Senior Information Security Analyst - Product Assurance in Coventry

We’d all like amazing work to do, and real work‑life balance. That’s waiting for you at Sainsbury’s. Think about the scale it takes for us to feed the nation. The level of data, transactions and variety it involves. Then you’ll realise that ours is a modern software engineering environment because it has to be. We’ve made serious investment into a Tech Academy and into setting standards and principles. We iterate, learn, experiment and push ways of working such as Agile, Scrum and XP. So you can look forward to awesome opportunities in everything from AI to reusable tech.

In a nutshell, as a Senior Information Security Analyst in the Data Governance and Information Security Team, you will be working within the Product Assurance team who are responsible for ensuring our Engineering and Development communities are building and maintaining secure products through their entire lifecycle. You will be continually reviewing our security posture and setting the direction on how best to make improvements in line with the evolving threat landscape and core business objectives. The ideal candidate will have significant (6+ years) experience working within Information or Cyber Security and be passionate about continuous professional development. Whilst this role isn’t ‘hands‑on’ candidates are expected to have an in‑depth knowledge of security technologies and how these are integrated in monolithic and microservice architectures.

What you need to do:

• Good all round infosec experience coupled with finely honed Stakeholder Management skills to ensure that robust security is maintained across our environment.
• Provide technical, procedural and policy advice to business stakeholders and Engineers with sufficient detail.
• Review requests to ensure they comply with company policy and best security practice prior to approval.
• Conduct in‑depth risk assessments and threat modelling alongside producing detailed documentation.
• Present findings to management alongside recommendations on how to secure our systems.
• Advocate for innovative security solutions through persuasive quantitative evidence and presentation.
• Mentor, engage and help educate junior colleagues across the InfoSec family.
• Support strategic initiatives to ensure cybersecurity is integrated at all phases across the business.
• Ensure that risks have been raised and being able to comprehensively explain the issues.
• Provide subject matter expertise on the InfoSec domain that the candidate is expert at.
• Evaluate requests from our suppliers to ensure they are fit for purpose.
• Deliver weekly reporting to management and other stakeholders.
• Co‑ordinate complex incident response and recovery, working closely with Engineers and SOC colleagues.
• Provide support to the Information Security Manager.

What you need to know and show:

• A strong technical understanding of security to ensure systems are designed and built securely and to help continually improve our security posture.
• Familiarity with common Mobile Device and Endpoint Management solutions.
• An understanding of the Microsoft Defender suite of products.
• Awareness of Email & Web Security Gateway technologies.
• Ability to understand the operation of corporate networks and firewall solutions, including Wide Area Network considerations for multi‑site deployments (inc. international).
• Consideration on how to assess the security of purchased Software‑as‑a‑Service products.
• Familiarity with AI tooling such as Microsoft 365 / Security / GitHub Copilot.
• Experience with other common productivity & collaboration tools, such as Confluence, Miro, Adobe Cloud Suite.
• Ability to understand and assess integrations between systems through methods such as APIs, Process Automation or Batch processing.
• Nice to have knowledge of AWS, Azure, Oracle, GCP and SAP Clouds.
• Risk Management experience and understanding of Risk Management Frameworks.
• Strong analytical and report writing skills.
• Appreciation of containerisation technologies such as Docker, Kubernetes etc.
• Experience with logging, monitoring, load balancing/proxies and API gateways.
• Working knowledge of GitHub, Jenkins, Ansible, Chef and Puppet.
• In‑depth knowledge of the OWASP Top 10, Mitre ATT&CK, NIST frameworks, PCI‑DSS and Cyber Kill Chain.
• Familiarity with PAM, EDR, AV, IPS, SIEM, WAF and DLP technologies.
• The ability to verify solutions and gain assurance that they are fit for purpose through demonstrable evidence of controls and testing.
• Strong understanding of the changing threat landscape and how this may affect our systems.
• The ability to challenge concerns and report through appropriate channels.
• Self‑drive, motivation and the ability to work independently to deliver expected outcomes.
• Excellent teamwork and problem‑solving skills by blending technical knowledge with business requirements.
• In‑depth understanding of data and security risks in a large enterprise.

Desirable Qualifications:

• You will have two (or more) of the following: CompTIA CASP+, Cloud+, Security+, Network+, Linux+
• CSA CCSK / CCAK (ISC)² CISSP / CCSP / SSCP
• ISACA CISA / CISM / CRISC / CGEIT
• AWS Certified Security or Certified Solutions Architect
• GCP Professional Cloud Security Engineer
• GIAC Cloud Security Automation
• Microsoft Certified Azure Solutions Architect Expert
• Microsoft Certified Cybersecurity Architect Expert
• MSc. Information/Cyber Security (not essential)

Benefits:

• Colleague discount across our multi‑brands – Sainsbury's, Argos, TU Clothing and Habitat.
• Holiday allowance.
• Bonus scheme.
• Pension plan.
• Special offers on gym memberships, restaurants, holidays, retail vouchers and more.

Work‑life balance is important to us, so we offer our colleagues as much flexibility as possible in line with the needs of their role. We trust them to decide how, where and when they work, combining remote and collaborative working with a flexible approach to hours, giving them plenty of time and space for life outside of work whilst delivering against our business goals. In addition to the above benefits, you will receive a 10% colleague discount after 4 weeks, increasing to 15% on certain days. You are eligible for a performance‑related bonus up to 20% of salary. You receive an annual holiday allowance with the option to purchase additional days. Also available benefits include season ticket loans, interest‑free car loan up to £10k, cycle‑to‑work scheme, health cash plans, pay advance, employee assistance programme, private healthcare, and access to a wide range of discounts. The company also offers up to 26 weeks’ pay for maternity or adoption leave and up to 4 weeks’ pay for paternity leave.