We are the trusted security advisors for Tesco Technology. Our purpose is to collaborate seamlessly with the product and engineering teams, leveraging our deep expertise in cyber security to design and implement robust, resilient solutions that protect our business and customers from cyber threats. We are a dynamic and expanding global team of 15+ experts, serving as the strategic link between the wider security group and software engineering teams that develop cutting-edge services at scale to support the retail business.
This groundbreaking opportunity gives you the chance to work as the Security Partner for chosen verticals within the engineering domain. You will be part of a dynamic team that supports Tesco technology and software development teams across cloud and other innovative technologies at scale.
Responsibilities:
1. Build a good understanding of the aligned verticals, the technology architecture, the criteria and constraints, the security posture, and technical debts.
2. Understand the threat landscape and take a risk-based approach to security.
3. Drive security initiatives such as developing security requirements, threat modelling, strengthening application security, vulnerability reduction, etc., across product areas.
4. Review architecture and design for security problems, enable software development teams to use security capabilities and tooling provided by Tesco.
5. Review critical code, build pipelines, deployment methods, etc., and assist teams in improving overall security.
6. Apply security and privacy principles in your daily job.
7. Facilitate risk remediation and challenge decisions and the status quo.
8. Participate in assurance activities like penetration testing, purple testing, and app assurance.
9. Develop quarterly/monthly roadmaps for security activities and plan them with collaborators.
10. Be an evangelist for security and contribute to strengthening Tesco's internal policies and standards.
Qualifications:
* Strong written and verbal communication skills.
* Strong problem-solving, analysis, and computational skills.
* Ability to drive tactical vs. strategic decision-making.
* Advocacy for change.
* Work experience in customer-facing solutions, web technologies, payment systems, content delivery networks, REST APIs, microservices, and modern application development.
* Understanding of the evolving threat landscape and ability to identify business risks.
* Good understanding of public cloud services and various architecture patterns.
* Strong grasp of software, network, and infrastructure security.
* Deep understanding of application security and DevSecOps (shift-left culture).
* Knowledge of general security principles, privacy principles, and industry standards such as NIST, ISO27001, CIS, and MITRE framework.
* Preferred Azure or AWS cloud security certifications.
Our vision at Tesco is to become every customer's favourite way to shop, whether they are at home or out on the move. Our core purpose is ‘Serving our customers, communities and planet a little better every day’. Serving means more than a transactional relationship with our customers. It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of, and for the planet.
We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves. We celebrate diversity and recognize the value and opportunity it brings. We are committed to creating a workplace where differences are valued, and all colleagues are given equal opportunities. We’re proud to be a Disability Confident Leader and are committed to providing an accessible recruitment process. For accessibility support, please click here.
We offer diverse full-time & part-time working patterns across our business areas, combining office and remote work. Our offices remain hubs for connection, collaboration, and innovation. If applying internally, please discuss flexible working options with the Hiring Manager. Everyone is welcome at Tesco.
#J-18808-Ljbffr