Senior Application Security Engineer

What’s in it for you

We offer excellent benefits that help make Tesco a great place to work!  These include but are not limited to:

• Annual bonus scheme
• Holiday starting at 25 days plus a personal day (and bank holidays)
• Great colleague discounts and deals, saving you money on everyday purchases, utility bills for the home and more
• Retirement savings plan – save between 4% and 7.5% and Tesco will match your contribution
• Buy as you earn and Save as you earn share schemes
• Opportunities to get on – take advantage of our ongoing learning opportunities and award-winning training to help you achieve the career you want

About the role

Our cyber security team are the eyes and ears of our organisation. We use the latest technologies to increase visibility and protection of systems, services and data. To do this we need to stay ahead of the latest threats and continuously improve our tooling, techniques, and processes.

Responsible for developing and running security processes day-to-day for the Tesco Group, we’re continually working to step change security capability to further enhance the protection and controls that we offer for our customers and colleagues across the UK, Europe and Asia, and we’re looking to add great people to our growing team.

We believe that skilled and passionate people are our greatest asset in reducing risk to our business and customers. We encourage and support continual development, learning, and recognise the importance of keeping up with changes in technology and an evolving threat landscape.

Communication is key – working collaboratively with our software and systems engineering teams to support security throughout the development lifecycle, as well as to build proactive monitoring and responses to security events.

An exciting opportunity to join a leading Technology company and play an influential part in their continued commitment to Application Security.

Security Engineers play major and leading role in protecting Tesco against security risks, with influence to implement cutting-edge measures to minimise exposures and vulnerabilities. Whether engineering a system to address a technical security hurdle, protecting our customers' data, or consulting on a wide range of security topics, you are empowered to engage and lead cross-functionally.

You are an application security expert with a strong engineering background and a knack for working collaboratively with the engineering team. You communicate clearly, present reasonable security trade-offs to the business, and work to create real world practical solutions that reduce our security risk.

You will be responsible for

• Drive improvements to Tesco’s security posture through strategic planning and collaboration with both development and infrastructure teams, with trust, autonomy and influence.
• Provide subject matter expertise on all areas of security and privacy throughout the Software Development lifecycle
• Have a deep understanding of agile working practices i.e. Scrum
• Be able to identify gaps in software engineering practices and recommend appropriate frictionless security solutions
• Ability to deliver training of core products to both security and engineering teams
• Documenting easy to consume guidance on products portfolio
• Evangelise security best practices
• Build automation and monitoring to enforce security policies and detect threats
• Build safe-by-default guardrails for engineers to use
• Present findings and explain impact and solutions to any level of leadership and other engineers
• To contribute to security strategy, security tooling selection and creation

You will need

Core Technical Skills

• Proficient in one of the following programming languages: Python, JavaScript, Java
• Experience of security in a DevOps environment
• Experience in web application penetration testing and security tooling (Burp proxy, Web/Network Scanners, Static code analysers, etc)
• Deep understanding of web application and API security
• An understanding of microservices and container orchestration
• Coding experience for automating/integrating security tools and creation of security tools

Experience

• Solid understanding of Application Security Tooling (SAST/DAST/IAST/SCA)
• Familiarity with OWASP Top 10, Mitre Top 25 and CVSS frameworks, mapping to business risk
• Experience in implementing security into different stages of a DevOps lifecycle

Soft Skills

• A good communicator with solid written and oral communication skills
• A team player who is not afraid to get stuck in and work collaboratively
• An ability to translate technical to business risk when assessing software vulnerabilities

About us

Our vision at Tesco is to become every customer’s favourite way to shop, whether they are at home or out on the move.  Our core purpose is “Serving our customers, communities and planet a little better every day”.  Serving means more than a transactional relationship with our customers.  It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of, and for the planet.

We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves.  At Tesco, we not only celebrate diversity, but recognise the value and opportunity it brings.  We’re committed to creating a workplace where differences are valued, and make sure that all colleagues are given the same opportunities.  We’re a big business with diverse working patterns and many business areas which means that we can find something that works for you.  Everyone is welcome at Tesco.

We have recently announced that we are moving to a more blended working week – combining office and remote working.  Our offices continue to be where we connect, collaborate and innovate.  Talk to us about how this can work for you.

Note: Should you be successful in your application, your employment will be subject to and conditional upon you providing your bank account details on your agreed start date.