Tesco – Penetration Tester
Job Description
We are passionate about step changing our cyber security capability to better protect customers and colleagues across our global business, and we’re building an internal penetration testing function to complement and help further mature our defensive security capabilities.
This new role challenges you to use your offensive skills to discover and demonstrate vulnerabilities and weaknesses in our systems.
Tesco Technology has hundreds of software and infrastructure engineers deploying solutions at scale using many different technology stacks, from traditional on-premise infrastructure to cloud-centric containerised deployments.
Working collaboratively with our developers is key to us identifying and addressing these findings, efficiently and at scale across Tesco.
You will have the opportunity to help application teams remediate issues, to help infrastructure teams to build better supporting functions and to help improve our detection and response teams by proposing new detection ideas or providing your offensive security knowledge to aid in incident response.
We believe that skilled and hard-working people are our greatest asset in reducing cyber risk to our business and customers.
We encourage and support continual development and recognise the importance of keeping up with the latest technology (as well as all the older stuff) and an evolving threat landscape.
Are you up for this challenge?
🚨 Before You Apply: Your Resume Needs to Shine!
Did you know? 75% of applications get rejected before reaching a human recruiter – all because of poorly formatted resumes that fail ATS scans!
🔥 Get Interview-Ready in Minutes with Our Professionally Designed Resume Templates!
✅ 5+ ATS-Friendly Designs – Beat the bots and get noticed
✅ Recruiter-Approved Layouts – Highlight your skills the right way
✅ Easy-to-Edit (Word & Google Docs) – No design skills needed
✅ Free Bonus: Cover Letter Template + Resume Writing Guide
🎁 Limited-Time Offer: Get yours for just ₹249 (originally ₹999)
📥 Instant Download – Apply to Google with confidence today!
👉 Grab Your Resume Template Now: Tap Here to get your resume Templates
Responsibilities
We’re all about the little helps. That’s why we make sure our Tesco colleague benefits package takes care of you – both in and out of work. Click Here to find out more!
Annual bonus scheme of up to 20% of base salary
Holiday starting at 25 days plus a personal day (plus Bank holidays)
Private medical insurance
26 weeks maternity and adoption leave (after 1 years’ service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 4 weeks fully paid paternity leave
Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing
You will be responsible for
You’ll be working in an offensively trained and defensively focused security team.
Your primary responsibility will be to deliver high-quality security assessments in a variety of areas including web application, API, mobile, and infrastructure.
But, unlike in a typical consultancy role, you’ll also have the advantage of being able to use internal knowledge, data sources and tools to help identify attack vectors and be able to test out your hypotheses.
There will be other opportunities to stretch your skills:
•You could work with our security engineers to refine and develop our detections
• Participate in purple teaming exercises carrying out wider assessments of our security posture
• Help triage and validate findings from our bug bounty program
• Triage and validate Tesco’s risk posture for newly released CVEs as part of vulnerability management
We support our colleagues on their career development and provide time and opportunities throughout the year to carry out research, as well as training supported by us to ensure you continue to develop and innovate in offensive security.
You will need
• Penetration testing experience performing authorised tests on computer systems, exposing weaknesses in security that potentially could be exploited.
• GPEN, CREST, OSCP, OSEP or other industry relevant certifications are helpful but not crucial.
• An understanding of operating system and networking fundamentals, and underlying principles
• Knowledge of preventative and detective controls (EDR , firewalls, IDS, IPS, anti-virus, etc)
• Analytical and critical thinking skills, willingness to challenge status quo
• Good written and oral communication skills
• To be comfortable working both independently, and collaboratively in a diverse team
