Cyber Security Engineer - Digital Forensics Incident Response

Hours: 36

Salary: Competitive

Location: Welwyn Garden City AL7 1GA

United Kingdom

Apply by: 27/05/2022

Cyber Security Engineer - Digital Forensics Incident Response

Welwyn Garden City AL7 1GA

Add to basket Share Apply

About the role

Working within our Digital Forensics and Incident Response (DFIR) team, you will be a technical lead and subject matter expert for the investigation and response into cyber security threats day to day. You will be required to understand the changing threat landscape, and perform forensics across host, memory, and network artefacts, together with logging data available in SIEM, EDR and other security platforms. You will work closely with multiple teams, including security operations, engineering, and risk & compliance, in a fast moving and agile environment. The ideal candidate will be comfortable as a go to person for on-going forensic incident response as part of the wider cyber security team. Where potential threats are identified you contribute to and lead response and investigation efforts required to obtain all of the facts.

You will be responsible for

Responsible for responding to threats and performing investigations which require forensic and incident response expertise.  

A typical day will involve close working with security teams, responding to incidents and alerts, aiding investigations, and continually improving our response, detect and prevention processes. You might need to perform host, memory, or network forensic analysis, and will be able to leverage DFIR specific and other security operational tooling and capability.

In addition to providing support during cyber security incidents, you will also participate in threat hunts, and occasionally work with other security teams on broader work, recommendations, and improvements.

You will need

Key Skills and Experience:

• Experience of digital forensics and incident response in enterprise environments

• Experience of evidence and artefact acquisition, both via physical and remote methods

• Understanding of file system fundamentals, e.g. NFTS, ext2, ext3, ext4 etc

• Experience with commercial and open-source forensic toolsets such as X-Ways, Zimmerman Tools, Axiom, Autopsy, or equivalents

• Experience with memory analysis frameworks such as Volatility or Rekall

• Knowledge of Windows and/or Linux operating systems and internals

• Understanding of modern attacker TTPs and what artefacts these would leave behind

• A broad understanding of security concepts; an interest and passion for cyber security / DFIR

• An analytical mindset; ability in problem solving and comfortable working on production systems at scale

• Ability to work independently as well as part of a team

• Working knowledge of one major programming language, including scripting languages like Python and PowerShell

• Willingness to participate in on call activities out of normal hours (paid)

What’s in it for you

We offer excellent benefits that help make Tesco a great place to work!  These include but are not limited to:

  • Annual bonus scheme
  • Holiday starting at 25 days plus a personal day (and bank holidays)
  • Great colleague discounts and deals, saving you money on everyday purchases, utility bills for the home and more
  • Retirement savings plan – save between 4% and 7.5% and Tesco will match your contribution
  • Buy as you earn and Save as you earn share schemes
  • Opportunities to get on – take advantage of our ongoing learning opportunities and award-winning training to help you achieve the career you want

About us

Our vision at Tesco is to become every customer’s favourite way to shop, whether they are at home or out on the move.  Our core purpose is “Serving our customers, communities and planet a little better every day”.  Serving means more than a transactional relationship with our customers.  It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of, and for the planet.

We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves.  At Tesco, we not only celebrate diversity, but recognise the value and opportunity it brings.  We’re committed to creating a workplace where differences are valued, and make sure that all colleagues are given the same opportunities.  We’re a big business with diverse working patterns and many business areas which means that we can find something that works for you.  Everyone is welcome at Tesco.

We have recently announced that we are moving to a more blended working week – combining office and remote working.  Our offices continue to be where we connect, collaborate and innovate.  Talk to us about how this can work for you.

Note: Should you be successful in your application, your employment will be subject to and conditional upon you providing your bank account details on your agreed start date.

Application process

Our office application process varies depending on the role and the level of experience needed.

Back to top