Security Engineer - Vulnerability Management
Welwyn Garden City
This job has now expired please search on the home page to find live IT Jobs.
About the role
About The Cyber Security Team
Our cyber security team are the eyes and ears of our organisation. We use the latest technologies to increase visibility and protection of systems, services and data. To do this we need to stay ahead of the latest threats and continuously improve our tooling, techniques, and processes.
Responsible for developing and running security processes day-to-day for the Tesco Group, we're continually working to step change security capability to further enhance the protection and controls that we offer for our customers and colleagues across the UK, Europe and Asia, and we're looking to add great people to our growing team.
We're looking to add great people to our growing team because we believe that skilled and passionate people are our greatest asset in reducing risk to our business and customers. We encourage and support continual development and learning, and recognise the importance of keeping up with changes in technology and an evolving threat landscape.
Communication is key - working collaboratively with our software and systems engineering teams to support security throughout the development lifecycle, as well as to build proactive monitoring and responses to security events.
You will be responsible for
Our Technology department is now seeking a talented Security Engineer to join the team. Security Engineers work with broad knowledge of security engineering as well as a deeper knowledge in one or more specific areas. You are responsible for delivering quality advice and guidance to Technology teams in order to make Tesco systems secure. This could be through threat modelling, code review, design review, etc. You strive to educate colleagues throughout Technology so they are empowered to make their systems more secure.
Key people and teams I work within and outside of Tesco
Technical Programme Managers
Colleagues and business stakeholders across Tesco
Suppliers and 3rd parties
Represent the Technology Security team and assist other engineering teams in adhering to secure design principles.
Help teams deliver secure solutions using my team and security skills and also displaying a flexible agile approach by embracing emerging technologies, all working together in a robust technical ecosystem.
Work closely and collaboratively with engineering and product teams
Be a problem solver using past engineering experience to create and deliver innovative solutions
Provide hands on direction during the design and development of applications utilising a threat-based approach to support the business strategy.
Collaborate closely with colleagues within the wider global Technology Security organisation and technology departments as well as the business to establish effective, productive relationships
Execute threat modeling activities during agile iterations.
Am involved in and may lead incidents which occur on our systems with regards to technology security.
Provide targeted application security requirements based on design, threats, industry best practices, and Tesco specific policy.
Influence delivery teams in the prioritisation of security activities and issue remediation.
Perform manual code reviews, open source software evaluations, and tests as needed.
Drive adoption of new tools and techniques being able to understand their value and impact.
Keep my technical skills up to date and keep track of new technologies, understanding how they might benefit the Technology team and wider Tesco.
Share knowledge with the wider engineering community.
Champion continuous improvement within the department.
You will need
Skills relevant for the job
We're looking for passionate individuals with experience in:
Web Application Scanners (WAS) e.g. Qualys /Nessus (Tennable.io), netsparker, etc
Nmap, Kali linux, metasploit
Ideally an ability to write small tools in Python, Ruby, Go, Perl, PHP etc
One or more of the following certifications could prove advantageous for the role: Security+, CEH, SANS GIAC, SSCP, CISSP, CSSLP, CISA, CISM.
Experience relevant for this job
Previous experience working in a DevOps environment and building teams deliver secure code in an automated way. Additional experience includes:
Strong troubleshooting skills.
Experience of pen testing or identifying vulnerabilities.
Managing security vulnerabilities of a system, OS, software, WAS, configurations, Cloud (AWS).
Ability to represent data to ensure that the right vulnerabilities are prioritised.
Capabilities to reproduce issues and work closely with the development / engineering teams to help them remediate.
Technical hands on exposure to the various security products within an Enterprise environment (e.g. SAST).
Our vision here at Tesco is to become every customer's favourite way to shop online, whether they are at home, out shopping, on the move, anywhere in the world.
We want our customers to be inspired and whatever they are looking for, we're finding bigger and better ways to provide it.
Everything is underpinned by our continuous drive for the best tools and technology to deliver our vision. We're driving innovation and transforming our Technology to become the world's leading e-commerce business.
We need people who share our ambition to deliver for our customers; Passionate and confident people willing to take the initiative and drive us forwards. In return we offer excitement, a great team, an excellent benefit package, and significant career development opportunities.
Joining us means playing a part in defining; building and launching an ambitious roadmap of digital products that could affect the lives of millions of people over the years to come.
What's in it for you
We offer excellent benefits that help make Tesco a great place to work. These include but aren't limited to:
An annual bonus scheme which you can achieve up to 3.5% of base salary
Privilegecard (including a 2nd card for a family member) after 6 months service with 10% off most purchases at Tesco
A retirement savings plan - 4%-7.5% contribution rate
Life Assurance - 5 x contractual pay
Buy As You Earn Scheme
Save As You Earn Scheme
Deals & Discounts through Tesco including Tesco Mobile & Tesco Bank
Deals and Discounts through many other external businesses
Our office application process varies depending on the role and the level of experience needed.