Cyber Security Partner - Product Security

About the role
The position will be based at our Tesco Technology offices in London.

About the Security Partners team
We are the trusted security advisors for Tesco Technology, collaborating seamlessly with product and engineering stakeholders to design and implement robust, resilient solutions that protect our business and customers from cyber threats. Our dynamic global team of 15+ experts serves as the strategic link between the wider security group and software engineering teams, enabling customer‑centric security decisions and empowering engineering teams to innovate with secure guidance.

As a Security Partner, you will deeply engage within product areas and influence how security is delivered. You will be supported by team experts while applying secure design principles, cloud security, secure development practices, application security, secure pipelines, open‑source security, and more. You will be versatile, eager to learn, and ready to code where needed.

• Developing an in‑depth understanding of the product area and engaging key product and technical people to assess security and privacy controls.
• Engaging teams in security roadmap discussions and continuously improving their security posture.
• Demonstrating how weaknesses in design or code can be compromised and translating technical risks into business impacts for Tesco.
• Supporting security champions and key developers with technical advisory to complete security initiatives and remediate vulnerabilities.
• Participating in key product and architecture decisions to embed security.
• Performing product security activities from early security requirements to architecture reviews, threat modelling, and strengthening application security, supply‑chain risk mitigation, secrets and pipeline security, vulnerability review, and infrastructure security.
• Proposing security controls or compensating measures and seeking tactical and strategic solutions for continuous improvement.
• Leading teams toward security‑by‑design and security‑by‑default excellence.
• Adopting new capabilities to enhance security across people, process, and tools.
• Preparing code to resolve security issues through pull requests.
• Participating in assurance activities such as security testing, purple testing, auditing.
• Empowering teams while challenging the status quo and advocating for good security practices.
• Driving continuous improvement, seizing opportunities, and inspiring change.

• Hands‑on product security experience from developing requirements to application and pipeline security.
• Experience leading security initiatives and dev‑sec‑ops practices with product and engineering teams.
• Experience in threat modelling and designing security/privacy controls.
• Experience with SAST, DAST, SCA, IAC tools and reviewing code for weaknesses.
• Familiarity with OWASP ASVS, OWASP Top 10, CIS controls, and benchmarks.
• Understanding of web application, REST APIs, micro‑services, eventing, modern frameworks, and mobile apps.
• Experience with cloud‑native and hybrid architectures, containerised workloads, and Kubernetes.
• Some development experience (Java, cloud, Golang, Python) is a plus.
• Degree in computer science, information systems, engineering, or equivalent experience.
• Experience with GDPR, PCI‑DSS is desirable.
• Azure or AWS cloud security certifications is desirable.
• Strong communication, listening, and influencing skills.

• Annual bonus scheme of up to 20% of base salary.
• Holiday starting at 25 days plus a personal day (plus bank holidays).
• Private medical insurance.
• 26 weeks maternity and adoption leave (after 1 year’s service) at full pay, followed by Statutory Maternity Pay or Adoption Pay, plus 6 weeks fully paid paternity leave.
• Free 24/7 virtual GP service, Employee Assistance Programme (EAP), and access to mental wellbeing experts.

Our vision at Tesco is to become every customer’s favourite way to shop. We serve customers, communities and planet a little better every day, acting responsibly and sustainably. We celebrate diversity and inclusiveness, providing a fully inclusive and accessible recruitment process. We offer a range of full‑time and part‑time working patterns and a blended office‑remote model.