About the role
As a Security Partner, you will deeply engage within product areas and influence the way security is delivered by them. You will be supported by experts in the team, nonetheless. To achieve this, you are good at secure design principles, cloud security, secure development practices and patterns, application security, secure pipelines, open-source security and related. And not to mention, you are versatile to learn anything that comes along your way.
Responsibilities
- Develop in-depth understanding of the product area, engaging with key product and technical people for assessing security and privacy controls.
- Engage teams in security roadmap discussions and continuously improve security posture of what they build.
- Demonstrate how weaknesses in design or code can be compromised and exploited. Translate technical risks into business risks and potential impact to Tesco.
- Engage security champions, key developers, and offer technical advisory to support completion of security initiatives, and remediation of vulnerabilities or risks.
- Take part in key product and architecture decisions to embed security.
- Perform product security activities, from early development of security requirements, architecture reviews, and threat modelling, to strengthening application security, mitigating supply‑chain risks, securing secrets, pipelines, reviewing vulnerabilities, and infrastructure security.
Qualifications
- Hands‑on product security experience from developing requirements, reviewing architecture, applying design principles, to application security, pipeline security, infrastructure, and secure monitoring.
- Experience in leading security initiatives, dev(sec)ops practices with product and engineering teams.
- Experience in threat modelling and designing security/privacy controls to mitigate risks.
- Experience in application security, supply chain security, and using tools such as SAST, DAST, SCA, and IAC.
- Experience in reviewing code to spot weaknesses and suggesting mitigations.
- Experience applying industry standards like OWASP ASVS (Application Security Verification Standard), OWASP Top 10, CIS controls and benchmarks.
- Good understanding of web application, REST APIs, microservices, eventing, modern application frameworks, and mobile apps.
- Experience with cloud‑native and hybrid architectures with an emphasis on containerised workloads and Kubernetes.
Benefits
- Annual bonus scheme of up to 20% of base salary.
- Holiday starting at 25 days plus a personal day (plus Bank holidays).
- Private medical insurance.
- 26 weeks maternity and adoption leave (after 1 year’s service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay; we also offer 6 weeks fully paid paternity leave.
- Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing.
Equal Opportunity Employer
We are committed to providing a fully inclusive and accessible recruitment process and support all candidates regardless of race, colour, gender, disability, military service, age, sexual orientation, religion, or any other protected characteristic.
#J-18808-Ljbffr