Security Engineer II - Detection Engineering

Apply to the Security Engineer II – Detection Engineering role at Tesco.

As a Cyber Security Detection Engineer, you will lead the development, implementation, and continuous improvement of Tesco's cybersecurity detection capability. You will understand the threat landscape, identify improvement opportunities, establish new detections, and ensure appropriate coverage across on‑premises, private, and public cloud environments.

• Develop and drive the cyber security detection capability day‑to‑day and strategically for the Tesco Group.
• Design and implement detection logic that is robust, thoroughly tested, and clearly understandable by operational security teams.
• Ensure detection and alert relevancy, value, and actionable response steps for incident responders.
• Provide incident support, participate in threat hunts, and collaborate with security teams to deliver automation and standardisation.

• Threat‑lead: assess and validate information from diverse cyber‑security sources; analyse intelligence, identify trends and TTPs; translate data into actionable detection logic.
• Secure & test‑driven engineering: understand frameworks (MITRE ATT&CK, Lockheed Martin Kill Chain, etc.), specify processes, maintain security throughout lifecycle, conduct code reviews, and evaluate/signature development.
• Research: quantify research goals to generate worthwhile detection ideas and summarise findings for broader teams.

• Ability to develop queries that robustly detect threats.
• Knowledge of Windows, macOS, and Linux operating systems.
• Independent work and team collaboration.
• Understanding of modern attacker TTPs and translation of threat intelligence into detection logic.
• Solid understanding of detection technologies and security concepts.
• Analytical approach and problem‑solving skills on production systems at scale.
• Query languages such as KQL or SPL.
• Experience with basic automation scripts (Bash, Python, Batch, PowerShell).

• Knowledge of cloud infrastructure, security and APIs.
• Knowledge of attacker tools and evasion techniques within offensive engineering.
• Proficiency in at least one major programming language (including scripting languages).
• Experience developing detections as code.

• An annual bonus scheme up to 20 % of base salary.
• Colleague Clubcard and 10 % off most Tesco purchases after 6 months.
• 25 days holiday plus a personal day.
• Retirement savings plan – 4 %‑7.5 % contribution.
• Life Assurance – 5 × contractual pay.
• Buy As You Earn and Save As You Earn schemes.
• Additional deals and discounts at Tesco and partner businesses.

Tesco’s vision is to become every customer’s favourite shopping destination, driven by a purpose to serve customers, communities and planet a little better each day. It is a responsible and sustainable business committed to diversity, equity and inclusion, and offers flexible working patterns that combine office and remote working.

• Seniority level: Entry level
• Employment type: Full‑time
• Job function: Information Technology
• Industries: Retail
• Location: Welwyn Garden City, England, United Kingdom