Application Security Engineer

What’s in it for you

We’re all about the little helps. That’s why we give our wonderful colleagues bags of benefits. Including wellbeing services, an award-winning pension scheme and much, much more, our colleague reward package keeps on giving. And helps make every day a little better for you and your family. These include but are not limited to:

• Annual bonus scheme of up to 20% of base salary
• Holiday starting at 25 days plus a personal day (plus Bank holidays)
• Buy holiday salary sacrifice scheme (for salaried roles)
• Private medical insurance
• Retirement savings plan - save between 4% and 7.5% and Tesco will match your contribution
• Life Assurance - 5 x contractual pay
• 26 weeks maternity and adoption leave (after 1 years’ service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 4 weeks fully paid paternity leave
• The right to request flexible working from your first day with us
• Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing
• A Colleague Clubcard for you & a family member (after 3 months of service), giving you access to lots of discounts in-store & online
• Great colleague deals and discounts, saving you money on everyday purchases, eating out and utility bills for the home
• Access to our colleague networks providing a space for colleagues to come together from a range of backgrounds. For more information about our colleague networks please click here
• Opportunities to get on - take advantage of our ongoing learning opportunities and award-winning training, to help you achieve the job and career you want

Click Here to read more about the full range of benefits we have available for our colleagues

About the role

About The Cyber Security Team

Our cyber security team are the eyes and ears of our organisation. We use the newest technologies to increase visibility and protection of systems, services, and data. To do this we need to stay ahead of the latest threats and continuously improve our tooling, techniques, and processes.

Responsible for developing and running security processes day-to-day for the Tesco Group, we’re continually working to step change security capability to further enhance the protection and controls that we offer for our customers and colleagues across the UK, Europe and Asia, and we’re looking to add phenomenal people to our growing team.

We believe that skilled and passionate people are our greatest asset in reducing risk to our business and customers. We encourage and support continual development, learning, and recognise the importance of keeping up with changes in technology and an evolving threat landscape.

Communication is key – working collaboratively with our software and systems engineering teams to support security throughout the development lifecycle, as well as to build proactive monitoring and responses to security events.

An exciting opportunity to join a leading Technology company and play an influential part in their continued dedication to Application Security.

Security Engineers play major and leading role in protecting Tesco against security risks, with influence to implement innovative measures to minimise exposures and vulnerabilities. Whether engineering a system to address a technical security hurdle, protecting our customers' data, or consulting on a wide range of security topics, you are empowered to engage and lead multi-functionally.

You will have a systems engineering / administration background with a passion for security and a goal of moving a more security focussed role.

In this role, you would be working alongside experienced application security engineers to identify gaps in software engineering practices and recommend appropriate streamlined security solutions that fit with their existing ways of working.

We know life looks a little different for each of us. That’s why at Tesco, we always welcome chats about flexible working. Some people are at the start of their careers, some want the freedom to do the things they love. Others are going through life-changing moments like becoming a carer, nearing retirement, adapting to parenthood, or something else. So, talk to us throughout your application about how we can support.

You will be responsible for

In this role, you can expect to:

• Help identify gaps in software engineering practices and select appropriate application security tooling that fits within their software development practices
• Work using agile practices I.e. scrum
• Help deliver training on our core application security products to both security and engineering teams
• Write and deliver easy to consume wiki content on the application security products we provide to the business
• Promote security best practices across the business
• Help build automation and monitoring to enforce security policies and detect threats
• Help build safe-by-default guardrails for engineers to use

You will need

Core Technical Skills

• Proficient in at least one scripting or programming language: Python, JavaScript, Java
• Experience of supporting, administering, and building cloud infrastructure (preferably Azure)
• Experience configuring at least one continuous integration tool i.e. Jenkins, GitHub Actions, Azure DevOps
• Proven experience operating & administrating Linux distributions, including RHEL, Ubuntu & CentOS
• Understanding of containerization and container orchestration (Docker & Kubernetes)
• Strong operations & technical troubleshooting experience

Good to haves:

• Understanding of the SDLC and some of the common tools, including JIRA, Git, GitHub, and Nexus
• Good understanding of architecture and design principles
• Understanding of common Application Security Tooling (SCA/SAST/DAST/IaC Security)
• Knowledge of OWASP Top 10, Mitre Top 25 and CVSS frameworks, mapping to business risk

Soft Skills

• A good communicator with proven written and verbal communication skills.
• A team player who is not afraid to get stuck in and work collaboratively.

About us

Our vision at Tesco is to become every customer's favourite way to shop, whether they are at home or out on the move. Our core purpose is ‘Serving our customers, communities and planet a little better every day’. Serving means more than a transactional relationship with our customers. It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of and for the planet.

We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves. At Tesco, we not only celebrate diversity, but recognise the value and opportunity it brings. We're committed to creating a workplace where differences are valued, and make sure that all colleagues are given the same opportunities. We’re proud to have been accredited Disability Confident Leader and we’re committed to providing a fully inclusive and accessible recruitment process. For further information on the accessibility support we can offer, please click here.

We’re a big business and we can offer a range of diverse full-time & part-time working patterns across our many business areas, which means that we can find something that works for you.  We work in a more blended pattern -combining office and remote working.  Our offices will continue to be where we connect, collaborate and innovate.