Senior Security Engineer

Tesco UK
• Welwyn Garden City
• Full-Time
• Working hours 36
• Apply by 10-Mar-2026

To build and mature a cyber threat intelligence capability that serves as the predictive and proactive heart of our security programme. You will act as the technical authority for collecting, processing, and analysing intelligence, ensuring it enables a truly threat‑informed defence. By converging intelligence tradecraft with engineering principles, you will drive the "Intelligence-to-Action" cycle and ruthlessly prioritise the efforts of our detection and response functions.

We're all about the little helps. That's why we make sure our Tesco colleague benefits package takes care of you - both in and out of work.  to find out more!

• Annual bonus scheme of up to 20% of base salary
• Holiday starting at 25 days plus a personal day (plus Bank holidays)
• Private medical insurance
• 26 weeks maternity and adoption leave (after 1 years' service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 6 weeks fully paid paternity leave
• Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing

• Operationalise the "Intelligence-to-Action Cycle," prioritising security engineering efforts based on business risk and validated threats.
• Define and manage intelligence requirements to guide collection and ensure resources focus on the most relevant risks.
• Design "Threat Intelligence-as-Code" workflows that automatically trigger hunting packages or detection stubs in our data platform when CTI outputs are available.

• Implement, manage and optimise the Threat Intelligence Platform (TIP) and analytical tools to automate across the intelligence cycle.
• Drive technical initiatives to reduce technical debt and ensure tools scale to meet the organisation's evolving needs.
• Ensure seamless integration between CTI systems, SIEMs, SOAR,and endpoint detection platforms to correlate threats against internal telemetry and take suitable action.

• Translate unstructured intelligence into actionable detection suggestions, collaborating with engineers to address coverage gaps for high-priority adversary behaviours.
• Support proactive threat hunting by defining process and systems which enable hypothesis-driven hunts based on adversary TTPs and specific business risks.

• Champion "Automation-First" principles, using scripting (Python, Power Shell) to automate repetitive data collection and enrichment tasks.
• Leverage AI and machine learning as "Force Multipliers" to summarise complex threat reports and accelerate code generation and deployment.
• Develop advanced workflows that integrate intelligence feeds directly into defensive controls for real‑time blocking.

• Support the production of tiered intelligence products, from strategic executive briefings to operational reports on specific adversary campaigns.
• Disseminate machine‑readable indicators (IOCs) to enable immediate detection and response actions.

• Act as the technical intelligence partner to Detection Engineering, Security Operations and Incident Response, ensuring a seamless flow of actionable data.
• Establish and mature intelligence‑sharing partnerships with industry peers and intelligence‑sharing communities to strengthen collective defence.

• Experience: 3-5+ years in cybersecurity, specifically in Security Engineering, Threat Intelligence, Security Operations (SOC), Incident Response.
• Tradecraft: Advanced understanding of frameworks relating to threat modelling, threat intelligence, threat hunting and detection engineering (ATT&CK, D3
  
  FEND, Kill Chain, Attack Flow, STRIDE, DREAD, etc).
• Technical
  
  Skills:
  
  Proficiency in scripting languages (e.g., Python, Power Shell) for analysis, automation, and workflow improvement.
• Tooling: Hands‑on experience with Threat Intelligence Platforms (TIPs) (MISP, Threat Connect, etc) and SIEM technologies (Splunk, Sentinel, etc).
• Com…