Job Description
About the role
As a Senior Cyber Security Partner, you build and/or implement security tools and platforms that enhance our information security prevention, detection, and response capabilities. Your goal is to protect our customers, suppliers, colleagues, networks, systems, applications and information from cyber-attacks. You excel at improving security outcomes faster and at reduced cost for our businesses in teams with a mixed range of skills from hands-on through to architecture. You are the subject matter expert and lead initiatives that drive fast and consistent response through automation.
In order to be successful, you will be aligned as the Security Partner for selected verticals under the engineering domain.
About our Security Partnering team
We are 15+ and growing team that supports Tesco technology and software development teams across cloud and other cutting edge technologies at scale. We have a new role to lead security partnerships to drive and oversee security initiatives for an engineering domain. Tesco technology comprises of several domains and over 120 teams developing software who are responsible for their own security, so we act differently than a traditional security team. We’re team of security partners, not security police. We go as far as calling ourselves as Security Partners, not Security Architects or Consultants.
Security Partnering team is part of Security & Capability group that offers the enterprise with various security solutions and capabilities.
Our software engineering teams have tremendous freedom in their work and the corresponding responsibility to do the right thing for our customers. Instead of controlling our engineering teams with process and security gates, we enable them to innovate by providing security guidance to make right decisions for Tesco. The good news is that our engineering teams are (usually) willing partners in doing better security, more efficiently and earlier in the process. We want you to help us scale out and represent ourselves for the wider engineering domain.
Tesco has fully embraced devops and agile methodologies to develop our enterprise APIs, services and cloud capabilities. Our 100+ delivery teams have loads of Docker, Kubernetes and microservices galore across Azure and AWS, so our security approach must work with elastic, here today, gone tomorrow infrastructure. Our security approaches should be eventdriven, real-time and effective. Weekly scans are so 2010.
You will be responsible for
* Build a good understanding of the aligned verticals, the technology architecture, the criteria and constraints, the security posture and technical debts.
* Understand the threat landscape and take a risk-based approach on security.
* Drive security initiatives such as developing security requirements, threat modelling, strengthening application security, vulnerability reduction, etc., across that product areas.
* Review architecture and design for security problems, indulge in enabling software development teams to use security capabilities and tooling provided by Tesco.
* Be ready to review critical code, build pipelines, deployment methods, etc and assist teams in doing better security overall.
* Apply security and privacy principles in your daily job.
* Facilitate risk remediation but also challenge decisions and status-quo.
* Facilitate in assurance activities like penetration testing, purple testing, app assurance.
* Build quarterly/monthly roadmaps for security activities and plan them with stakeholders.
* Be an evangelist for security, take part in strengthening Tesco's internal policies and standards.
You will need
* Strong written and verbal communication skills.
* Strong problem solving, analysis and computational skills.
* Drive tactical vs. strategic decision making.
* Be an advocate for change.
* Work experience in customer-facing solutions, web technologies, payment systems, content delivery networks, REST APIs, micro services, modern application development.
* Understand every-growing threat landscape and identify business risks.
* Good understanding of public cloud services and various architecture patterns.
* Good understanding of software, network and infrastructure security.
* Deeper understanding of application security and DevSecOps (the shift-left culture)
* General security principles, privacy principles, industry standards such as NIST, ISO27001, CIS, MITRE framework.
* Preferred Azure or AWS cloud security certifications
What’s in it for you
Package Description
We offer excellent benefits that help make Tesco a great place to work. These include but aren’t limited to:
* An annual bonus scheme which you can achieve up to 20% of base salary
* Colleague Clubcard (including a 2nd card for a family member) after 6 months service with 10% off most purchases at Tesco
* Holiday starting at 25 days plus a personal day
* A retirement savings plan - 4%-7.5% contribution rate
* Life Assurance - 5 x contractual pay
* Buy As You Earn Scheme
* Save As You Earn Scheme
* Deals & Discounts through Tesco including Tesco Mobile & Tesco Bank
* Deals and Discounts through many other external businesses
About us
Our vision here at Tesco is to become every customer's favourite way to shop, whether they are at home, out shopping, on the move, anywhere in the world.
We want our customers to be inspired and whatever they are looking for, we’re finding bigger and better ways to provide it.
Everything is underpinned by our continuous drive for the best tools and technology to deliver our vision. We’re driving innovation and transforming our Technology to become the world’s leading retailer.
We need people who share our ambition to deliver for our customers; Passionate and confident people willing to take the initiative and drive us forwards. In return we offer excitement, a great team, an excellent benefit package, and significant career development opportunities.
Joining us means playing a part in defining; building and launching an ambitious roadmap of digital products that could affect the lives of millions of people over the years to come.
If that sounds exciting then we'd love to hear from you.