Security Engineer - Application Security

An exciting opportunity to join a leading company and play an influential part in their continued dedication to Application Security.

At Tesco, the application security team's strategy is to provide security tooling that fits seamlessly into software engineering teams ways of working, helping them find and deal with security problems early within the software development process before it reaches production.

In this role you will be responsible for helping to identify appropriate toolsets that fit with the application security team's strategy, provide comprehensive guidance that allow engineering teams to effectively self-serve with our toolsets and help manage and maintain the chosen solutions.

We're all about the little helps. That's why we make sure our Tesco colleague benefits package takes care of you - both in and out of work. Click Here to find out more!

• Annual bonus scheme of up to 20% of base salary
• Holiday starting at 25 days plus a personal day (plus Bank holidays)
• Private medical insurance
• 26 weeks maternity and adoption leave (after 1 years' service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 6 weeks fully paid paternity leave
• Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing

As an application security expert at Tesco you will possess a strong engineering background and a curiosity about working collaboratively with our engineering teams. You can communicate clearly, present reasonable security trade-offs to the business, and work to build real world practical solutions that reduce our security risk.

• Identification of security toolsets that effectively uncover security issues in code written by our software engineers and third‑party dependencies
• Provide domain expertise on all areas of security and privacy throughout the Software Development lifecycle
• Embed yourself in our culture and processes working n‑line with agile practices i.e. scrum and others
• Identify gaps in software engineering practices and recommend appropriate streamlined security solutions
• Deliver training on core application security products to both security and engineering teams
• Write comprehensive guidance for the selected security tooling
• Provide technical support for our products and engineers

We are looking for a passionate Security Engineer you can add to our teams with core technical skills including:

• Strong expertise in at least one of the following programming languages: Python, Java, JavaScript
  TypeScript, C#, Go
• Proficient in secure code review of at least one language, i.e. Java, JavaScript, C#
• Experience of deploying security tooling into a DevOps environment
• Deep understanding of application security (Web, API, Mobile)
• Understanding of microservices and container orchestration
• Solid grasp of Application Security Tooling (SCA/SAST/DAST/IaC Security)
• Knowledge of OWASP Top 10, Mitre Top 25 and CVSS frameworks, mapping to business risk
• Experience in implementing security into different stages of a DevOps lifecycle

In addition, as part of a large‑scale, fast‑paced organisation it is integral to be a good communicator with proven written and verbal communication skills.

A team player who is not afraid to get stuck in and work collaboratively and an ability to translate technical to business risk when assessing software vulnerabilities.

Our vision at Tesco is to become every customer's favourite way to shop, whether they are at home or out on the move. Our core purpose is 'Serving our customers, communities and planet a little better every day'. Serving means more than a transactional relationship with our customers. It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of and the planet.

We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves. At Tesco, we not only celebrate diversity, but recognise the value and opportunity it brings. We're committed to creating a workplace where differences are valued, and make sure that all colleagues are given the same opportunities. We're proud to have been accredited Disability Confident Leader and we're committed to providing a fully inclusive and accessible recruitment process. For further information on the accessibility support we can offer, please click here.

We're a big business and we can offer a range of diverse full‑time & part‑time working patterns across our many business areas, which means that we can find something that works for you. We work in a more blended pattern – combining office and remote working. Our offices will continue to be where we connect, collaborate and innovate. If you are applying internally, please speak to the Hiring Manager about how this can work for you – Everyone is welcome at Tesco.