Security Analyst III - SOC

Job Description

As a Security Analyst III, you will be the technical authority within the SOC, leading high-quality investigations and proactive threat hunting to protect the organisation from evolving threats. This hands-on role combines advanced technical expertise with leadership, coaching analysts, driving SOC maturity, and optimising tools and processes to set the standard for excellence across the team.

You will act as a role model for SOC Analysts, coaching and guiding them to elevate technical capability and analytical rigour. Beyond day-to-day operations, you will lead maturity objectives, optimise SOC tooling, and identify opportunities for automation, AI integration, and impactful service improvements. You will also play a key role within the CSIRT team, collaborating on major incidents.

• Deliver high-quality investigative analysis to ensure rapid and accurate incident resolution.
• Act as the escalation point and technical authority for complex SOC investigations.
• Lead proactive threat-hunting initiatives to identify and mitigate emerging threats before they impact the business.
• Role-model analytical excellence and decision-making, setting the benchmark for SOC performance.
• Coach and mentor analysts to build technical depth and confidence across the team.
• Drive SOC maturity objectives, improving processes, tooling, and automation for greater efficiency.
• Enhance SOC tool utilisation, including workflow optimisation.
• Identify and implement automation, AI-driven enhancements, and playbook developments.
• Support CSIRT activities during major incidents, ensuring coordinated and effective response.
• Monitor MSSP performance, ensuring alert triage and investigations meet quality and timeliness standards.

• Over 2 years’ experience working in an internal SOC or 3 years at an MSSP in a senior role.
• Deep knowledge of cybersecurity frameworks: MITRE ATT&CK, Cyber Kill Chain, Incident Response Lifecycle, Pyramid of Pain.
• Expertise in threat hunting and advanced investigative analysis.
• Deep understanding of attacker tactics, techniques, and procedures (TTPs) and threat actor behaviours.
• Proficiency in SIEM/XDR platforms and tuning detection logic, use cases, and alert optimisation.
• Advanced querying and scripting skills (e.g., KQL, SPL) for data analysis and threat detection.
• Ability to recommend tooling enhancements and process improvements to strengthen SOC capability.
• Practical knowledge of networks, operating systems, and scripting for investigative purposes.
• Experience in leading technical initiatives and driving service maturity improvements.
• Demonstrated ability to coach and develop team members, fostering technical excellence.

Desirable

• GIAC certifications
• Other relevant certifications such as CISSP or CISM will be considered.
• A relevant degree, with professional experience.

Our vision at Tesco is to become every customer's favourite way to shop, whether they are at home or out on the move. Our core purpose is ‘Serving our customers, communities and planet a little better every day’. Serving means more than a transactional relationship with our customers. It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of and for the planet. We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves. At Tesco, we not only celebrate diversity, but recognise the value and opportunity it brings. We're committed to creating a workplace where differences are valued, and make sure that all colleagues are given the same opportunities. We’re proud to have been accredited Disability Confident Leader and we’re committed to providing a fully inclusive and accessible recruitment process. For further information on the accessibility support we can offer, please click here. We’re a big business and we can offer a range of diverse full-time & part-time working patterns across our many business areas, which means that we can find something that works for you. We work in a more blended pattern - combining office and remote working. Our offices will continue to be where we connect, collaborate and innovate. If you are applying internally, please speak to the Hiring Manager about how this can work for you - Everyone is welcome at Tesco.