Job Title

About the role About the Security Partners team: We are the trusted security advisors for Tesco Technology. Our purpose is to collaborate seamlessly with product and engineering stakeholders, leveraging our deep expertise in cyber security to design and implement robust, resilient solutions that protect our business and customers from cyber threats. We are a dynamic and expanding global team of 15+ experts, serving as the strategic link between the wider security group and software engineering teams that develop cutting-edge services at scale to support the retail business. Tesco Technology comprises several technology domains with over 100+ teams, each entrusted with their own security. These teams enjoy significant autonomy, balanced by the responsibility to make customer-centric decisions and security. Rather than imposing controls through rigid processes and security gates, we empower these engineering teams to innovate by providing security guidance that helps them make informed decisions for Tesco. Encouragingly, these teams are enthusiastic partners in enhancing security, working more efficiently, and integrating security into every aspect of their ways of working. This collaborative approach sets us apart from traditional security teams. We proudly identify ourselves as Security Partners, not security police, emphasizing our role as the "trusted advisors" rather than enforcers. Partners engage key people in engineering to make security contextual and frictionless. After all, security is a journey and there is no one-size-fits-all. Join the team and be part of this exciting journey! The position will be based at our Tesco Technology offices in Farringdon, London. The Role As a Security Partner, you will deeply engage within product areas and influence the way security is delivered by them. You will be supported by experts in the team, nonetheless. To achieve this, you are good at secure design principles, cloud security, secure development practices and patterns, application security, secure pipelines, open-source security and related. And not to mention, you are versatile to learn anything that comes along your way. Being the trusted advisor As enterprise applications become more distributed, adaptive to technological advancements, and run from hybrid infrastructure, teams need to navigate through different complexities and make key security decisions along the way. A trusted security advisor empowers teams to achieve scalable and sustainable security maturity throughout the SDLC process. What is in it for you We're all about the little helps. That's why we make sure our Tesco colleague benefits package takes care of you - both in and out of work. Click Here to find out more! Annual bonus scheme of up to 20% of base salary Holiday starting at 25 days plus a personal day (plus Bank holidays) Private medical insurance 26 weeks maternity and adoption leave (after 1 year's service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, plus 4 weeks fully paid paternity leave Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing You will be responsible for Following our Business Code of Conduct and always acting with integrity and due diligence, with these specific risk responsibilities: Develop in-depth understanding of the product area, engage with key product and technical people for assessing the security and privacy controls. Engage teams in security roadmap discussions and continuously improve security posture of what they build. Demonstrate how weaknesses in design or code can be exploited. Translate technical risks into business risks and potential impact to Tesco. Engage security champions, key developers, and offer technical advisory to support security initiatives and vulnerability remediation. Participate in key product and architecture decisions to embed security. Perform product security activities, from security requirements, architecture reviews, threat modelling, to application security, supply-chain risks, securing secrets, pipelines, vulnerability reviews, and infrastructure security. Develop and propose security controls or compensating measures, seeking tactical and strategic solutions to enhance security. Lead teams on security by design and security by default. Support adoption of new security capabilities across people, processes, and tools. Be ready to code, e.g., raise a PR to resolve security issues. Participate in assurance activities like security testing, purple teaming, auditing. Empower teams, challenge the status quo. Advocate for good security, contribute to standards and policies. Commit to continuous improvement, seize opportunities, inspire change. You will need To excel, you should have: Hands-on product security experience: requirements, architecture review, design principles, application security, pipeline security, infrastructure, monitoring. Experience leading security initiatives, DevSecOps practices with engineering teams. Threat modelling and designing security/privacy controls to mitigate risks. Experience with application security, supply chain security, tools like SAST, DAST, SCA, IAC. Code review experience to identify weaknesses and suggest mitigations. Knowledge of industry standards like OWASP ASVS, OWASP Top 10, CIS controls. Understanding of web apps, REST APIs, microservices, event-driven architectures, mobile apps. Experience with cloud-native and hybrid architectures, containers, Kubernetes. Some development experience (Java, cloud, Golang, Python) is a plus. Degree in computer science, information systems, engineering, or equivalent experience. Knowledge of regulations like GDPR, PCI-DSS is desirable. Cloud security certifications (Azure, AWS) are desirable. Good communication, listening, influencing skills. About us Our vision at Tesco: to become every customer's favourite way to shop. Our purpose: 'Serving our customers, communities and planet a little better every day'. We aim to act responsibly and sustainably, valuing diversity and inclusion. We are committed to accessibility and equal opportunities. Our flexible working patterns include office and remote options. Everyone is welcome at Tesco.#J-18808-Ljbffr