Security Engineer  (Vulnerability Management)


Premium Job From Tesco

Recruiter

Tesco

Listed on

28th May 2019

Location

Welwyn Garden City

Salary/Rate

Competitive

Salary Notes

Competitive

Type

Permanent

Start Date

ASAP

This job has now expired please search on the home page to find live IT Jobs.

About The Cyber Security Team

Our cyber security team are the eyes and ears of our organisation. We use the latest technologies to increase visibility and protection of systems, services and data. To do this we need to stay ahead of the latest threats and continuously improve our tooling, techniques, and processes.

Responsible for developing and running security processes day-to-day for the Tesco Group, we're continually working to step change security capability to further enhance the protection and controls that we offer for our customers and colleagues across the UK, Europe and Asia, and we're looking to add great people to our growing team.

We believe that skilled and passionate people are our greatest asset in reducing risk to our business and customers. We encourage and support continual development and learning, and recognise the importance of keeping up with changes in technology and an evolving threat landscape.

Communication is key - working collaboratively with our software and systems engineering teams to support security throughout the development lifecycle, as well as to build proactive monitoring and responses to security events.

 

Security Engineer - Vulnerability Management 

Main Responsibilities

Our Technology department is now seeking a talented Security Engineer to join the team. Security Engineers work with broad knowledge of security engineering as well as a deeper knowledge in one or more specific areas.

You are responsible for delivering quality advice and guidance to Technology teams in order to make Tesco systems secure. This could be through threat modelling, code review, design review, etc. You strive to educate colleagues throughout Technology so they are empowered to make their systems more secure. Responsibilities include:

Representing the Technology Security team and assist other engineering teams in adhering to secure design principles.

Helping teams deliver secure solutions using my team and security skills and also displaying a flexible agile approach by embracing emerging technologies, all working together in a robust technical ecosystem.

Working closely and collaboratively with engineering and product teams 

Being a problem solver using past engineering experience to create and deliver innovative solutions 

Providing hands on direction during the design and development of applications utilising a threat-based approach to support the business strategy.

Collaborating closely with colleagues within the wider global Technology Security organisation and technology departments as well as the business to establish effective, productive relationships

Executing threat modelling activities during agile iterations.

Getting involved in and potentially leading incidents which occur on our systems with regards to technology security.

Providing targeted application security requirements based on design, threats, industry best practices, and Tesco specific policy.

Influencing delivery teams in the prioritisation of security activities and issue remediation.

Performing manual code reviews, open source software evaluations, and tests as needed.

Driving adoption of new tools and techniques being able to understand their value and impact.

Keeping my technical skills up to date and keep track of new technologies, understanding how they might benefit the Technology team and wider Tesco.

Sharing knowledge with the wider engineering community.

Championing continuous improvement within the department.

The Ideal Candidate

Skills relevant for the job

We're looking for passionate individuals with experience in:

Web Application Scanners (WAS) e.g. Qualys /Nessus (Tennable.io), netsparker, etc

Nmap, Kali linux, metasploit

Ideally an ability to write small tools in Python, Ruby, Go, Perl, PHP etc

One or more of the following certifications could prove advantageous for the role:  Security+, CEH, SANS GIAC, SSCP, CISSP, CSSLP, CISA, CISM.

Experience relevant for this job

Previous experience working in a DevOps environment and building teams deliver secure code in an automated way. Additional experience includes:

Strong troubleshooting skills. 

Experience of pen testing or identifying vulnerabilities.

Managing security vulnerabilities of a system, OS, software, WAS, configurations, Cloud (AWS).

Ability to represent data to ensure that the right vulnerabilities are prioritised.

Capabilities to reproduce issues and work closely with the development / engineering teams to help them remediate.

Technical hands on exposure to the various security products within an Enterprise environment (e.g. SAST).

About The Company

Our vision here at Tesco is to become every customer's favourite way to shop, whether they are at home, out shopping, on the move, anywhere in the world.

We want our customers to be inspired and whatever they are looking for, we're finding bigger and better ways to provide it.

Everything is underpinned by our continuous drive for the best tools and technology to deliver our vision. We're driving innovation and transforming our Technology to become the world's leading retailer.

We need people who share our ambition to deliver for our customers; Passionate and confident people willing to take the initiative and drive us forwards. In return we offer excitement, a great team, an excellent benefit package, and significant career development opportunities.

Joining us means playing a part in defining; building and launching an ambitious roadmap of digital products that could affect the lives of millions of people over the years to come.

If that sounds exciting then we'd love to hear from you.

The position will be based at our Campus in Welwyn Garden City.

Package Description

We offer excellent benefits that help make Tesco a great place to work.  These include but aren't limited to:

An annual bonus scheme which you can achieve up to 3.5% of base salary

Colleague Clubcard (including a 2nd card for a family member) after 6 months service with 10% off most purchases at Tesco

Holiday starting at 25 days plus a personal day

A retirement savings plan - 4%-7.5% contribution rate

Life Assurance - 5 x contractual pay

Buy As You Earn Scheme

Save As You Earn Scheme

Deals & Discounts through Tesco including Tesco Mobile & Tesco Bank

Deals and Discounts through many other external businesses

You are currently using an outdated browser.

Please consider using a modern browser such as one listed below: