Security Engineer - Digital Forensics and Incident Response

Hours: 36

Salary: Competitive!

Location: Welwyn Garden City, Hertfordshire, AL7 1TW

United Kingdom

Apply by: 27/09/2019

Security Engineer - Digital Forensics and Incident Response

Welwyn Garden City, Hertfordshire, AL7 1TW

About the role

About The Cyber Security Team

Our cyber security team are the eyes and ears of our organisation. We use the latest technologies to increase visibility and protection of systems, services and data. To do this we need to stay ahead of the latest threats and continuously improve our tooling, techniques, and processes.

Responsible for developing and running security processes day-to-day for the Tesco Group, we’re continually working to step change security capability to further enhance the protection and controls that we offer for our customers and colleagues across the UK, Europe and Asia, and we’re looking to add great people to our growing team.

We’re looking to add great people to our growing team because we believe that skilled and passionate people are our greatest asset in reducing risk to our business and customers. We encourage and support continual development and learning, and recognise the importance of keeping up with changes in technology and an evolving threat landscape.

Communication is key – working collaboratively with our software and systems engineering teams to support security throughout the development lifecycle, as well as to build proactive monitoring and responses to security events.

You will be responsible for

The Role - Security Engineer (Digital Forensics and Incident Response)

A Digital Forensics and Incident Response engineer will need to be able to cover three key areas; host forensics, memory forensics and network forensics. The ideal candidate will be the go to person for on-going forensic incident response as part of the Technology security team, where potential threats are identified you contribute to and lead response and investigation required to obtain all of the facts.

A typical day will involve close working with security teams, responding to incident tickets and alerts, aiding investigations, and continually improving our response, detect and prevention processes.

Whilst specific responsibilities will be dependent upon the changing needs of the Tesco business, the following provides an overview of the role's key responsibilities and measures:

  • Follow our Business Code of Conduct always acting with integrity and due diligence.
  • Represent the Technology Security team and assist other teams to investigate security incidents.
  • Work closely and collaboratively with security, infrastructure and engineering teams.
  • Collaborate closely with colleagues within the wider global Technology organisation and the business to establish effective and productive relationships.
  • Involvement in and leading of security incidents which occur on Tesco systems.
  • Keep technical skills up to date and keep track of new technologies, understanding how they might benefit the team.
  • Share knowledge with the wider security community.
  • Champion continuous improvement within the department.

This role will best suit an individual who enjoys working as part of a team, is well organised, pragmatic and a lateral thinker with an inquisitive mind who is motivated to make change for the better and, most importantly, puts our customers first.

You will need

Ideal Candidate - Key Skills and Experience

You will need to have demonstrated experience of Digital Forensic and Incident Response Investigations.

  • Experience of evidence and artefact acquisition, both via physical and remote methods.
  • Understanding of file system fundamentals, e.g. NFTS, FAT, ext2, ext4, ext4 etc.
  • Experience with forensic toolsets such as Encase, X-Ways, IEF, Autopsy, or equivalents.
  • Understanding of anti-forensic techniques.
  • Timeline analysis.
  • Technical understanding of memory management concepts.
  • Experience with memory analysis frameworks such as Volatility or Rekall.
  • Understanding of modern attacker tools and techniques.
  • Understanding of network protocols including the seven layer and TCP/IP network models.
  • Proficient in IDS analysis, including creation of network signatures.
  • Experience with conducting Static and Dynamic Analysis of malicious files.
  • Experience of safe handling of malicious files and operation security.
  • Understanding of Sandbox technologies and the limitations they face.
  • Knowledge of Microsoft Windows operating system internals, it would be desirable to have knowledge in Unix and Mac operating system internals also.
  • Proficient in creating signature detection for malicious files.
  • One or more of the following certifications would be advantageous (but are not essential):
    • GIAC Certified Forensic Analyst (GCFA)
    • GIAC Certified Forensic Examiner (GCFE)
    • CREST Registered Intrusion Analyst (CR IA)
    • CREST Certified Host Intrusion Analyst (CC HIA)
    • CCNIA Certified Network Intrusion Analyst (CC NIA)
    • GIAC Reverse Engineering Malware (GREM)
    • CREST Certified Malware Reverse Engineer (CC MRE)


What’s in it for you

We offer excellent benefits that help make Tesco a great place to work.  These include but aren’t limited to:

  • An annual bonus scheme which you can achieve up to 3.5% of base salary
  • Privilegecard (including a 2nd card for a family member) after 6 months service with 10% off most purchases at Tesco
  • A retirement savings plan - 4%-7.5% contribution rate
  • Life Assurance - 5 x contractual pay
  • Buy As You Earn Scheme
  • Save As You Earn Scheme
  • Deals & Discounts through Tesco including Tesco Mobile & Tesco Bank
  • Deals and Discounts through many other external businesses

About us

Tesco Technology is not your standard IT Department, we’re a Technology organisation driving change and delivering value by building great products for our customers and colleagues every day.

The retail environment is changing, brought about through developments in technology. The growth of internet shopping, mobile and convenience is changing the way customers want to shop. As a retailer, the customer is at the heart of everything we do and Technology is no different; our aim is to focus on serving customers wherever, whenever and however they want to shop with us.

Our team is innovative, highly-skilled, agile, passionate and fun. If you’re looking for an environment to create cutting edge solutions which make a difference to millions of customers and colleagues across the globe, then this is the place for you.

Application process

Back to top

Explore our opportunities to get on. A place for everyone.