About The Cyber Security Team
Our cyber security team are the eyes and ears of our organisation. We use the latest technologies to increase visibility and protection of systems, services and data. To do this we need to stay ahead of the latest threats and continuously improve our tooling, techniques, and processes.
Responsible for developing and running security processes day-to-day for the Tesco Group, we're continually working to step change security capability to further enhance the protection and controls that we offer for our customers and colleagues across the UK, Europe and Asia, and we're looking to add great people to our growing team.
We believe that skilled and passionate people are our greatest asset in reducing risk to our business and customers. We encourage and support continual development and learning, and recognise the importance of keeping up with changes in technology and an evolving threat landscape.
Communication is key - working collaboratively with our software and systems engineering teams to support security throughout the development lifecycle, as well as to build proactive monitoring and responses to security events.
The Role - Security Engineering Manager
Security Engineering Managers establish and sustain the environment for Security Engineers to succeed. They drive continuous improvement of security engineering practises at Tesco by managing a motivated and capable team of Security Engineers. They are responsible for the quality of advice and guidance given to Technology teams.
- Represent the Technology Security team and assist other engineering teams in adhering to secure design principles.
- Help teams deliver secure solutions using my team and security skills and also displaying a flexible agile approach by embracing emerging technologies, all working together in a robust technical ecosystem.
- Work closely and collaboratively with a large number of engineering and product teams
- Evaluate technology to ensure adherence to existing standards and technical integration with current capabilities
- Be a problem solver using past engineering experience to create and deliver innovative solutions
- Use my appreciation of the DevSecOps philosophy of bringing Culture, Automation, Lean, Measurement and Sharing into security at the same time as advising on how to embed security into DevOps tooling and processes
- Provide hands on direction during the design and development of applications utilising a threat-based approach to support the business strategy.
- Collaborate closely with colleagues within the wider global Technology Security organisation and technology departments as well as the business to establish effective, productive relationships
- Assist with the creation, adoption, and maturation of threat modeling and application security requirements functions and processes.
- Coordinate and execute threat modeling activities during agile iterations.
- Provide targeted application security requirements based on design, threats, industry best practices, and Tesco specific policy.
- Empower delivery team resources by promoting application security awareness and standards through training, mentoring, and communities of best practice.
- Influence delivery teams in the prioritisation of security activities and issue remediation.
- Evaluate and recommend new and emerging application security products and technologies
- Perform manual code reviews, open source software evaluations, and tests as needed.
- Am involved in and may lead incidents which occur on our systems with regards to technology security.
- Drive adoption of new tools and techniques being able to understand their value and impact.
- Keep my technical skills up to date and keep track of new technologies, understanding how they might benefit the Technology team and wider Tesco.
- Share knowledge with the wider engineering community.
- Establish and maintain the right team and processes to continually deliver quality advice and engagements.
- Have accountability for ensuring the team deliver on their commitments.
- Champion continuous improvement within the department.
- Communicate clear objectives and career path for the team members.
- Monitor and appraise colleague performance and take appropriate action.
- Facilitate and support the development of individuals.
- Lead and mentor/develop teams containing experienced individuals.
- Recognise and nurture talent.
- Create space for the whole team to innovate.
Key Skills and Experience
Relevant Technical Skills
- Previous experience with a Web Application Scanners (WAS) e.g. Qualys /Nessus (Tennable.io), Netsparker, etc
- Knowledge and experience with pen testing tools such as Nmap, Kali Linux, Metasploit
- Ideally an ability to write small tools using one of Python, Ruby, Go, Perl, PHP etc.
- Technical skills as appropriate to specialism
- Agile approach
- Ideally have experience in Cloud architectures and engineering solutions to meet needs in the cloud.
Relevant Soft Skills
- Stakeholder management
- People management
- Technical hands on exposure to the various security products within an Enterprise environment (e.g. SAST).
- Previous experience working in a DevOps environment and building teams deliver secure code in an automated way.
- Strong troubleshooting skills.
- Extensive experience in the Information Technology field.
- Ideally one or more of the following certifications: Security+, CEH, SANS GIAC, SSCP, CISSP, CSSLP, CISA, CISM.
About The Company
Our vision here at Tesco is to become every customer's favourite way to shop, whether they are at home, out shopping, on the move, anywhere in the world.
We want our customers to be inspired and whatever they are looking for, we're finding bigger and better ways to provide it.
Everything is underpinned by our continuous drive for the best tools and technology to deliver our vision. We're driving innovation and transforming our Technology to become the world's leading retailer.
We need people who share our ambition to deliver for our customers; Passionate and confident people willing to take the initiative and drive us forwards. In return we offer excitement, a great team, an excellent benefit package, and significant career development opportunities.
Joining us means playing a part in defining; building and launching an ambitious roadmap of digital products that could affect the lives of millions of people over the years to come.
If that sounds exciting then we'd love to hear from you.
The position will be based at our Campus in Welwyn Garden City.
We offer excellent benefits that help make Tesco a great place to work. These include but aren't limited to:
- An annual bonus scheme which you can achieve up to 3.5% of base salary
- Colleague Clubcard (including a 2nd card for a family member) after 6 months service with 10% off most purchases at Tesco
- Holiday starting at 25 days plus a personal day
- A retirement savings plan - 4%-7.5% contribution rate
- Life Assurance - 5 x contractual pay
- Buy As You Earn Scheme
- Save As You Earn Scheme
- Deals & Discounts through Tesco including Tesco Mobile & Tesco Bank
- Deals and Discounts through many other external businesses