About the role
Our Security Operations Centre (SOC) is at the heart of monitoring and investigating cybersecurity incidents for the Tesco Group. They operate closely with other cybersecurity teams, including Digital Forensics and Incident Response, Threat Intelligence, Automation and Detection Engineering, to protect, detect, and respond to security threats across Tesco’s complex estate. Beyond investigating security incidents, they maximise their expertise to collaborate with other teams, driving innovation and improving our overall security capabilities.
The Security Operations Centre Manager will lead a skilled team, deliver high-quality service, and collaborate with cybersecurity professionals. Take charge of coordinating initiatives that integrate efforts across security teams and the wider Tesco Technology organization. Emphasize the development of team members and the maturity of the SOC's capabilities. Drawing on extensive security operations experience and strong critical thinking skills, the SOC Manager will support incident analysis and maintain a clear view of the operational and threat landscape, ensuring a coordinated and effective response to emerging incidents.
At Tesco, we believe in the power of spending more time together, face to face, than apart. So, during your working week, you can expect to spend 60% of your time in one of our office locations or local sites and the rest remotely. We also recognise that life looks a little different for each of us. Some people are at the start of their careers, some want the freedom to do the things they love. Others are going through life-changing moments like becoming a carer, nearing retirement, adapting to parenthood, or something else. That’s why at Tesco, we always welcome a conversation about flexible working. So, talk to us throughout your application about how we can support.
You will be responsible for
* Lead an effective and efficient SOC service that delivers timely detection, analysis, and response to security alerts and incidents.
* Ensure continuous improvement and alignment of new initiatives with the broader security strategy, keeping it central to all planning and execution, while also reporting on its implementation.
* Stay ahead of the cyber threat landscape and specifically those within Tesco verticals (e.g., retail, transport, fuel, pharmacy).
* Lead the team through complex operational landscapes and security incidents, ensuring accurate interrogation, analysis, and presentation of threat-related data and ensuring decisive actions.
* Develop team member leadership skills and technical capabilities.
* Encourage industry leading investigative analysis through comprehensive response playbooks, formulating detection use cases and automations, and research service-enhancing tools.
* Encourage and implement innovative practices in threat monitoring and response, fostering continuous improvement and adaptation to emerging threats.
* Use threat intelligence to focus investigation and detection efforts and adhering to the threat hunting strategy and processes.
* Develop, implement, and maintain policies, standards, and procedures for security operations investigations and incidents, ensuring alignment with legal and regulatory requirements.
* Conduct SOC service reviews, including evaluating capacity, assessing quality, conducting purple and red team exercises, and performing internal evaluations.
* Collaborate closely with teams across cybersecurity, technology, and beyond.
* Lead service improvements through projects and initiatives, ensuring clear communication of plans, implementation, and progress updates.
* Monitor and assess managed security service provider performance, ensuring alignment to contracted service and operational level agreements.
* Maintain high-quality standards through regular audits, evaluations, and the implementation of continuous improvement.
* Following our Business Code of Conduct and always acting with integrity and due diligence
You will need
Operational skills relevant for the role:
* SOCS Service Management: Operate SOC within large enterprise.
* Define and measure key performance indicators (e.g., MTTD, MTTR) to evaluate SOC performance and meet objectives and SLAs.
* SOC Process Optimisation: Continuously improve SOC workflows, alert triage, and incident resolution.
* Automation and Orchestration: Use automation tools to improve manual tasks, reduce response times, and improve detection.
* Service Level Agreement (SLA) Management: Ensure alignment to SLAs with internal teams and external service providers.
* Collaboration Across Teams: Work across cybersecurity and IT teams to drive integrated security solutions.
* Security Tool Management: Manage and optimise SOC technologies like SIEM, EDR, and SOAR for effective threat detection.
* Training and Development: Implement training programs to enhance SOC analysts' technical skills and incident response.
* Vendor Management: Manage third-party vendors and MSSPs to ensure they meet performance expectations.
Experience relevant for this role:
* Demonstrable experience (4+ years') in successfully leading a high-performance team, including security analysts at all levels.
* Proficient in security operations, including technical analysis, investigations, and handling security incidents in large-scale, fast-paced corporate environments both on premise and in the cloud.
* A strong, up-to-date understanding of the security threats facing large enterprises and the challenges these present to the SOC.
* Experience with technical analysis of enterprise systems including operating systems, networks, cloud, and complex architectures.
* Experience with a broad range of enterprise security technologies including EDR, SIEM and SOAR.
* Familiarity with at least one scripting language such as Python, PowerShell etc.
* Awareness of how AI can be applied in both offensive and defensive team operations, including its potential for threat detection and incident response to enhance security posture.
* Excellent written and verbal communication skills
* Ability to think critically and lead technical investigation.
* Ability to handle high stress situations with composure, efficiency, and integrity.
* Completion of relevant training courses such as SANS LDR551, SEC504, FOR508, ITIL Framework; certifications (or equivalents) are desirable but not needed.
What’s in it for you
We’re all about the little helps. That’s why we make sure our Tesco colleague benefits package takes care of you – both in and out of work. Click Here to find out more!
* Annual bonus scheme of up to 20% of base salary
* Holiday starting at 25 days plus a personal day (plus Bank holidays)
* Private medical insurance
* 26 weeks maternity and adoption leave (after 1 years’ service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 6 weeks fully paid paternity leave
* Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing
About us
Our vision at Tesco is to become every customer's favourite way to shop, whether they are at home or out on the move. Our core purpose is ‘Serving our customers, communities and planet a little better every day’. Serving means more than a transactional relationship with our customers. It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of and for the planet.
Diversity, equity and inclusion (DE&I) at Tesco means that whoever you are and whatever your background, we always want you to feel represented and that you can be yourself at work. In short, we’re a place where Everyone’s Welcome. We’re proud to have been accredited Disability Confident Leader and we’re committed to providing a fully inclusive and accessible recruitment process. For further information on the accessibility support we can offer, please click here .
We’re a big business and we can offer a range of diverse full-time & part-time working patterns across our many business areas, which means that we can find something that works for you. We work in a more blended pattern -combining office and remote working. Our offices will continue to be where we connect, collaborate and innovate.