Job Specifications
About the role
About the Security Partners team
We are the trusted security advisors for Tesco Technology. Our purpose is to collaborate seamlessly with the product and
engineering stakeholders, leveraging our deep expertise in cyber security to design and implement robust, resilient solutions
that protect our business and customers from cyber threats.
We are a dynamic and expanding global team of 15+ experts, serving as the strategic link between the wider security group and
software engineering teams that develop cutting-edge services at scale to support the retail business.
Tesco Technology comprises of several technology domains with over 100+ teams, each entrusted with their own security. These
teams enjoy significant autonomy, balanced by the responsibility to make customer-centric decisions and security. Rather than
imposing controls through rigid processes and security gates, we empower these engineering teams to innovate by providing
security guidance that helps them make informed decisions for Tesco. Encouragingly, these teams are enthusiastic partners in
enhancing security, working more efficiently, and integrating security into every aspect of their ways of working. This
collaborative approach sets us apart from traditional security teams. We proudly identify ourselves as Security Partners, not
security police, emphasizing our role as the “trusted advisors” rather than enforcers.
Partners engage key people in engineering to make security contextual and frictionless. After all, security is a journey and there is
no one-size-fits-all.
Join the team and be part of this exciting journey!
You will be responsible for
About the Security Partners team
We are the trusted security advisors for Tesco Technology. Our purpose is to collaborate seamlessly with the product and
engineering stakeholders, leveraging our deep expertise in cyber security to design and implement robust, resilient solutions
that protect our business and customers from cyber threats.
We are a dynamic and expanding global team of 15+ experts, serving as the strategic link between the wider security group and
software engineering teams that develop cutting-edge services at scale to support the retail business.
Tesco Technology comprises of several technology domains with over 100+ teams, each entrusted with their own security. These
teams enjoy significant autonomy, balanced by the responsibility to make customer-centric decisions and security. Rather than
imposing controls through rigid processes and security gates, we empower these engineering teams to innovate by providing
security guidance that helps them make informed decisions for Tesco. Encouragingly, these teams are enthusiastic partners in
enhancing security, working more efficiently, and integrating security into every aspect of their ways of working. This
collaborative approach sets us apart from traditional security teams. We proudly identify ourselves as Security Partners, not
security police, emphasizing our role as the “trusted advisors” rather than enforcers.
Partners engage key people in engineering to make security contextual and frictionless. After all, security is a journey and there is
no one-size-fits-all.
Join the team and be part of this exciting journey!
The Role
As a Security Partner, you will deeply engage within product areas and influence the way security is delivered by them. You will be
supported by experts in the team, nonetheless. To achieve this, you are good at secure design principles, cloud security, secure
development practices and patterns, application security, secure pipelines, open-source security and related. And not to
mention, you are versatile to learn anything that comes along your way.
Being the trusted advisor
As enterprise applications become more distributed, adaptive to technological advancements, and run from hybrid
infrastructure, teams need to navigate through different complexities and make key security decisions along the way. A trusted
security advisor empowers teams to achieve scalable and sustainable security maturity throughout the SDLC process.
You will need
Ideally, we would require commercial experience:
Hands-on product security experience from developing requirements, reviewing architecture, applying design
principles, to application security, pipeline security, infrastructure, and secure monitoring.
Experience in leading security initiatives, dev(sec)ops practices with product and engineering teams.
Experience in threat modelling and designing security/privacy controls to mitigate risks.
Experience in application security, supply chain security, and using tools such as SAST, DAST, SCA, and IAC.
Experience in reviewing code to spot weaknesses and suggesting mitigations.
Experience applying industry standards like OWASP ASVS (Application Security Verification Standard), OWASP Top 10, CIS
controls and benchmarks.
Good understanding of web application, REST APIs, micro services, eventing, modern application framewo
About the Company
We are Tesco, and we're always looking ahead. We use tech to make things a little better for everyone, every day.
Forget off- the-shelf. We love coming up with our own ideas and building things ourselves. We empower our technologists to play a part in Tesco's future. Solving crunchy tech problems, making customers' lives a little easier, and making a difference to our communities and the planet.
Our Technology team is made up of over 3,500 experts spread over 5 countries: UK, Poland, Hungary, Czech Republic and India....
Know more