An exciting opportunity to join a leading company and play an influential part in their continued dedication to Application Security.
At Tesco, the application security team’s strategy is to provide security tooling that fits seamlessly into software engineering teams ways of working, helping them find and deal with security problems early within the software development process before it reaches production.
In this role you will be responsible for helping to identify appropriate toolsets that fit with the application security team’s strategy, provide comprehensive guidance that allow engineering teams to effectively self-serve with our toolsets and help manage and maintain the chosen solutions.
As an application security expert at Tesco you will possess a strong engineering background and a curiosity about working collaboratively with our engineering teams. You can communicate clearly, present reasonable security trade-offs to the business, and work to build real world practical solutions that reduce our security risk.
As an integral part of our Application Security team you can expect to be invovled in a wide range of Security Engineering Tasks including -
• identification of security toolsets that effectively uncover security issues in code written by our software engineers and third-party dependencies
• You will Provide domain expertise on all areas of security and privacy throughout the Software Development lifecycle
• Embed yourself in our culture and process's working n-line with agile practices i.e. scrum and others
• You will be able to identify gaps in software engineering practices and recommend appropriate streamlined security solutions
• You can demonstrate the ability to deliver training on core application security products to both security and engineering teams
• You have experience writing comprehensive guidance for the selected security tooling
• As an expert you will also provide technical support for our products and engineers
We are looking for a passionate Security Engineer you can add to our teams with core technical skills including-
• Strong expertise at least one of the following programming languages: Python, Java, JavaScript /
TypeScript, C#, Go
• Proficient in secure code review of at one language i.e. Java, JavaScript, C#
• Experience of deploying security tooling into a DevOps environment
• Deep understanding of application security (Web, API, Mobile)
• An understanding of microservices and container orchestration
• Solid grasp of Application Security Tooling (SCA/SAST/DAST/IaC Security)
• Knowledge of OWASP Top 10, Mitre Top 25 and CVSS frameworks, mapping to business risk
• Experience in implementing security into different stages of a DevOps lifecycle
In addition as part of a large scale , fast paced organisation it is integral to be a good communicator with proven written and verbal communication skills
A team player who is not afraid to get stuck in and work collaboratively and an ability to translate technical to business risk when assessing software vulnerabilities
Our vision at Tesco is to become every customer's favourite way to shop, whether they are at home or out on the move. Our core purpose is ‘Serving our customers, communities and planet a little better every day’. Serving means more than a transactional relationship with our customers. It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of and for the planet.
We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves. At Tesco, we not only celebrate diversity, but recognise the value and opportunity it brings. We're committed to creating a workplace where differences are valued, and make sure that all colleagues are given the same opportunities. We’re proud to have been accredited Disability Confident Leader and we’re committed to providing a fully inclusive and accessible recruitment process. For further information on the accessibility support we can offer, please click here.
We’re a big business and we can offer a range of diverse full-time & part-time working patterns across our many business areas, which means that we can find something that works for you. We work in a more blended pattern - combining office and remote working. Our offices will continue to be where we connect, collaborate and innovate. If you are applying internally, please speak to the Hiring Manager about how this can work for you - Everyone is welcome at Tesco.
