Our vision here at Tesco is to become every customer's favourite way to shop, whether they are at home, out shopping, on the move, anywhere in the world.
We want our customers to be inspired and whatever they are looking for, we’re finding bigger and better ways to provide it.
Everything is underpinned by our continuous drive for the best tools and technology to deliver our vision. We’re driving innovation and transforming our Technology to become the world’s leading retailer.
We need people who share our ambition to deliver for our customers; Passionate and confident people willing to take the initiative and drive us forwards. In return we offer excitement, a great team, an excellent benefit package, and significant career development opportunities.
Joining us means playing a part in defining; building and launching an ambitious roadmap of digital products that could affect the lives of millions of people over the years to come.
If that sounds exciting then we'd love to hear from you.
The position will be based at our Head Office in Welwyn Garden City
About The Technology Security Team
The Tesco security team work collaboratively with our engineering teams to support security throughout the development lifecycle, as well as to build proactive monitoring and responses to security events. We are the eyes and ears of the organisation using the latest technologies to increase visibility and protection of our systems, services and data to reduce risk and impact to our customers, colleagues and business. We need to stay ahead of the latest threats, continuously improving our tooling, training and processes.
The Role – Security Engineer
Security Engineers require a broad knowledge of security engineering as well as a deeper knowledge in one or more specific areas. Security Engineers are responsible for delivering quality advice and guidance to Technology teams in order to make Tesco systems secure. This could be through threat modelling, vulnerability management, code review, design review, etc. Security Engineers strive to educate colleagues throughout Technology so they are empowered to make their systems more secure.
Whilst specific responsibilities will be dependent upon the changing needs of the Tesco business, the following provides an overview of the role’s key responsibilities and measures:
- Follow our Business Code of Conduct always acting with integrity and due diligence
- Represent the Technology Security team and assist other engineering teams in adhering to secure design principles.
- Help teams deliver secure solutions displaying a flexible agile approach by embracing emerging technologies, all working together in a robust technical ecosystem.
- Work closely and collaboratively with engineering and product teams
- Be a problem solver using past engineering experience to create and deliver innovative solutions
- Provide hands on direction during the design and development of applications utilising a threat-based approach to support the business strategy.
- Collaborate closely with colleagues within the wider global Technology Security organisation and technology departments as well as the business to establish effective, productive relationships
- Execute threat modelling activities during agile iterations.
- Am involved in and may lead incidents which occur on our systems with regards to technology security.
- Provide targeted application security requirements based on design, threats, industry best practices, and Tesco specific policy.
- Influence delivery teams in the prioritisation of security activities and issue remediation.
- Perform manual code reviews, open source software evaluations, and tests as needed.
- Drive vulnerability management improvements
- Drive improvements for use cases for the security operations team
- Drive adoption of new tools and techniques being able to understand their value and impact.
- Keep technical skills up to date and keep track of new technologies, understanding how they might benefit the Technology team and wider Tesco.
- Share knowledge with the wider engineering community.
- Champion continuous improvement within the department.
This role will best suit an individual who enjoys working as part of a team, is well organised, pragmatic and a lateral thinker with an inquisitive mind who is motivated to make change for the better and, most importantly, puts our customers first.
Key Skills and Experience
You’ll need to have demonstrated experience of:
- Previous experience working in a DevOps environment and leading teams to deliver secure code in an automated way.
- Strong troubleshooting skills.
- Experience in the Information Technology field.
- Technical hands on exposure to the various security products within an Enterprise environment (e.g. SAST).
- Excellent Stakeholder management
- Technical skills as appropriate to specialism, SIEM, Threat hunting, Vulnerability Management, Threat modelling, etc.
- One or more of the following certifications: Security+, CEH, SANS GIAC, SSCP, CISSP, CSSLP, CISA, CISM.
- Ideally an ability to write small tools using one of Python, Ruby, Go, Perl, PHP etc.
- Flexibility, ability to plan and organise, responsiveness, creativity, self-starter
- Able to build solid working relationships with peers and senior leadership
- Ability to demonstrate strong written, verbal communication and presentation skills to all levels of seniority and disciplines within the organisation.