Incident Responder (DFIR)
Role details
Job location
Tech stack
Job description
Our Digital Forensics and Incident Response (DFIR) team leads the technical investigation and response to security incidents at Tesco. As part of this team, you'll work alongside our security operations, threat intelligence, and security engineering teams to protect, detect, and respond to security threats across Tesco's diverse and evolving estate. You'll apply your technical knowledge and analytical thinking to investigate and understand the scope of security incidents and threats. Your ability to clearly communicate technical findings will help provide key contextual information to decision makers, enabling informed responses. As a developing member of the team, you'll also have opportunities to collaborate with other teams and contribute to improvements across our prevention, detection, and response capabilities. You will be responsible for
-
Investigation and Response: Undertake host, network, and cloud-based forensic analysis to understand the scope of security incidents and support response actions to contain, remediate, and recover.
-
Incident Handling: Support incident managers and senior responders with root cause analysis and formulate recommendations for detective and preventive controls.
Technical Project Work: You will use your technical capabilities to work on DFIR-led projects to enhance existing processes as well as identifying and working on new methods to deliver DFIR services to the ever-changing technology requirements of the business.
Threat Hunting & Detection Engineering: You will participate in intelligence-based threat hunts and share outcomes to support our internal detection engineering programme.
Requirements
Do you have experience in macOS?, * 2+ years of relevant experience.
Exposure to security incidents in large-scale corporate environments.
Familiarity with forensic analysis on Windows, MacOS, or Unix operating systems, a growing understanding of how those operating systems function and a desire to learn more.
Experience of enterprise security technologies such as EDR, SOAR, and SIEM.
Strong analytical and problem-solving skills.
Ability to work effectively under pressure in a calm and professional manner.
Proficiency in at least one programming or scripting language with a desire to learn more.
Experience in performing basic static and dynamic triage of suspicious files desirable but not required.
Benefits & conditions
- Annual bonus scheme of up to 20% of base salary
- Holiday starting at 25 days plus a personal day (plus Bank holidays)
- Private medical insurance
- 26 weeks maternity and adoption leave (after 1 years' service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 6 weeks fully paid paternity leave
- Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing, We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves. At Tesco, we not only celebrate diversity, but recognise the value and opportunity it brings. We're committed to creating a workplace where differences are valued, and make sure that all colleagues are given the same opportunities. We're proud to have been accredited Disability Confident Leader and we're committed to providing a fully inclusive and accessible recruitment process. For further information on the accessibility support we can offer, please click here. We're a big business and we can offer a range of diverse full-time & part-time working patterns across our many business areas, which means that we can find something that works for you. We work in a more blended pattern - combining office and remote working. Our offices will continue to be where we connect, collaborate and innovate. If you are applying internally, please speak to the Hiring Manager about how this can work for you - Everyone is welcome at Tesco.
