Senior Penetration Tester

We are passionate about step changing our cyber security capability to better protect customers and colleagues across our global business, and we’re building an internal penetration testing function to complement and help further mature our defensive security capabilities.

This new role challenges you to use your offensive skills to discover and demonstrate vulnerabilities and weaknesses in our systems. Tesco Technology has hundreds of software and infrastructure engineers deploying solutions at scale using many different technology stacks, from traditional on-premise infrastructure to cloud-centric containerised deployments.

Our internal penetration testers working collaboratively with our developers is key to us identifying and addressing these findings, efficiently and at scale across Tesco. You will have the opportunity to help application teams remediate issues, to help infrastructure teams to build better supporting functions and to help improve our SIEM by proposing new detection ideas.

We believe that skilled and passionate people are our greatest asset in reducing cyber risk to our business and customers. We encourage and support continual development and recognise the importance of keeping up with the latest technology (as well as all the older stuff) and an evolving threat landscape.

Are you up for this challenge?

You’ll be working in an offensively trained and defensively focused security team. Your primary responsibility will be to deliver high-quality security assessments in a variety of areas including web application, API, mobile, and infrastructure. But, unlike in a typical consultancy role, you’ll also have the advantage of being able to use internal knowledge, data sources and tools to help identify attack vectors and be able to test out your hypotheses.

There will be other opportunities to stretch your skills:

• you could work with our security engineers to refine and develop our detections
• participate in purple teaming exercises carrying out wider assessments of our security posture
• help triage and validate findings from our bug bounty program
• triage and validate Tesco’s risk posture for newly released CVEs as part of vulnerability management

You will be given time and opportunities to carry out personal research and development as well as put yourself through certifications supported by us to ensure you are on the top tier edge of offensive security.

• Penetration testing experience performing authorised tests on computer systems, exposing weaknesses in security that potentially could be exploited
• Experience of platforms like HackTheBox, Proving Grounds (Offensive Security), or similar
• GPEN, Crest, OSCP, OSEP or other industry relevant certifications are desired but not crucial.
• Good knowledge of network protocols and packet analysis / manipulation tools
• Knowledge of preventative and detective controls (Active Directory, firewalls, IDS, IPS, anti-virus, etc)
• Exceptional analytical and critical thinking, willingness to challenge status quo
• Excellent interpersonal skills
• Advanced written and oral communications, self-motivator
• Great teammate and independent worker, highly adaptive

We offer excellent benefits that help make Tesco a great place to work!  These include but are not limited to:

• Annual bonus scheme
• Holiday starting at 25 days plus a personal day (and bank holidays)
• Great colleague discounts and deals, saving you money on everyday purchases, utility bills for the home and more
• Retirement savings plan – save between 4% and 7.5% and Tesco will match your contribution
• Buy as you earn and Save as you earn share schemes
• Opportunities to get on – take advantage of our ongoing learning opportunities and award-winning training to help you achieve the career you want=

Our vision at Tesco is to become every customer’s favourite way to shop, whether they are at home or out on the move.  Our core purpose is “Serving our customers, communities and planet a little better every day”.  Serving means more than a transactional relationship with our customers.  It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of, and for the planet.

We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves.  At Tesco, we not only celebrate diversity, but recognise the value and opportunity it brings.  We’re committed to creating a workplace where differences are valued, and make sure that all colleagues are given the same opportunities.  We’re a big business with diverse working patterns and many business areas which means that we can find something that works for you.  Everyone is welcome at Tesco.

We have recently announced that we are moving to a more blended working week – combining office and remote working.  Our offices continue to be where we connect, collaborate and innovate.  Talk to us about how this can work for you.

Note: Should you be successful in your application, your employment will be subject to and conditional upon you providing your bank account details on your agreed start date.