Join to apply for the Senior Cyber Security Partner role at Tesco Technology

About the role

The position will be based at our Tesco Technology offices in London.

About the Security Partners team

We are the trusted security advisors for Tesco Technology, collaborating seamlessly with product and engineering teams to design and implement robust, resilient solutions that protect the business and customers from cyber threats.

The Role

As a Senior Security Partner, you will transform the security maturity of key product areas and teams, acting as the face of the security group in their context of product roadmap, risk acceptance, technology stack, and architecture.

You will be responsible for

• Provide product and engineering teams with direction and guidance on all security matters.
• Engage engineering leadership on security roadmap and oversee security posture of what they build.
• Co‑own the security roadmap, discuss, prioritise, and co‑develop plans for remediation for the product areas.
• Empower security champions to succeed and create a strong feedback loop for improvements.
• Represent security in all product and architecture meetings and be part of critical security decisions.
• Oversee product security activities from early development of security requirements, architecture reviews, threat modelling, strengthening application security, mitigating supply‑chain risks, securing secrets, pipelines, reviewing vulnerabilities, and infrastructure security.
• Perform security architecture reviews of third‑party services.
• Identify acceptable risk levels and assist with action plan, policy, and procedural changes for risk mitigation.
• Adopt a risk‑based approach and guide management in identifying business risks and their potential impact to Tesco.
• Continuously seek both tactical and strategic solutions to enhance security.
• Engage across the security group to strengthen controls across identification, protection, detection, response, and recovery.
• Oversee assurance activities such as security testing, purple testing, assurance, and auditing.
• Reduce security fatigue for engineering and provide faster feedback within existing developer workflows.
• Empower the teams you work with while challenging the status‑quo.
• Contribute to new ideas and initiatives across the security group.
• Strengthen organisational standards, policies, develop cookbooks, secure patterns, and take part in security research and tool evaluations.
• Mentor others in the team and help enhance their skills and career development.

You will need

• Experience across multiple sectors and diverse roles in engineering and security, with demonstrable accomplishments collaborating with leadership on security programmes.
• Good knowledge of various security domains and solid experience in architecture practices and design patterns.
• Experience designing security and privacy controls with understanding of standards and regulations.
• Experience in threat modelling, attack trees, vulnerability chaining, and applying MITRE ATT&CK framework.
• Strong understanding of web applications, REST APIs, micro‑services, eventing, modern application frameworks, and mobile apps.
• Understanding of software architecture, network topologies, SaaS, PaaS, and IaaS.
• Proficiency applying industry standards such as OWASP ASVS, OWASP Top 10, and CIS controls.
• Experience with cloud native and hybrid architectures, especially containers and Kubernetes.
• Some development experience is a plus – Java, cloud, Golang, python – to contextualise security implications on engineering velocity.
• Degree in computer science, information systems, engineering, or equivalent experience.
• Experience with regulations like GDPR and PCI‑DSS is desirable.
• Azure or AWS cloud security certifications are desirable.
• Excellent interpersonal and leadership skills.

What's in it for you?

• Annual bonus scheme of up to 20% of base salary.
• Holiday starting at 25 days plus a personal day and bank holidays.
• Private medical insurance.
• 26 weeks maternity and adoption leave at full pay after 1 year of service, followed by 13 weeks of statutory maternity or adoption pay; 4 weeks fully paid paternity leave.
• Free 24/7 virtual GP service, Employee Assistance Programme, and access to mental wellbeing experts.

About Us

Our vision at Tesco is to become every customer’s favourite way to shop, be everywhere, and act responsibly. We celebrate diversity and are committed to an inclusive workplace. We offer various working patterns across many areas, blending office and remote work.

Location

London, England, United Kingdom

Seniority level

Mid‑Senior level

Employment type

Full‑time

Job function

Engineering and Information Technology

Industries

Retail