Security Engineer - Welwyn Garden City
About the Security & Capability Team
Our team is responsible for providing and maintaining tools used by Tesco in order to monitor and secure our systems, while also helping our colleagues globally.
We maintain global hybrid instances of our chosen tools for SIEM, Application Performance Monitoring, Log Monitoring, Backlog Management, Identity Access Management, Service Desk, self-help portals for colleagues and incident communications. In addition to the challenges delivering this capability brings, we're also the team responsible for the security operations centre and our security architecture, working across Tesco globally to secure our systems and data! Our Technology Risk & Compliance team works tirelessly to further develop a risk aware culture and drive audit and regulatory improvements across the technology team in all Tesco countries.
We aim to provide colleagues with a great experience by providing world class tooling, processes and advice. We believe in solutions that are either self-service or invisible to the end user - that's not always easy to achieve, but it's what we strive for.
Our Technology department is now seeking a talented Security Engineer to join the team. Security Engineers work with broad knowledge of security engineering as well as a deeper knowledge in one or more specific areas. You are responsible for delivering quality advice and guidance to Technology teams in order to make Tesco systems secure. This could be through threat modelling, code review, design review, etc. You strive to educate colleagues throughout Technology so they are empowered to make their systems more secure.
Key people and teams I work within and outside of Tesco
- Product Managers
- Software Engineers
- System Engineers
- Technical Programme Managers
- Colleagues and business stakeholders across Tesco
- Suppliers and 3rd parties
- Represent the Technology Security team and assist other engineering teams in adhering to secure design principles.
- Help teams deliver secure solutions using my team and security skills and also displaying a flexible agile approach by embracing emerging technologies, all working together in a robust technical ecosystem.
- Work closely and collaboratively with engineering and product teams
- Be a problem solver using past engineering experience to create and deliver innovative solutions
- Provide hands on direction during the design and development of applications utilising a threat-based approach to support the business strategy.
- Collaborate closely with colleagues within the wider global Technology Security organisation and technology departments as well as the business to establish effective, productive relationships
- Execute threat modeling activities during agile iterations.
- Am involved in and may lead incidents which occur on our systems with regards to technology security.
- Provide targeted application security requirements based on design, threats, industry best practices, and Tesco specific policy.
- Influence delivery teams in the prioritisation of security activities and issue remediation.
- Perform manual code reviews, open source software evaluations, and tests as needed.
- Drive adoption of new tools and techniques being able to understand their value and impact.
- Keep my technical skills up to date and keep track of new technologies, understanding how they might benefit the Technology team and wider Tesco.
- Share knowledge with the wider engineering community.
- Champion continuous improvement within the department.
The Ideal Candidate
Skills relevant for the job
We're looking for passionate individuals with experience in:
- Web Application Scanners (WAS) e.g. Qualys /Nessus (Tennable.io), netsparker, etc
- Nmap, Kali linux, metasploit
- Ideally an ability to write small tools in Python, Ruby, Go, Perl, PHP etc
Experience relevant for this job
Previous experience working in a DevOps environment and building teams deliver secure code in an automated way. Additional experience includes:
- Strong troubleshooting skills.
- Experience of pen testing or identifying vulnerabilities.
- Managing security vulnerabilities of a system, OS, software, WAS, configurations, Cloud (AWS).
- Ability to represent data to ensure that the right vulnerabilities are prioritised.
- Capabilities to reproduce issues and work closely with the development / engineering teams to help them remediate.
- Technical hands on exposure to the various security products within an Enterprise environment (e.g. SAST).
About The Company
Our vision here at Tesco is to become every customer's favourite way to shop online, whether they are at home, out shopping, on the move, anywhere in the world.
We want our customers to be inspired and whatever they are looking for, we're finding bigger and better ways to provide it.
Everything is underpinned by our continuous drive for the best tools and technology to deliver our vision. We're driving innovation and transforming our Technology to become the world's leading e-commerce business.
We need people who share our ambition to deliver for our customers; Passionate and confident people willing to take the initiative and drive us forwards. In return we offer excitement, a great team, an excellent benefit package, and significant career development opportunities.
Joining us means playing a part in defining; building and launching an ambitious roadmap of digital products that could affect the lives of millions of people over the years to come.
We offer excellent benefits that help make Tesco a great place to work. These include but aren't limited to:
- An annual bonus scheme which you can achieve up to 3.5% of base salary
- Privilegecard (including a 2nd card for a family member) after 6 months service with 10% off most purchases at Tesco
- A retirement savings plan - 4%-7.5% contribution rate
- Life Assurance - 5 x contractual pay
- Buy As You Earn Scheme
- Save As You Earn Scheme
- Deals & Discounts through Tesco including Tesco Mobile & Tesco Bank
- Deals and Discounts through many other external businesses