Security Analyst CTI

Tesco UK  •  Welwyn Garden City  •  Full-Time  •  Apply by 01-Jun-2025 About the role

Our Cyber Threat Intelligence (CTI) team drives proactive cybersecurity defence by collecting, analysing, and disseminating actionable intelligence to protect the

organisation from evolving threats. We focus on anticipating and mitigating risks by identifying emerging threats and reducing uncertainty. Our CTI team

collaborates closely with internal teams, including Security Operations, Incident Response, Vulnerability Management, and Security Engineering, as well as

external intelligence-sharing communities, to enhance detection, response, and our understanding of the global threat landscape. We are committed to

continuous improvement, evolving our tools, processes, and methodologies to ensure Tesco remains secure. If you’re looking to join a forward-thinking team that

values impactful collaboration and a shared mission to protect a leading organisation, the CTI team at Tesco could be the perfect fit for you.

As a Security Analyst in the CTI team, you will be responsible for delivering day-to-day operations, including the collection, processing, and analysis of threat

intelligence to produce actionable insights. You will support strategic and operational intelligence initiatives by researching, monitoring, and assessing cyber

threats, tactics, techniques, and procedures (TTPs), and ensuring it is shared with our teams. Additionally, you will engage in tactical intelligence activities to

help detect and respond to immediate threats. You will also play an active role in improving the overall service capability and helping reduce cyber threats.

What is in it for you

We’re all about the little helps. That’s why we make sure our Tesco colleague benefits package takes care of you – both in and out of work. Click Here to find out more! 

 Annual bonus scheme of up to 20% of base salary 

Holiday starting at 25 days plus a personal day (plus Bank holidays) 

Private medical insurance 

26 weeks maternity and adoption leave (after 1 years’ service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 4 weeks fully paid paternity leave 

Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing 

You will be responsible for

• Delivering day-to-day CTI operations consistent with Standard Operating Procedures for high-quality service delivery.
• Improving CTI workflows, tools, and methodologies with automation to improve effectiveness and efficiency.
• CTI service continuous improvement, focusing on quality to maintain high standards, and supporting audits.
• Threat Intelligence Collection, Analysis and Product
• Staying close to the threat landscape and threat actors, tools, and techniques.
• Collecting information from various open, closed, and proprietary sources.
• Conduct comprehensive analysis of, and understand, adversary TTPs.
• Conducting intrusion analysis to identify and understand unauthorised access attempts and activities.
• Analysis of complex structured and unstructured datasets to identify trends, patterns, correlations, and risks.
• Ensuring Threat Intelligence Platforms, SIEMs, and endpoint detection platforms are used to correlate threats.
• Delivering high-quality strategic, operational, and tactical intelligence products for internal/and trusted external stakeholders.
• Collaboration and Support
• Supporting Security Operations, Threat Hunting, and engineering teams through prioritised intelligence requirements.
• · Aligning to cyber frameworks such as MITRE ATT&CK, Cyber Kill Chain, Pyramid of Pain, and Diamond Model to contextualise threats.

You will need • Data Analysis and Intelligence • Proven analytical skills of large complex structured and unstructured datasets using query languages. • Experience of intelligence collection and processing techniques, including OSINT. • Exposure to Structured Analytic Techniques (like ACH) and quantitative methods. • Application of cyber frameworks like MITRE ATT&CK, Cyber Kill Chain, and Diamond Model in pursuit of producing high-quality intelligence. • Assisting with malware triage, including static and dynamic analysis, to identify and mitigate threats • Awareness of emerging threat trends, tools, and techniques. • Hands-on problem-solving and critical thinking skills. • Proficiency in scripting and processing tools (e.g., Python, PowerShell, Excel) for analysis, task automation, and workflow improvements. • Broad knowledge of cybersecurity domain and security controls and their role in mitigating threats. • Strong Communication both written and verbal skills to produce tailored intelligence products for all levels • Collaborating with the shared pursuit of securing the business, whilst fostering trust and belief in each other. • Continuous Improvement and Adaptation , Proactive, attention to detail and curious. • Commitment to continuous improvement through workflow optimisation and automation.
About us

Our vision at Tesco is to become every customer's favourite way to shop, whether they are at home or out on the move. Our core purpose is ‘Serving our customers, communities and planet a little better every day’. Serving means more than a transactional relationship with our customers. It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of and for the planet.

We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves. At Tesco, we not only celebrate diversity, but recognise the value and opportunity it brings. We're committed to creating a workplace where differences are valued, and make sure that all colleagues are given the same opportunities. We’re proud to have been accredited Disability Confident Leader and we’re committed to providing a fully inclusive and accessible recruitment process. For further information on the accessibility support we can offer, please click here.

 We’re a big business and we can offer a range of diverse full-time & part-time working patterns across our many business areas, which means that we can find something that works for you. We work in a more blended pattern - combining office and remote working. Our offices will continue to be where we connect, collaborate and innovate. If you are applying internally, please speak to the Hiring Manager about how this can work for you - Everyone is welcome at Tesco