Head of Security Engineering – Application Security & Security Testing

Tesco Technology's Security Engineering function is responsible for proactively identifying and mitigating risks across our technology estate. As Head of Security Engineering - Application Security & Testing, you will lead a multi-disciplinary function that spans vulnerability management, application security engineering, and adversarial testing. You will be accountable for delivering full-stack security assurance—from code to infrastructure—through a blend of engineering innovation and operational excellence.

Why This Role Matters

This is a pivotal leadership role within Tesco Technology, shaping how we secure our platforms and products. You will be at the forefront of driving innovation in security engineering, ensuring Tesco remains resilient against evolving threats while enabling safe and secure technology delivery.

What is in it for you

• Annual bonus scheme of up to 45% of base salary
• Car allowance of £7,320 per annum
• Holiday starting at 25 days plus a personal day (plus Bank holidays)
• Private medical insurance
• Retirement savings plan - save between 6% - 10% and Tesco will contribute 1.5 times this amount
• 26 weeks maternity and adoption leave (after 1 years' service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 6 weeks fully paid paternity leave

You will be responsible for Key Responsibilities

Leadership & Team Management

• Lead three Security Engineering Managers and their teams (approx. 20+ engineers), plus a Principal Security Engineer/Architect.
• Foster collaboration across teams focused on:

• External attack surface management and bug bounty operations.
• Application security engineering (SAST, SCA, GenAI solutions, ASPM, threat modelling).
• Penetration testing and adversarial simulation (red/purple team strategy).

Security Engineering & Testing

• Oversee the design, deployment, and operation of tools and solutions that identify vulnerabilities across the full stack-code, applications, infrastructure, packages, and external assets.
• Ensure robust security testing capabilities are in place to support business projects and strategic initiatives.
• Drive continuous improvement in testing methodologies, coverage, and automation.

Strategic Execution

• Translate strategic goals into actionable plans under Tesco's Tech Excellence programme.
• Monitor delivery progress, operational metrics, and team performance.
• Ensure alignment with broader security and technology objectives.

Cross-Functional Collaboration

• Work closely with peers including the Heads of Security Partnerships, Cyber Defence, and Platform Security Architecture.
• Partner with Product and Programme teams to embed security into delivery pipelines.
• Act as a key point of contact for senior stakeholders across Tesco Technology.

You will need

• Proven experience leading large-scale security engineering functions.
• Deep technical expertise in vulnerability management, application security, and adversarial testing.
• Strong understanding of secure development practices and modern engineering tooling.
• Experience with ASPM platforms, threat modelling, and GenAI-driven security solutions.
• Ability to balance strategic thinking with hands-on execution.
• Excellent communication and stakeholder engagement skills.
• Familiarity with operational metrics and performance tracking.

About us

Our vision at Tesco is to become every customer's favourite way to shop, whether they are at home or out on the move. Our core purpose is 'Serving our customers, communities and planet a little better every day'. Serving means more than a transactional relationship with our customers. It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of and for the planet. We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves. At Tesco, we not only celebrate diversity, but recognise the value and opportunity it brings. We're committed to creating a workplace where differences are valued, and make sure that all colleagues are given the same opportunities. We're proud to have been accredited Disability Confident Leader and we're committed to providing a fully inclusive and accessible recruitment process.

We're a big business and we can offer a range of diverse full-time & part-time working patterns across our many business areas, which means that we can find something that works for you. We work in a more blended pattern - combining office and remote working. Our offices will continue to be where we connect, collaborate and innovate. If you are applying internally, please speak to the Hiring Manager about how this can work for you - Everyone is welcome at Tesco.