About the role
Our Security Operations Centre (SOC) is at the heart of monitoring and investigating cybersecurity incidents for the Tesco Group. They operate closely with other cybersecurity teams, including Digital Forensics and Incident Response, Threat Intelligence, Automation and Detection Engineering, to protect, detect, and respond to security threats across Tesco’s complex estate. Beyond investigating security incidents, they maximise their expertise to collaborate with other teams, driving innovation and improving our overall security capabilities.
The Security Operations Centre Manager will lead a skilled team, deliver high-quality service, and collaborate with cybersecurity professionals. Take charge of coordinating initiatives that integrate efforts across security teams and the wider Tesco Technology organization. Emphasize the development of team members and the maturity of the SOC\'s capabilities. Drawing on extensive security operations experience and strong critical thinking skills, the SOC Manager will support incident analysis and maintain a clear view of the operational and threat landscape, ensuring a coordinated and effective response to emerging incidents.
At Tesco, we believe in the power of spending more time together, face to face, than apart. So, during your working week, you can expect to spend 60% of your time in one of our office locations or local sites and the rest remotely. We also recognise that life looks a little different for each of us. Some people are at the start of their careers, some want the freedom to do the things they love. Others are going through life-changing moments like becoming a carer, nearing retirement, adapting to parenthood, or something else. That’s why at Tesco, we always welcome a conversation about flexible working. So, talk to us throughout your application about how we can support.
You will be responsible for
* Lead an effective and efficient SOC service that delivers timely detection, analysis, and response to security alerts and incidents.
* Ensure continuous improvement and alignment of new initiatives with the broader security strategy, keeping it central to all planning and execution, while also reporting on its implementation.
* Stay ahead of the cyber threat landscape and specifically those within Tesco verticals (e.g., retail, transport, fuel, pharmacy).
* Lead the team through complex operational landscapes and security incidents, ensuring accurate interrogation, analysis, and presentation of threat-related data and ensuring decisive actions.
* Develop team member leadership skills and technical capabilities.
* Encourage industry leading investigative analysis through comprehensive response playbooks, formulating detection use cases and automations, and research service-enhancing tools.
* Encourage and implement innovative practices in threat monitoring and response, fostering continuous improvement and adaptation to emerging threats.
* Use threat intelligence to focus investigation and detection efforts and adhering to the threat hunting strategy and processes.
* Develop, implement, and maintain policies, standards, and procedures for security operations investigations and incidents, ensuring alignment with legal and regulatory requirements.
* Conduct SOC service reviews, including evaluating capacity, assessing quality, conducting purple and red team exercises, and performing internal evaluations.
* Collaborate closely with teams across cybersecurity, technology, and beyond.
* Lead service improvements through projects and initiatives, ensuring clear communication of plans, implementation, and progress updates.
* Monitor and assess managed security service provider performance, ensuring alignment to contracted service and operational level agreements.
* Maintain high-quality standards through regular audits, evaluations, and the implementation of continuous improvement.
* Following our Business Code of Conduct and always acting with integrity and due diligence
You will need
Operational skills relevant for the role:
* SOCS Service Management: Operate SOC within large enterprise.
* Define and measure key performance indicators (e.g., MTTD, MTTR) to evaluate SOC performance and meet objectives and SLAs.
* SOC Process Optimisation: Continuously improve SOC workflows, alert triage, and incident resolution.
* Automation and Orchestration: Use automation tools to improve manual tasks, reduce response times, and improve detection.
* Service Level Agreement (SLA) Management: Ensure alignment to SLAs with internal teams and external service providers.
* Collaboration Across Teams: Work across cybersecurity and IT teams to drive integrated security solutions.
* Security Tool Management: Manage and optimise SOC technologies like SIEM, EDR, and SOAR for effective threat detection.
* Training and Development: Implement training programs to enhance SOC analysts\' technical skills and incident response.
* Vendor Management: Manage third-party vendors and MSSPs to ensure they meet performance expectations.
Experience relevant for this role:
* Demonstrable experience (4+ years\') in successfully leading a high-performance team, including security analysts at all levels.
* Proficient in security operations, including technical analysis, investigations, and handling security incidents in large-scale, fast-paced corporate environments both on premise and in the cloud.
* A strong, up-to-date understanding of the security threats facing large enterprises and the challenges these present to the SOC.
* Experience with technical analysis of enterprise systems including operating systems, networks, cloud, and complex architectures.
* Experience with a broad range of enterprise security technologies including EDR, SIEM and SOAR.
* Familiarity with at least one scripting language such as Python, PowerShell etc.
* Awareness of how AI can be applied in both offensive and defensive team operations, including its potential for threat detection and incident response to enhance security posture.
* Excellent written and verbal communication skills
* Ability to think critically and lead technical investigation.
* Ability to handle high stress situations with composure, efficiency, and integrity.
* Completion of relevant training courses such as SANS LDR551, SEC504, FOR508, ITIL Framework; certifications (or equivalents) are desirable but not needed.
What’s in it for you
We’re all about the little helps. That’s why we make sure our Tesco colleague benefits package takes care of you – both in and out of work. Click Here to find out more!
* Annual bonus scheme of up to 20% of base salary
* Holiday starting at 25 days plus a personal day (plus Bank holidays)
* Private medical insurance
* 26 weeks maternity and adoption leave (after 1 years’ service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 6 weeks fully paid paternity leave
* Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing
About us
Tesco has become a market leader by doing the little things that really matter for our customers and colleagues.
It’s part of what makes Tesco such a great place to work, and we’re proud to have been accredited as one of Britain’s Top Employers again this year.
We're the UK's number one retailer and we pride ourselves on offering a great shopping experience. We are passionate about our food, merchandise and services and will always try to get things right for our customers.
But did you know we also offer great job opportunities? With stores, distribution centres and offices across the UK, and a vast variety of roles, we are always looking for people who have a hunger to work with customers and colleagues across our exciting business.
We believe in treating each other with respect and giving everyone an equal opportunity to get on. It's our people that make the difference every day - helping us make a difference for our customers
Should you be successful in your application, your offer will be subject to and conditional upon you providing your bank account details before your agreed start date.
For more information about us please visit
Proud member of the Disability Confident employer scheme
Disability Confident
About Disability Confident
A Disability Confident employer will generally offer an interview to any applicant that declares they have a disability and meets the minimum criteria for the job as defined by the employer. It is important to note that in certain recruitment situations such as high-volume, seasonal and high-peak times, the employer may wish to limit the overall numbers of interviews offered to both disabled people and non-disabled people. For more details please go to Disability Confident .