Cyber Security Specialist - eCommerce Security
Location: Asda House, Leeds
Employment Type: Full time
Contract Type: Permanent
Hours Per Week: 37.5
Salary: Competitive salary plus benefits
Category: Cyber Security
Closing Date: 10 May 2026
This role is responsible for embedding security into the design, development, and operation of our eCommerce and customer‑facing application landscape.
You will act as the primary security partner to digital and engineering teams, ensuring that security is integrated into delivery at pace—supporting secure‑by‑design principles, reducing risk exposure, and protecting customer data and revenue‑critical platforms.
This is a hands‑on role combining application security expertise, stakeholder engagement, and pragmatic risk management within a fast‑paced retail environment.
Attendance at Asda House in Leeds for a minimum of three days per week is required.
What You’ll Love
* Secure eCommerce and Digital Platforms
o Provide security oversight and guidance across all eCommerce platforms, APIs, and customer‑facing applications
o Identify and mitigate risks relating to payment processing, authentication, session management, and data handling
o Support secure design reviews for new features, integrations, and third‑party services
* Embed Secure SDLC Practices within Asda and guide 3rd party practices
o Partner with AppSec team and engineering teams to embed security into CI/CD pipelines and development workflows
o Drive adoption of secure coding standards and best practices (e.g. OWASP Top 10)
* Vulnerability and testing management
o Own the identification, triage, and remediation tracking of application‑level vulnerabilities
o Work with engineering teams to prioritise fixes based on risk and business impact
o Provide clear reporting on application security posture and trends
o Assist risk management team with pen testing prioritisation and track remediation work
o Translate technical risks into clear, business‑aligned recommendations
* Cross‑team with Architecture and Risk Management
o Conduct threat modelling with Architecture for key systems, focusing on eCommerce journeys and customer data flows
o Assess risks associated with new technologies, integrations, and architectural changes
o Translate technical risks into clear, business‑aligned recommendations
What You’ll Need
* Strong experience in Application Security / Product Security
* Experience securing web applications, APIs, and eCommerce platforms
* Hands‑on knowledge of:
o OWASP Top 10 / ASVS
o SAST, DAST, SCA tooling
o Authentication (OAuth, SSO, MFA), session management
* Experience working with engineering teams in Agile / DevOps environments
* Ability to translate security into pragmatic, delivery‑focused guidance
Desirable
* Experience in retail / eCommerce environments
* Familiarity with payment security (PCI DSS, tokenisation, payment gateways)
* Experience with cloud‑native applications (Azure preferred)
* Knowledge of Microsoft security stack (Defender, Sentinel, etc.)
* Exposure to bug bounty / penetration testing / red teaming outputs
What Success Looks Like
* Security is embedded into eCommerce and application delivery, with teams engaging early and adopting secure‑by‑design practices
* Measurable reduction in critical and high‑risk application vulnerabilities, with improved remediation times
* Engineering teams take ownership of security, with secure coding and tooling consistently adopted across pipelines
* Clear, business‑aligned visibility of application security risk, particularly across customer journeys and payment flows
* Trusted partner to digital and engineering teams, influencing decisions without slowing delivery
Benefits
* Discretionary company bonus
* Company pension up to 7% matched
* Company Car allowance of £5,700
* 15% colleague discount in store and online
* Free access to wellbeing services such as Stream, 24/7 virtual GP, counselling, health and dental cash plans and a 24/7 employee assistance helpline, alongside discounts across a range of services and activities, from airport parking, enhanced to theme parks and cinemas.
* Asda Allies Inclusion Networks – helping colleagues to make sure everybody is included and that our differences are recognised and celebrated
* Excellent parental leave policies, including maternity & adoption leave, paternity leave, shared parental leave, neonatal care leave, and support for those doing fertility treatments.
J-18808-Ljbffr