Job Description
Application Security Engineer
About The Cyber Security Team
Our cyber security team are the eyes and ears of our organisation. We use the newest technologies to increase visibility and protection of systems, services, and data. To do this we need to stay ahead of the latest threats and continuously improve our tooling, techniques, and processes.
Responsible for developing and running security processes day-to-day for the Tesco Group, we’re continually working to step change security capability to further enhance the protection and controls that we offer for our customers and colleagues across the UK, Europe and Asia, and we’re looking to add phenomenal people to our growing team.
We believe that skilled and passionate people are our greatest asset in reducing risk to our business and customers. We encourage and support continual development, learning, and recognise the importance of keeping up with changes in technology and an evolving threat landscape.
Communication is key – working collaboratively with our software and systems engineering teams to support security throughout the development lifecycle, as well as to build proactive monitoring and responses to security events.
An exciting opportunity to join a leading Technology company and play an influential part in their continued dedication to Application Security.
Security Engineers play major and leading role in protecting Tesco against security risks, with influence to implement innovative measures to minimise exposures and vulnerabilities. Whether engineering a system to address a technical security hurdle, protecting our customers' data, or consulting on a wide range of security topics, you are empowered to engage and lead multi-functionally.
You will have a systems engineering / administration background with a passion for security and a goal of moving a more security focussed role.
In this role, you would be working alongside experienced application security engineers to identify gaps in software engineering practices and recommend appropriate streamlined security solutions that fit with their existing ways of working.
In this role, you can expect to:
- Help identify gaps in software engineering practices and select appropriate application security tooling that fits within their software development practices
- Work using agile practices I.e. scrum
- Help deliver training on our core application security products to both security and engineering teams
- Write and deliver easy to consume wiki content on the application security products we provide to the business
- Promote security best practices across the business
- Help build automation and monitoring to enforce security policies and detect threats
- Help build safe-by-default guardrails for engineers to use
Core Technical Skills
- Proficient in at least one scripting or programming language: Python, JavaScript, Java
- Experience of supporting, administering, and building cloud infrastructure (preferably Azure)
- Experience configuring at least one continuous integration tool i.e. Jenkins, GitHub Actions, Azure DevOps
- Proven experience operating & administrating Linux distributions, including RHEL, Ubuntu & CentOS
- Understanding of containerization and container orchestration (Docker & Kubernetes)
- Strong operations & technical troubleshooting experience
Good to haves:
- Understanding of the SDLC and some of the common tools, including JIRA, Git, GitHub, and Nexus
- Good understanding of architecture and design principles
- Understanding of common Application Security Tooling (SCA/SAST/DAST/IaC Security)
- Knowledge of OWASP Top 10, Mitre Top 25 and CVSS frameworks, mapping to business risk
Soft Skills
- A good communicator with proven written and verbal communication skills.
- A team player who is not afraid to get stuck in and work collaboratively.