Security Engineering Manager – DFIR Our Digital Forensics and Incident Response (DFIR) team leads the technical investigation and response to cybersecurity incidents for the Tesco Group. They collaborate closely with other cybersecurity teams, including Security Operations, Threat Intelligence, Automation and Detection Engineering, to protect, detect, and respond to security threats across Tesco’s diverse and evolving estate. Beyond investigating security incidents, they use their expertise to work with other teams, driving innovation and improving our overall security capabilities. We are seeking a leader to run and expand our specialist team, working in tandem with the Principal DFIR Security Engineer. This role involves guiding individual development and leading all aspects of project work to mature capabilities. Responsibilities also include broader initiatives that integrate efforts across various security teams and the wider Tesco Technology organisation. During an incident, you will use your deep technical knowledge and extensive experience in incident response to guide the team through investigations. Your critical thinking skills will be valuable in contributing to incident analysis, while also delegating tasks and collaborating with other incident managers to maintain a comprehensive view of the situation. In this role, I am accountable for: Lead and mentor the digital forensic team, growing both their technical and leadership skills. Lead the response in cyber security incidents ensuring a coordinated approach to ensure a comprehensive and efficient response. Develop, implement, and maintain policies and procedures for digital forensics investigations, ensuring they align with the latest legal and regulatory requirements. Ensure the proper collection, preservation, and analysis of digital evidence. Drive continued development of the team’s technical capabilities and consider how technologies such as automation and AI can improve their ways of working. Work collaboratively with teams across cyber security, technology and beyond. Lead DFIR specific projects, which includes planning, implementing, and monitoring of progress. Relevant experience required: 2 years’ experience managing a team of technical specialists. Proven experience with digital forensics and incident response, including for security incidents in large-scale corporate environments across on premise and cloud. A strong, up to date understanding of the security threats facing large enterprises and the challenges these can present to incident response. Experience with forensic and file analysis across Windows, MacOS, and Unix operating systems. Experience with a broad range of enterprise security technologies including EDR, SOAR, and SIEM. Familiarity with at least one scripting language such as Python, PowerShell etc. Excellent written and verbal communication skills for reporting and teamwork. Ability to think critically and lead technical investigations. Ability to handle high pressure situations in a calm, productive, and professional manner. Completion of relevant training courses such as the SANS 500 Forensics, 508 DFIR, and 610 Malware Analysis courses and their accompanying certs or equivalent is desirable but not needed.