We are passionate about step changing our cyber security capability to better protect customers and colleagues across our global business. As part of this we’re growing our security testing function to complement and help further mature our defensive security capabilities. This new role is the ideal opportunity for a red teamer who would like to embrace the challenge of helping us build a red team capability to complement our team of penetration testers. As we broaden our security testing to become more threat-led, we want to ensure we regularly test ourselves against the potential threats we might face. We encourage positive engagement with our detection and response teams to help push the envelope of what we do at Tesco. You will have the opportunity to help support and develop a mature blue team capability even further. You will also support and collaborate with application and infrastructure teams to help address any underlying issues that you find along the way. We believe that skilled and hard-working people are our greatest asset in reducing cyber risk to our business and customers. We encourage and support continual development and recognise the importance of keeping up with the latest technology (as well as all the older stuff) and an evolving threat landscape. Are you up for this challenge? At Tesco, we believe in the power of spending more time together, face to face, than apart. So, during your working week, you can expect to spend 60% of your time in one of our office locations or local sites and the rest remotely. We also recognise that life looks a little different for each of us. Some people are at the start of their careers, some want the freedom to do the things they love. Others are going through life-changing moments like becoming a carer, nearing retirement, adapting to parenthood, or something else. That’s why at Tesco, we always welcome a conversation about flexible working. So, please talk to the Hiring Manager about how they can support you. You’ll be working in an offensively trained and defensively focused security team. Your primary responsibility will be to help us further mature our security testing team to include a threat-led testing capability. You’ll be working in a team of other testers and, unlike in a typical consultancy role, you’ll also have the advantage of being able to use internal knowledge, data sources and tools to help identify attack vectors and be able to test out your hypotheses. There will be other opportunities to stretch your skills: supporting our wider security capability by providing a red teamers perspective to pentesting, security detection and prevention engineering mentor and develop others in the team support the validation of findings from our bug bounty program triage and validate Tesco’s risk posture for newly released CVEs as part of vulnerability management You will be given time and opportunities to carry out personal research and development as well as put yourself through certifications supported by us to ensure you remain at the leading edge of offensive security. Experience of leading or performing red team engagements in a corporate environment, exposing weaknesses in security that potentially could be exploited Familiarity with established frameworks such as TIBER-EU or MITRE ATT&CK Experience of at least one C2 framework (for example Cobalt Strike, Mythic, Havoc) Experience of building or managing C2 infrastructure CRTO or other industry relevant certifications are desired but not crucial Knowledge of preventative and detective controls (EDR, firewalls, IDS, IPS, anti-virus, etc) Analytical and critical thinking skills, willingness to challenge status quo Good written and oral communication skills To be comfortable working both independently, and collaboratively in a diverse team