Cyber Security Partner - Product Security
The position will be based at our Tesco Technology offices in London. About the Security Partners team We are the trusted security advisors for Tesco Technology. Our purpose is to collaborate seamlessly with product and engineering stakeholders, leveraging our deep expertise in cyber security to design and implement robust, resilient solutions that protect our business and customers from cyber threats.
Overview
We are a dynamic and expanding global team of 15+ experts, serving as the strategic link between the wider security group and software engineering teams that develop cutting‑edge services at scale.
Responsibilities
* Develop in‑depth understanding of the product area and engage with key product and technical people to assess security and privacy controls.
* Engage teams in security roadmap discussions and continuously improve security posture.
* Demonstrate how weaknesses in design or code can be compromised and translate technical risks into business risks.
* Engage security champions, key developers and offer technical advisory to support completion of security initiatives and remediation of vulnerabilities or risks.
* Take part in key product and architecture decisions to embed security.
* Perform product security activities from early development of security requirements, architecture reviews, threat modelling, to strengthening application security and mitigating supply‑chain risks.
* Develop and propose security controls or compensating measures, continuously seeking tactical and strategic solutions.
* Lead teams on raising the bar on security by design and security by default.
* Assist adoption of new capabilities to enhance security across people, process and tools.
* Be ready to code and, if possible, raise a pull request to resolve a security issue.
* Participate in assurance activities such as security testing, purple testing, audits and act as an advocate for good security.
Qualifications
* Hands‑on product security experience from developing requirements, reviewing architecture and applying design principles.
* Experience leading security initiatives and dev‑sec‑ops practices with product and engineering teams.
* Experience in threat modelling and designing security/privacy controls.
* Experience in application security, supply‑chain security and using tools such as SAST, DAST, SCA, and IAC.
* Proficiency applying industry standards like OWASP ASVS, OWASP Top 10, CIS controls and benchmarks.
* Good understanding of web application, REST APIs, microservices, eventing, modern frameworks and mobile apps.
* Experience with cloud‑native and hybrid architectures, containerised workloads and Kubernetes.
* Some development experience (Java, Go, Python, cloud) is a plus.
* Degree in computer science or equivalent experience.
* Experience with regulations such as GDPR, PCI‑DSS is desirable.
* Azure or AWS cloud security certifications desirable.
* Excellent communicator, listener and influencer.
Benefits
* Annual bonus scheme of up to 20% of base salary.
* Holiday starting at 25 days plus a personal day and bank holidays.
* Private medical insurance.
* 26 weeks maternity and adoption leave at full pay, followed by statutory pay options and 6 weeks fully paid paternity leave.
* Free 24/7 virtual GP service, Employee Assistance Programme and mental wellbeing support.
Seniority Level
Mid‑Senior level
Employment Type
Full‑time
Job Function
Engineering and Information Technology
Industries
Retail
#J-18808-Ljbffr