Job Title
Cyber Security Specialist - eCommerce Security
Location
Asda House
Employment Type
Full time
Contract Type
Permanent
Hours Per Week
37.5
Salary
Competitive salary plus benefits
Category
Cyber Security
Closing Date
10 May 2026
This role is responsible for embedding security into the design, development, and operation of our eCommerce and customer-facing application landscape.
You will act as the primary security partner to digital and engineering teams, ensuring that security is integrated into delivery at pace—supporting secure-by-design principles, reducing risk exposure, and protecting customer data and revenue-critical platforms.
This is a hands-on role combining application security expertise, stakeholder engagement, and pragmatic risk management within a fast-paced retail environment.
Please be advised that this position requires attendance at Asda House in Leeds for a minimum of three days per week. We’re really looking forward to having you around!
We welcome applications from candidates seeking part-time hours, flexible working arrangements, or job share opportunities.
What You’ll Love
1. Secure eCommerce and Digital PlatformsProvide security oversight and guidance across all eCommerce platforms, APIs, and customer-facing applicationsIdentify and mitigate risks relating to payment processing, authentication, session management, and data handlingSupport secure design reviews for new features, integrations, and third-party services
2. Embed Secure SDLC Practices within Asda and guide 3rd party practicesPartner with AppSec team and engineering teams to embed security into CI/CD pipelines and development workflowsDrive adoption of secure coding standards and best practices (e.g. OWASP Top 10)
3. Vulnerability and testing managementOwn the identification, triage, and remediation tracking of application-level vulnerabilitiesWork with engineering teams to prioritise fixes based on risk and business impactProvide clear reporting on application security posture and trendsAssist risk management team with pen testing prioritisation and track remediation workTranslate technical risks into clear, business-aligned recommendations
4. Cross team with with Architecture and Risk ManagementConduct threat modelling with Architecture for key systems, focusing on eCommerce journeys and customer data flowsAssess risks associated with new technologies, integrations, and architectural changesTranslate technical risks into clear, business-aligned recommendations
What You’ll Need
5. Strong experience in Application Security / Product Security
6. Experience securing web applications, APIs, and eCommerce platforms
7. Hands-on knowledge of:
8. OWASP Top 10 / ASVS
9. SAST, DAST, SCA tooling
10. Authentication (OAuth, SSO, MFA), session management
11. Experience working with engineering teams in Agile / DevOps environments
12. Ability to translate security into pragmatic, delivery-focused guidance
Desirable:
13. Experience in retail / eCommerce environments
14. Familiarity with payment security (PCI DSS, tokenisation, payment gateways)
15. Experience with cloud-native applications (Azure preferred)
16. Knowledge of Microsoft security stack (Defender, Sentinel, etc.)
17. Exposure to bug bounty / penetration testing / red teaming outputs
What Success Looks Like
18. Security is embedded into eCommerce and application delivery, with teams engaging early and adopting secure-by-design practices
19. Measurable reduction in critical and high-risk application vulnerabilities, with improved remediation times
20. Engineering teams take ownership of security, with secure coding and tooling consistently adopted across pipelines
21. Clear, business-aligned visibility of application security risk, particularly across customer journeys and payment flows
22. Trusted partner to digital and engineering teams, influencing decisions without slowing delivery
Apply today by completing an online application…
#LI-ES1 #LI-Hybrid
Everything you'll love
To ensure we balance moments where we know we need to collaborate together and the need for flexibility, Asda has a hybrid way of working with a minimum 3 days a week in one of our Home Offices. Over and above this, each area of Asda may have additional requirements which may require spending more days in the office, visiting suppliers, stores or depots.
You will also get an excellent benefits package including:
23. Discretionary company bonus
24. Company pension up to 7% matched
25. Company Car allowance of £5,700
26. 15% colleague discount in store and online
27. Free access to wellbeing services such as Stream, 24/7 virtual GP, counselling, health and dental cash plans and a 24/7 employee assistance helpline, alongside discounts across a range of services and activities, from airport parking, enhanced to theme parks and cinemas.
28. Asda Allies Inclusion Networks – helping colleagues to make sure everybody is included and that our differences are recognised and celebrated
29. Excellent parental leave policies, including maternity & adoption leave, paternity leave, shared parental leave, neonatal care leave, and support for those doing fertility treatments.
We want all colleagues to be able to bring their best and true selves to work, every day. Simply put, we want our colleagues to be Proud to be Asda and proud to be themselves