Security Engineer III

Bengaluru, India

Tesco Bengaluru

At Tesco Bengaluru, over 4000+ colleagues are working towards living our purpose of serving our customers, communities, and planet.

View company page

Company Description

Tesco Bengaluru: We are a multi-disciplinary team creating a sustainable competitive advantage for Tesco by standardising processes, delivering cost savings, enabling agility, providing cutting-edge technological solutions and empowering our colleagues to do ever more for our customers.

With cross-functional expertise in Global Business Services and Retail Technology & Engineering, a wide network of teams and strong governance we reduce complexity thereby offering high quality services for our customers. Tesco Bengaluru, established in 2004 to enable standardisation and build centralised capabilities and competencies, makes the experience better for our millions of customers worldwide and simpler for over 4,40,000 colleagues.


Tesco Technology consists of people from a number of different backgrounds but having a common purpose to serve our shoppers a little better every day with our retail technological solutions.

We shared a common interest in harnessing innovations in technology to enhance their shopping experience at Tesco stores. Whether making products, software or systems, our teams focus on various aspects from taking strategic ownership of the architecture to delivering technological solutions such as design, testing, deployment, infrastructure, operation and security of the systems to ensure agile, smooth and safe operations.

These help us to deliver the maximum business impact. Teams refine their internal processes to best fit their own needs, working to build core capabilities in application and services. We collaborate globally across teams to build end-to-end customer-facing solutions, as well as to share knowledge, experience, tools and techniques.
At Tesco, inclusion means that Everyone's Welcome.

Everyone is treated fairly and with respect; by valuing individuality and uniqueness we create a sense of belonging.
Diversity and inclusion have always been at the heart of Tesco. It is embedded in our values: we treat people how they want to be treated. We always want our colleagues to feel they can be themselves at work and we are committed to helping them be at their best.
Across the Tesco group we are building an inclusive workplace, a place to actively celebrate the cultures, personalities and preferences of our colleagues who in turn help to build the success of our business and reflect the diversity of the communities we serve.

Job Description

The role This role is about transforming the way security is delivered within our engineering teams in Tesco Technology.

As our software and enterprise APIs continue the move to the cloud, we have different security challenges, and this role is to help teams navigate that change successfully.

The boundary between infrastructure and application has virtually disappeared and being secure means support through the entire SDLC – from the ideas phase into threat modelling during design, during development then through to production and ops. Developing strong security partnerships for Tesco Technology Security partnerships are about transforming the way security is delivered within our technology domains and software engineering teams.

We have different security challenges, and your role as a security partner is to actively champion positive security change within your product teams.

Job accountabilities On a day-to-day basis you will

• Provide engineering and product teams with direction and guidance for all security matters. There is a whole security organization to back you up, so that is not as scary as it sounds.

• Help product teams deliver new business features securely while balancing and clearly articulating technical and business risk.

• You will be expected to drive the deployment/integration of security capabilities into engineering teams within the product domain.

• You will drive security initiatives such as developing security requirements, threat modelling, strengthening application security, vulnerability reduction, etc., with the engineering teams.

• Reducing friction is paramount and we are all about fast feedback within existing workflows, not adding another console for a developer to check.

• Support teams in a collaborative manner in matters of mobile application, web application, cloud and data security, with threat modelling, risk treatment and security advice across all security domains. If you can raise a PR to resolve fix a security issue, do so.

• Facilitate risk remediation but also challenge decisions and status-quo

. • Facilitate in assurance activities like penetration testing, purple testing, app assurance.

• Build quarterly/monthly roadmaps for security activities and plan them.

• Be an evangelist for security, take part in strengthening Tesco’s internal policies and standards. Longer-term, the nature of the role also means you are expected to identify new problem spaces, propose fixes, engage across disciplines.

In other words, we want you to innovate and will give you the room to do so. If you can think of ways to do security, faster, more 3 accurately, with greater consistency and at scale while minimising friction, you will be supported all the way.

Qualifications

Cloud security; security architecture; devops; engineering practices; threat modelling; etc.

 

You will need To excel in this position, you need to bring the following:

• Solid security experience across common security domains – the technology might have changed but most of the security challenges have not.

• A thorough understanding of modern application development practices so that security capabilities can be introduced and embedded while minimizing developer friction

• Excellent interpersonal, facilitation, and leadership skills along with effective communication (both written and verbal) skills.

• Be able to provide security guidance to engineering teams throughout the product development lifecycle.

• Be able to develop threat models, attack trees, and embed security by design in product engineering effort.

• Good understanding of web technologies, REST APIs, micro services, modern application development, and mobile apps.

• Good understanding of software architecture, dev-sec-ops, and network security.

• Experience in browser security or mobile app security is desirable.

• Good understanding of industry standards such as OWASP ASVS, OWASP Top-10, CIS benchmarks.

• Hands-on experience with complex Azure and AWS architectures with an emphasis on containerized workloads.

• Command-line/API experience is highly desirable as security automation is a strategic priority.

• Some coding experience in something is always a plus - Java, HTML, JavaScript. You do not need to “be a developer” but you do need to understand the implications of security on engineering velocity.

• Knowledge of and experience with PCI-DSS will be desirable.

• A minimum of 5 years of experience in security engineering or closely related areas.

• Bachelor’s degree in computer science / information systems or engineering discipline.

• Azure or AWS cloud security certifications (preferred)

Additional Information

Important Notice: 

On behalf of Tesco Bengaluru, we must caution all job seekers and educational institutions that Tesco Bengaluru does not authorise any third parties to release employment offers or conduct recruitment drives via a third party. Hence, beware of inauthentic and fraudulent job offers or recruitment drives from any individuals or websites purporting to represent Tesco. Further, Tesco Bengaluru does not charge any fee or other emoluments for any reason (including without limitation, visa fees) or seek compensation from educational institutions to participate in recruitment events. 

Accordingly, please check the authenticity of any such offers before acting on them and where acted upon, you do so at your own risk. Tesco Bengaluru shall neither be responsible for honouring or making good the promises made by fraudulent third parties, nor for any monetary or any other loss incurred by the aggrieved individual or educational institution. 

In the event that you come across any fraudulent activities in the name of Tesco Bengaluru, please feel free report the incident at recruitment_compliance_india@tesco.com 

Apply now Apply later
  • Share this job via
  • or

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Agile APIs Application security Automation AWS Azure Cloud Computer Science DevOps Governance Java JavaScript Network security OWASP Pentesting SDLC

Perks/benefits: Competitive pay Team events

Region: Asia/Pacific
Country: India
Job stats:  9  0  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.