Tesco Technology are looking for a Senior Security Engineer reporting into the Vulnerability Management team. This is an exciting opportunity for a highly motivated security focused engineer to join our expanding organisation. The scale and complexity of Tesco creates a huge opportunity for someone to apply their existing skills while developing new ones and make a difference to the millions of customers we serve. The role will involve being hands on with a focus on the availability and reliability of some of our most critical security tooling whilst automating away operational burden. Our job is to provide actionable insight into the security posture of our systems and platforms prioritising remediation activities for our engineering colleagues and system owners to remediate as well as assurance that effective security controls and guardrails are in place across our on-prem and public cloud environments. As a senior position, you’ll have the freedom to leverage your knowledge and real-world experience to work with other teams and help drive innovation across our prevention, detection, and response capabilities. When major security incidents occur, you will be working alongside other security colleagues bringing your experience to help. Building our detection, data correlation and response capabilities in the VM space. As a team we also feed into the standards and patterns for our engineering community. Evaluating new tools and techniques being able to articulate their value and impact and help lead the roadmap and strategy for Security testing. Create our own Exposure Management capabilities to feed into our assurance process so that we can demonstrate the security controls and guardrails are effective across the business. Build a range of capabilities to inform our stakeholders on the status and progress of VM remediation efforts across engineering and up to leadership and C level. Automate integrations between platforms and tooling and translating requirements into tasks & code. Use your observations from security incidents, Bug Bounty submissions and external threat intelligence to contribute to our internal detection engineering programme. Work alongside our analysts to upskill them in Vulnerability Management and look for patterns and issues that can be fixed centrally. POC assessments from our active Bug Bounty Program. 4 Years of experience working in the IT Security Industry Experience with responding to security incidents in large scale corporate environments. A good understanding of Bug Bounty programmes and be an active member in this field. Proficiency in at least one programming or scripting language such as Python, Power Shell, Terraform or similar. Experience of security controls and detection capabilities within Microsoft Azure at enterprise scale. Expertise in networking, web services and application testing. Expert knowledge of DNS preventative network controls. Experience with Vulnerability Scanning tools such as Qualys and Tenable etc and to categorise criticality as well as risk of a vulnerability. Keen to cultivate a culture of collaboration, innovation and bringing industry standards to everything we do. Proactive and able to operate independently. Comfortable with ambiguity. You are resilient – you take ownership of seeing issues through to resolution whilst looking after yourself to be at your best. Have a passion for technology and can share that passion with others.