the role's key responsibilities and measures:

Follow our Business Code of Conduct always acting with integrity and due diligence

Represent the Technology Security team and assist other teams to investigate security incidents

Work closely and collaboratively with security, infrastructure and engineering teams

Collaborate closely with colleagues within the wider global Technology organisation and the business to establish effective and productive relationships

Involvement in and leading of security incidents which occur on Tesco systems

Keep technical skills up to date and keep track of new technologies, understanding how they might benefit the team

Share knowledge with the wider security community

Champion continuous improvement within the department

This role will best suit an individual who enjoys working as part of a team, is well organised, pragmatic and a lateral thinker with an inquisitive mind who is motivated to make change for the better and, most importantly, puts our customers first.

The Ideal Candidate

Key Skills and Experience

You will need to have demonstrated experience of Digital Forensic and Incident Response Investigations.

Experience of evidence and artefact acquisition, both via physical and remote methods

Understanding of file system fundamentals, e.g. NFTS, FAT, ext2, ext4, ext4 etc.

Experience with forensic toolsets such as Encase, X-Ways, IEF, Autopsy, or equivalents

Understanding of anti-forensic techniques

Timeline analysis

Technical understanding of memory management concepts

Experience with memory analysis frameworks such as Volatility or Rekall

Understanding of modern attacker tools and techniques

Understanding of network protocols including the seven layer and TCP/IP network models

Proficient in IDS analysis, including creation of network signatures

Experience with conducting Static and Dynamic Analysis of malicious files

Experience of safe handling of malicious files and operation security

Understanding of Sandbox technologies and the limitations they face

Knowledge of Microsoft Windows operating system internals, it would be desirable to have knowledge in Unix and Mac operating system internals also

Proficient in creating signature detection for malicious files

One or more of the following certifications:

GIAC Certified Forensic Analyst (GCFA)

GIAC Certified Forensic Examiner (GCFE)

CREST Registered Intrusion Analyst (CR IA)

CREST Certified Host Intrusion Analyst (CC HIA)

CCNIA Certified Network Intrusion Analyst (CC NIA)

GIAC Reverse Engineering Malware (GREM)

CREST Certified Malware Reverse Engineer (CC MRE)

Personal

Flexibility, ability to plan and organise, responsiveness, creativity, self-starter

Able to build solid working relationships with peers and senior leadership

Ability to demonstrate strong written, verbal communication and presentation skills to all levels of seniority and disciplines within the organisation

About The Company

Our vision here at Tesco is to become every customer's favourite way to shop, whether they are at home, out shopping, on the move, anywhere in the world.

We want our customers to be inspired and whatever they are looking for, we're finding bigger and better ways to provide it.

Everything is underpinned by our continuous drive for the best tools and technology to deliver our vision. We're driving innovation and transforming our Technology to become the world's leading retailer.

We need people who share our ambition to deliver for our customers; Passionate and confident people willing to take the initiative and drive us forwards. In return we offer excitement, a great team, an excellent benefit package, and significant career development opportunities.

Joining us means playing a part in defining; building and launching an ambitious roadmap of digital products that could affect the lives of millions of people over the years to come.

If that sounds exciting then we'd love to hear from you.

The position will be based at our Campus in Welwyn Garden City.

Package Description

We offer excellent benefits that help make Tesco a great place to work. These include but aren't limited to:

An annual bonus scheme which you can achieve up to 3.5% of base salary

Colleague Clubcard (including a 2nd card for a family member) after 6 months service with 10% off most purchases at Tesco

Holiday starting at 25 days plus a personal day

A retirement savings plan - 4%-7.5% contribution rate

Life Assurance - 5 x contractual pay

Buy As You Earn Scheme

Save As You Earn Scheme

Deals & Discounts through Tesco including Tesco Mobile & Tesco Bank