Security Engineer - Application Security

About the role

An exciting opportunity to join a leading company and play an influential part in their continued dedication to Application Security. At Tesco, the application security team’s strategy is to provide security tooling that fits seamlessly into software engineering teams ways of working, helping them find and deal with security problems early within the software development process before it reaches production.

You will be responsible for:

• Identifying appropriate toolsets that fit with the application security team’s strategy.
• Providing comprehensive guidance that allows engineering teams to effectively self‑serve with our toolsets.
• Managing and maintaining the chosen solutions.
• Identification of security toolsets that effectively uncover security issues in code written by our software engineers and third‑party dependencies.
• Providing domain expertise on all areas of security and privacy throughout the Software Development lifecycle.
• Embedding yourself in the culture and processes, working in line with agile practices such as scrum.
• Identifying gaps in software engineering practices and recommending streamlined security solutions.
• Delivering training on core application security products to both security and engineering teams.
• Writing comprehensive guidance for the selected security tooling.
• Providing technical support for our products and engineers.

You will need:

• Strong expertise in at least one of the following programming languages: Python, Java, JavaScript/TypeScript, C# or Go.
• Proficiency in secure code review of at least one language (e.g., Java, JavaScript, C#).
• Experience deploying security tooling into a DevOps environment.
• Deep understanding of application security (Web, API, Mobile).
• Understanding of microservices and container orchestration.
• Solid grasp of Application Security Tooling (SCA/SAST/DAST/IaC Security).
• Knowledge of OWASP Top 10, Mitre Top 25, and CVSS frameworks, and ability to map to business risk.
• Experience implementing security into different stages of a DevOps lifecycle.
• Excellent written and verbal communication skills, with the ability to translate technical risk to business risk.
• Team player who is not afraid to get stuck in and work collaboratively.

Whats in it for you?

• Annual bonus scheme of up to 20% of base salary.
• Holiday starting at 25 days plus a personal day (plus Bank holidays).
• Private medical insurance.
• 26 weeks maternity and adoption leave (after 1 year’s service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay; 6 weeks paid paternity leave.
• Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, and free access to a range of experts to support your mental wellbeing.

About Us

Our vision at Tesco is to become every customer’s favourite way to shop, whether they are at home or out on the move. Our core purpose is ‘Serving our customers, communities and planet a little better every day’. We are proud to have an inclusive culture where everyone truly feels able to be themselves. We celebrate diversity, recognize its value, and are committed to providing a fully inclusive and accessible recruitment process. We offer a range of full‑time and part‑time working patterns and blend office and remote work. Everyone is welcome at Tesco.