About the role
We are the trusted security advisors for Tesco Technology. Our purpose is to collaborate seamlessly with the product and engineering teams, leveraging our deep expertise in cyber security to design and implement robust, resilient solutions that protect our business and customers from cyber threats. We are a dynamic and expanding global team of 15+ experts, serving as the strategic link between the wider security group and software engineering teams that develop cutting‑edge services at scale to support the retail business. As a Senior Cyber Security Partner, you will transform the security maturity of key product areas and teams, acting as the face of the security group for them. Everything you do is done in the context of the product, its roadmap, risk acceptance level, technology stack, and architecture.
You will be responsible for
Provide product and engineering teams with direction and guidance on all security matters. There is a whole security group to back you up; so it is not as scary as it sounds.
Engage engineering leadership on security roadmap and oversee security posture of what they build.
Co‑own the security roadmap; discuss; prioritise; and co‑develop plans for remediation for the product areas.
Empower security champions to succeed and create a strong feedback loop for improvements.
Represent security in all product and architecture meet‑ups. Be part of critical decisions about security.
Oversee product security activities; from the early development of security requirements; architecture reviews; threat modelling; to strengthening application security; mitigating supply‑chain risks; securing secrets; pipelines; reviewing vulnerabilities; and infrastructure security.
Perform security architecture reviews of third‑party services.
You will need
Possess experience across multiple sectors and have undertaken diverse roles in engineering and security. Demonstrable accomplishments of collaborating with leadership and management on security programmes and initiatives.
Good knowledge of various security domains, and solid experience in architecture practices and design patterns – the technology might have changed but most of the security challenges have not.
Experience in designing security and privacy controls with sound understanding of standards and regulation.
Experience in threat modelling, attack trees, vulnerability chaining, applying MITRE ATT&CK framework.
Good understanding of web applications, REST APIs, micro services, eventing, modern application frameworks, and mobile apps.
Good understanding of software architecture, network topologies, SaaS, PaaS, IaaS (infrastructure as a service).
Proficient in applying industry standards such as OWASP ASVS (Application Security Verification Standard), OWASP Top 10, CIS (Centre of Internet Security) controls and benchmarks.
Whats in it for you?
Annual bonus scheme of up to 20% of base salary.
Holiday starting at 25 days plus a personal day (plus Bank holidays).
Private medical insurance.
26 weeks maternity and adoption leave (after 1 years’ service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 6 weeks fully paid paternity leave.
Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing.
About Us
Our vision at Tesco is to become every customer’s favourite way to shop, whether they are at home or out on the move. Our core purpose is ‘Serving our customers, communities and planet a little better every day’. Serving means more than a transactional relationship with our customers. It means acting as a responsible and sustainable business for all stakeholders, the communities we are part of, and for the planet.
We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves. At Tesco, we not only celebrate diversity, but recognise the value and opportunity it brings. We’re committed to creating a workplace where differences are valued, and make sure that all colleagues are given the same opportunities. We’re proud to have been accredited Disability Confident Leader and we’re committed to providing a fully inclusive and accessible recruitment process. For further information on the accessibility support we can offer, please click here.
We’re a big business and we can offer a range of diverse full‑time & part‑time working patterns across our many business areas, which means that we can find something that works for you. We work in a more blended pattern – combining office and remote working. Our offices will continue to be where we connect, collaborate and innovate. If you are applying internally, please speak to the Hiring Manager about how this can work for you – Everyone is welcome at Tesco.
#J-18808-Ljbffr