Overview

Cyber Security Partner to transform the security maturity of key product areas and teams. You will be the face of the security group for these domains, operating in the context of the product, roadmap, risk acceptance level, technology stack and architecture.

You build an understanding of the threat landscape and engage leadership to make well-informed decisions about security and privacy.

About the Security Partnering team

We are a team of 15+ individuals, growing, aiding Tesco technology and software development teams with cloud and other innovative platforms at scale. We lead security initiatives for engineering domains and act as Security Partners, not Security Police or Security Architects/Consultants. The Security Partnering team is part of the Security & Capability group, enabling engineering teams to innovate by providing security mentorship and practical security capabilities.

Tesco embraces DevOps and agile methodologies to develop enterprise APIs, services and cloud capabilities. With 100+ delivery teams using Docker, Kubernetes and microservices across Azure and AWS, our security approach is elastic, event-driven, real-time and practical.

Responsibilities

• Build a good understanding of the aligned verticals, technology architecture, security posture, criteria, constraints and technical debt.
• Understand the threat landscape and take a risk-based approach to security.
• Drive security initiatives such as developing security requirements, threat modelling, strengthening application security and vulnerability reduction across product areas.
• Review architecture and design for security issues and enable software development teams to use Tesco-provided security capabilities and tooling.
• Review critical code, build pipelines and deployment methods; assist teams in improving security overall.
• Apply security and privacy principles in daily work.
• Facilitate risk remediation and challenge decisions and the status quo.
• Support assurance activities like penetration testing and app assurance.
• Develop quarterly/monthly plans for security activities in collaboration with the team.
• Be an evangelist for security and contribute to strengthening Tesco's policies and standards.

What you will need

• Strong written and verbal communication skills.
• Strong problem solving, analysis and computational skills.
• Ability to drive tactical vs. strategic decision making.
• Advocate for change.
• Experience with customer-facing solutions, web technologies, payment systems, content delivery networks, REST APIs, microservices and modern application development.
• Understanding of the evolving threat landscape and ability to identify business risks.
• Good understanding of public cloud services and architecture patterns.
• Knowledge of software, network and infrastructure security.
• Deeper understanding of application security and DevSecOps (shift-left).
• General security and privacy principles, and industry standards (NIST, ISO27001, CIS, MITRE).
• Preferred Azure or AWS cloud security certifications.

Benefits

• Annual bonus scheme of up to 20% of base salary
• Holiday starting at 25 days plus personal day and bank holidays
• Private medical insurance
• Parental leave and extended benefits
• Private medical and wellbeing support, EAP and 24/7 virtual GP

About Tesco

Our vision is to become every customer's favourite way to shop. We are committed to an inclusive culture, diversity, and accessibility in recruitment. Tesco supports flexible patterns and a blended office/remote working arrangement. If applying internally, discuss arrangements with the Hiring Manager.

Locations

London, England, United Kingdom (various postings and active opportunities in the area).