About The Role We are committed to align with the digital advancements at Tesco and secure the new technologies that enable our business to have a superior focus on serving our customers, communities, and planet. Security Software Developer within the Application Security Architecture Team at Tesco Technology will be responsible to perform the research and development of security packages (i.e., code snippet or block) that will be managed centrally to deliver the security design as code, policy as code, security configuration as code and security extensions. Your work will empower software development teams across the organisation to seamlessly integrate and enable security defaults in technology stacks within software systems, accelerate the adoption security design patterns and strengthen overall security of Applications, APIs, Cloud-native, Mobile, DevOps and Big Data systems. Research for security patterns in commonly used and emerging tech stacks, and develop the code snippets or blocks to harden the software tech stacks as reusable security packages. Collaborate with high skilled developer community to understand the security implementation challenges through prototypes, and address feedback to standardise the common security patterns with tech stacks. Deliver reuseable security packages or security hardened tech stacks to seamlessly integrate into diverse development projects. Providing expert guidance and support to ensure the seamless implementation of security packages. Drive the beta trials with selected software engineering teams before general release. Your work will focus on enabling software development teams to enhance the software security. Increase adherence to technology specific security design standards and provide guidance for the implementation of product security backlog item that are covered by these security packages. Collaborate with security champions across software engineering teams, and advocate for secure coding practices and the integration of security at every stage of the software development lifecycle. Proficiency in multiple programming languages such as Python, JavaScript with a strong emphasis on Java (Micronaut/Spring Boot). Security design thinking with Threat Modelling and secure coding techniques. Deep understanding of authentication, authorisation, cryptography, integration, etc. 7 years of hands-on software development experience with a focus on security-focused development. Experience in developing APIs with RESTful services, GraphQL, gRPC. Familiarity in Node.js for server-side development a plus. Experience with both SQL/NoSQL databases such as Couchbase/Redis, and knowledgeable in microservices architectures and their security implications. Experience with container technologies (Docker, Kubernetes), DevOps (GitHub Actions) and GitOps tools. Experience with cloud-native services (Azure, etc.) and Infrastructure as Code (IaC) tools (Terraform, etc.) Familiarity with security tools and frameworks such as OWASP Top 10, NIST & MITRE ATT&CK. Effective communication and ability to collaborate with cross-functional teams to integrate security practices.