Incident Manager - SOC

Tesco UK  •  Welwyn Garden City  •  Hybrid  •  Full-Time  •  Permanent  •  Apply by 22-Sep-2025 About the role

Our Security Operations Centre (Soc) Leads The Monitoring And Investigation Of Cybersecurity Incidents For The Tesco Group. We Work Closely With Incident Managers And Other Cybersecurity Teams, Including Digital Forensics And Incident Response, Threat Intelligence, Automation And Detection Engineering, To Protect, Detect, And Respond To Security Threats Across Tesco’S Diverse And Evolving Estate. Beyond Investigating Security Incidents, We Focus On Continuous Improvement Of Our Overall Security Capabilities Through Our Expertise And Collaboration.

We Are Seeking An Experienced Incident Manager To Effectively Resolve Cybersecurity Incidents. As Incident Manager, You Will Be At The Forefront Of Handling Incidents, Coordinating Efforts Across Various Teams And Geographies, And Communications To Ensure Swift And Effective Responses To Minimise The Impact Of Cyber Threats. We Build Strong Relationships And Work Across The Tesco Group And Subsidiaries, Third-Party Service Providers, And A Wide Range Of Technical Specialists. We Regularly Participate In Cybersecurity Exercises, Training, And Personal Development To Maintain And Build Technical Proficiency.

Day to day, you will use our broad technical knowledge and extensive experience in incident management and security operations to guide our teams through effective incident handling. Apply critical thinking skills to coordinate and resolve incidents and collaborate with security colleagues and partners to maintain a comprehensive view of emerging incidents and the threat landscape.
What is in it for you We’re all about the little helps. That’s why we make sure our Tesco colleague benefits package takes care of you – both in and out of work. Click Here to find out more!   

• Annual bonus scheme of up to 20% of base salary 
• Holiday starting at 25 days plus a personal day (plus Bank holidays) 
• Private medical insurance 
• 26 weeks maternity and adoption leave (after 1 years’ service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 4 weeks fully paid paternity leave 
• Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing 
• Following our Business Code of Conduct and always acting with integrity and due diligence.
• Leading incident management activities in a large complex operational landscape and in multiple geographies.
• Lead security incidents ensuring a coordinated approach to ensure a comprehensive and efficient response and adhering to the incident lifecycle.
• Handling multiple incidents simultaneously, ensuring each is managed effectively and efficiently.
• Assembling timelines and owning all communications, during incidents.
• Taking ownership of briefings to the incident team, peer security teams, and senior leadership.
• Organising the transition from active incident response to business as usual.
• Handling high stress situations with composure, efficiency, and integrity, whilst recognising natural human responses, and maintaining team morale.
• Developing cyber incident management exercises and training to test our response to threats like ransomware, insider threats, and Business Email Compromises.
• Develop, implement, and maintain policies, standards, and procedures for incident management.
• Regular reporting of incident patterns and trends to peers and senior leadership.
• Drive continued development of security operations incident response capabilities and consider how technologies, such as automation and AI, can improve ways of working.
• Work closely with teams across cyber security, technology and beyond.

You will be responsible for
You will need

• Experience in successfully leading and coordinating incidents across multiple geographies.
• Expertise in coordinating and managing multiple incidents simultaneously.
• Proven leadership skills to maintain team morale and manage natural human responses during high-stress incidents.
• Proficiency in capturing timelines, managing all communications ensuring clarity and accuracy during incidents.
• Familiarity with cybersecurity tools and platforms and cyber threat intelligence used in incident management.
• Conducting post-incident reviews and capturing lessons identified and lessons learned.
• Experience in coordinating the transition from active incident response to business as usual.
• Superb communication skills for briefing on incident updates and emerging patterns and trends to stakeholders inc. senior leadership.
• Ability to handle high-stress situations with composure, efficiency, and integrity.
• Experience in developing and conducting incident management exercises and training.
• Strong understanding of incident response frameworks (e.g., NIST, MITRE ATT&CK).
• Skills in developing, implementing, and maintaining policies, standards, and procedures for incident management and awareness of regulatory requirements and legal considerations related to incident management.
• Knowledge of how technologies, such as automation and AI, can improve incident response and ways of working.
• Familiarity with the most recent security threats affecting large enterprises, incident lifecycle, and standard methodologies for managing incidents.
• Comprehensive understanding of a large, complex operational landscape and emerging attack vectors, trends, and developments in cybersecurity.
• Ability to establish relationships with internal colleagues and externals partners, including third-party service providers and vendors.
• Experience with a broad range of security and non-security related enterprise technologies (e.g., EDR, SOAR, and SIEM).
• Desirable - completion of relevant training courses such as the SANS GIAC LDR553, SEC504, FOR508, FOR572; certifications (or equivalents) are desirable but not a requirement.

About us Our vision at Tesco is to become every customer's favourite way to shop, whether they are at home or out on the move. Our core purpose is ‘Serving our customers, communities and planet a little better every day’. Serving means more than a transactional relationship with our customers. It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of and for the planet.    We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves. At Tesco, we not only celebrate diversity, but recognise the value and opportunity it brings. We're committed to creating a workplace where differences are valued, and make sure that all colleagues are given the same opportunities. We’re proud to have been accredited Disability Confident Leader and we’re committed to providing a fully inclusive and accessible recruitment process. For further information on the accessibility support we can offer, please click here.    We’re a big business and we can offer a range of diverse full-time & part-time working patterns across our many business areas, which means that we can find something that works for you.  We work in a more blended pattern - combining office and remote working.  Our offices will continue to be where we connect, collaborate and innovate.  If you are applying internally, please speak to the Hiring Manager about how this can work for you - Everyone is welcome at Tesco.