Overview

Join to apply for the Cyber Security Partner (II) role at Tesco.

As a Cyber Security Partner, you will transform the security maturity of key product areas and teams. You will be the face of the security group for them, operating in the context of the product, its roadmap, risk acceptance level, technology stack, and architecture.

You will build a comprehensive understanding of the threat landscape and its potential risks to the business. Through effective partnership, you will engage leadership to make well-informed decisions about security and privacy.

About our Security Partnering team

We are a team of 15+ individuals and continuing to grow. Our team aids Tesco technology and software development teams with groundbreaking technologies across cloud and other innovative platforms at scale. We lead security partnerships to drive and be responsible for security initiatives for an engineering domain. Tesco technology comprises several domains and over 120 teams developing software who are responsible for their own security, so we act differently than a traditional security team. We’re a team of security partners, not security police, and we refer to ourselves as Security Partners, not Security Architects or Consultants.

Security Partnering is part of the Security & Capability group that offers enterprise security solutions and capabilities. Our software engineering teams have tremendous freedom and the corresponding responsibility to do the right thing for our customers. Instead of controlling our engineering teams with process and security gates, we enable them to innovate by providing security mentorship to help Tesco make the right decisions. Our engineering teams are usually willing partners in doing better security, more efficiently and earlier in the process. We want you to help us scale out and represent ourselves for the wider engineering domain.

Tesco has fully embraced DevOps and agile methodologies to develop our enterprise APIs, services and cloud capabilities. Our 100+ delivery teams use Docker, Kubernetes and microservices across Azure and AWS, so our security approach must work with elastic, fast-changing infrastructure. Our security approaches should be event-driven, real-time and effective. Weekly scans are outdated.

You will be responsible for

• Build a good understanding of the aligned verticals, the technology architecture, the criteria and constraints, the security posture and technical debts.
• Understand the threat landscape and take a risk-based approach to security.
• Drive security initiatives such as developing security requirements, threat modelling, strengthening application security, vulnerability reduction, and related activities across product areas.
• Review architecture and design for security problems and enable software development teams to use Tesco-provided security capabilities and tooling.
• Be ready to review critical code, build pipelines, deployment methods, etc., and assist teams in doing better security overall.
• Apply security and privacy principles in daily work.
• Facilitate risk remediation and challenge decisions and the status quo.
• Facilitate assurance activities like penetration testing, purple testing, and application assurance.
• Develop quarterly/monthly plans for security activities and collaborate with team members.
• Be an evangelist for security and contribute to strengthening Tesco's internal policies and standards.

You will need

• Strong written and verbal communication skills.
• Strong problem solving, analytical and computational skills.
• Ability to drive tactical vs. strategic decision making.
• Advocate for change.
• Experience with customer-facing solutions, web technologies, payment systems, content delivery networks, REST APIs, microservices, and modern application development.
• Understanding of the growing threat landscape and ability to identify business risks.
• Good understanding of public cloud services and various architecture patterns.
• Good understanding of software, network and infrastructure security.
• Deeper understanding of application security and DevSecOps (shift-left culture).
• General security principles, privacy principles, and industry standards such as NIST, ISO27001, CIS, MITRE framework.
• Preferred Azure or AWS cloud security certifications.

What’s in it for you?

• Annual bonus scheme of up to 20% of base salary
• Holiday starting at 25 days plus a personal day (plus Bank holidays)
• Private medical insurance
• 26 weeks maternity and adoption leave (after 1 year of service) with additional leave options
• Free 24/7 virtual GP service, EAP for you and your family, and access to wellbeing support

About Us

Our vision at Tesco is to become every customer’s favourite way to shop. Our core purpose is to serve customers, communities and the planet better every day. We are committed to an inclusive culture and accessible recruitment. We offer flexible working patterns and a blended office/remote environment. If you are applying internally, please discuss with the Hiring Manager about how this can work for you.