Cyber Security Partner (II)

As a Cyber Security Partner; you will transform the security maturity of key product areas and teams. You will be the face of security group for them. Everything you do is in the context of the product; roadmap; its risk acceptance level; the technology stack; and its architecture. You build a comprehensive understanding of the threat landscape and its potential risks to the business. Through effective partnership, you engage the leadership to make well-informed decisions about security and privacy. About our Security Partnering team: We are a team of 15+ individuals and continuing to grow. Our team aids Tesco technology and software development teams with groundbreaking technologies across cloud and other innovative platforms at scale. We have a new role to lead security partnerships to drive and be responsible for security initiatives for an engineering domain. Tesco technology comprises of several domains and over 120 teams developing software who are responsible for their own security, so we act differently than a traditional security team. We’re team of security partners, not security police. We go as far as calling ourselves as Security Partners, not Security Architects or Consultants. Security Partnering team is part of Security & Capability group that offers the enterprise with various security solutions and capabilities. Our software engineering teams have tremendous freedom in their work and the corresponding responsibility to do the right thing for our customers. Instead of controlling our engineering teams with process and security gates, we enable them to innovate by providing security mentorship to make right decisions for Tesco. The good news is that our engineering teams are (usually) willing partners in doing better security, more efficiently and earlier in the process. We want you to help us scale out and represent ourselves for the wider engineering domain. Tesco has fully embraced DevOps and agile methodologies to develop our enterprise APIs, services and cloud capabilities. Our 100+ delivery teams have loads of Docker, Kubernetes and microservices galore across Azure and AWS, so our security approach must work with elastic, here today, gone tomorrow infrastructure. Our security approaches should be event-driven, real-time and effective. Weekly scans are so 2010. Build a good understanding of the aligned verticals, the technology architecture, the criteria and constraints, the security posture and technical debts. Understand the threat landscape and take a risk-based approach on security. Drive security initiatives such as developing security requirements, threat modelling, strengthening application security, vulnerability reduction, etc., across that product areas. Review architecture and design for security problems, indulge in enabling software development teams to use security capabilities and tooling provided by Tesco. Be ready to review critical code, build pipelines, deployment methods, etc and assist teams in doing better security overall. Apply security and privacy principles in your daily job. Facilitate risk remediation but also challenge decisions and status-quo. Facilitate in assurance activities like penetration testing, purple testing, app assurance. Develop quarterly/monthly plans for security activities and collaborate on them with team members. Be an evangelist for security, take part in strengthening Tesco\’s internal policies and standards. Strong written and verbal communication skills. Strong problem solving, analysis and computational skills. Drive tactical vs. strategic decision making. Be an advocate for change. Work experience in customer-facing solutions, web technologies, payment systems, content delivery networks, REST APIs, micro services, modern application development. Understand every-growing threat landscape and identify business risks. Good understanding of public cloud services and various architecture patterns. Good understanding of software, network and infrastructure security. Deeper understanding of application security and DevSecOps (the shift-left culture) General security principles, privacy principles, industry standards such as NIST, ISO27001, CIS, MITRE framework. Preferred Azure or AWS cloud security certifications What’s in it for you Package Description Our vision at Tesco is to become every customer\’s favourite way to shop, whether they are at home or out on the move. Our core purpose is ‘Serving our customers, communities and planet a little better every day’. Serving means more than a transactional relationship with our customers. It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of and for the planet. We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves. At Tesco, we not only celebrate diversity, but recognise the value and opportunity it brings. We\’re committed to creating a workplace where differences are valued, and make sure that all colleagues are given the same opportunities. We’re proud to have been accredited Disability Confident Leader and we’re committed to providing a fully inclusive and accessible recruitment process. For further information on the accessibility support we can offer, please click here. We’re a big business and we can offer a range of diverse full-time & part-time working patterns across our many business areas, which means that we can find something that works for you. We work in a more blended pattern – combining office and remote working. Our offices will continue to be where we connect, collaborate and innovate. If you are applying internally, please speak to the Hiring Manager about how this can work for you – Everyone is welcome at Tesco. #J-18808-Ljbffr