Security Operations Centre Analyst 2 (hybrid)

About Tesco

Tesco Technology is not your standard IT Department, we’re a Technology organisation driving change and delivering value by building great products for our customers and colleagues every day.

Our team is innovative, highly-skilled, agile, passionate and fun. If you’re looking for an environment to create cutting edge solutions which make a difference to millions of customers and colleagues across the globe, then this is the place for you.

About The Security & Capability Team

We are the eyes and ears of the organisation using the latest technologies to: increase visibility and protection of our data, systems, and services; to optimise capability whilst reducing risk and impact to our customers, colleagues and business. We need to stay ahead of the latest trends, continuously improving our tooling and develop our training and processes.

The Role – SOC Analyst

As a SOC Analyst, you will primarily focus on the detection, investigation, and resolution of security incidents by applying a blend of your technical skills, experience, and knowledge of security principles. Furthermore, you will contribute to the effectiveness and maturity of the Security Operations Centre (SOC) team by contributing to tooling, updating and creating new run books, keeping abreast of the latest patterns and trends within the wider security arena. Maintaining a high-level of awareness, improving our incident response, and remediation support are day to day team activities. You will commit to maintain proficiency, research and share the latest attack techniques, new concepts and other interesting security related topics.

You will be on your way to building a strong security-themed portfolio of experience and roles. You see this SOC Analyst role within Tesco, a leading international retailer and technology organisation, as the next logical step to develop and hone your skills. You will be enthusiastic, resourceful, and innovative. Furthermore, you will relish the challenge of solving complex problems by drawing upon your curiosity, technical knowledge and ability to think outside the box.

Key Skills and Experience

• SIEM tooling operation or administration (e.g. Splunk, ELK Stack, QRadar)
• Utilise playbooks, checklists and online resources for guidance in response to incidents
• Hands-on experience and theoretical understanding of TCP/IP and other related network protocols: TCP, ARP, ICMP, DHCP, DNS, HTTP, SNMP
• Command line experience and using/modifying basic scripts
• Working knowledge of the Cyber Kill Chain and/or Incident Response Phases
• Broad understanding of key security concepts/principles (CIA, threats, vulnerabilities, and exploits)
• Broad understanding of commonly accepted attackers' tools and tactics

Personal Characteristics

• Demonstrable curiosity, enthusiasm and pro-active attitude to security and personal development
• Commitment to driving SOC capability towards greater maturity and observing KPIs along the way
• Problem solver by nature, willingness to challenge the status quo
• Excellent interpersonal skills, written and oral communications, self-motivator
• Team player and independent worker, relationship builder
• Ability to liaise with subject matter experts, key stakeholders and colleagues at all levels

Desirable Experience / Tools / Technologies

• Strong background in Information Technology; though not necessarily in security
• Proficient in at least one or more, within a corporate environment, from: Endpoint operating systems (e.g. Microsoft, Linux, and/or OS X; especially Kali)
• Core networking principles (e.g. switches, routers, wireless access points, Internet)
• Infrastructure security devices (e.g. firewalls, proxies, IDS/IPS)
• Supporting enterprise level services (e.g. AD, DNS, DHCP, IIS, Apache, VPN/DA, Databases)
• Anti-virus, anti-malware, ransomware, data leak protection
• Vulnerability management, endpoint forensics, intrusion analysis activities
• Cloud computing platform (e.g. AWS, Azure, GoogleCloud)
• Open-Source Security tools
• One or more from: Python, PowerShell, Bash, Java
• Exposure to Agile/DevOps methods of working

Essential Certifications (or willingness to achieve within 9 months of starting)

• CompTIA N+, CompTIA Security+, ISC2 SSCP, Splunk Power User

Desirable Certifications

One or more from: CompTIA A+ and/or CompTIA N+, CompTIA Security+, GSEC, GCIH, GCIA, CEH, OSCP, SSCP, CCENT, CCNA, CCNA Security. Where appropriate other industry relevant certifications will be considered.

The job requires to be based in/close to Prague.

If this sounds exciting, then we'd love to hear from you!

Let us know you are interested by pushing the APPLY button!

#LI-ACS1