{"@context":"https://schema.org/","@type":"JobPosting","title":"Penetration Tester

Tesco PLC
9 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Compensation
£ 42K

Job location

Tech stack

API
Software System Penetration Testing
Statistical Hypothesis Testing
Intrusion Detection Systems
Software Vulnerability Management
Web Applications
Firewalls (Computer Science)
Information Technology
Operational Systems

Job description

We are building an internal penetration testing function to strengthen our defensive security capabilities. This role uses offensive skills to discover and demonstrate vulnerabilities in our systems. Tesco Technology deploys solutions across a range of stacks, from on-premise infrastructure to cloud-centric deployments. You will work with developers to address findings at scale across Tesco, help application teams remediate issues, assist infrastructure teams, and contribute to detection and incident response with your offensive security knowledge.

We believe skilled, hard-working people are our greatest asset in reducing cyber risk. We support continual development and keeping up with the evolving threat landscape.

Are you up for this challenge?

You will be responsible

You will be working in an offensively trained and defensively focused security team. Your primary responsibility is to deliver high-quality security assessments in areas including web applications, APIs, mobile, and infrastructure. You will have access to internal knowledge, data sources, and tools to identify attack vectors and test hypotheses.

There are opportunities to stretch your skills, including :

  • Refining and developing our detections with security engineers
  • Participating in purple teaming exercises to assess broader security posture
  • Triaging and validating findings from our bug bounty program
  • Triaging and validating Tesco's risk posture for newly released CVEs as part of vulnerability management

We support colleagues' career development with time and opportunities for research, plus training to develop and innovate in offensive security.

Requirements

  • Penetration testing experience performing authorised tests on computer systems, identifying weaknesses that could be exploited
  • GPEN, CREST, OSCP, OSEP or other industry certifications are helpful but not essential
  • Understanding of operating systems and networking fundamentals
  • Knowledge of preventative and detective controls (EDR, firewalls, IDS / IPS, anti-virus, etc.)
  • Analytical and critical thinking, willingness to challenge the status quo
  • Good written and oral communication skills
  • Ability to work independently and collaboratively in a diverse team

Benefits & conditions

  • Annual bonus scheme of up to 20% of base salary
  • Holiday starting at 25 days plus a personal day plus Bank holidays
  • Private medical insurance
  • 26 weeks maternity and adoption leave (after 1 year's service) at full pay, followed by statutory pay; fully paid paternity leave is also offered
  • Free 24 / 7 virtual GP service and Employee Assistance Programme (EAP) for you and your family

Apply for this position