On a day-to-day basis you will
- Provide engineering and product teams with direction and guidance for all security matters. There is a whole security organisation to back you up; so that is not as scary as it sounds.
- Help product teams deliver new business features securely while balancing and clearly articulating technical and business risk.
- You will be expected to drive the deployment/integration of security capabilities into engineering teams within the product domain.
- You will drive security initiatives such as developing security requirements; threat modelling; strengthening application security; vulnerability reduction; etc.; with the engineering teams.
- Reducing friction is paramount and we are all about fast feedback within existing workflows; not adding another console for a developer to check.
- Support teams in a collaborative manner in matters of mobile application; web application; cloud and data security; with threat modelling; risk treatment and security advice across all security domains. If you can raise a PR to resolve fix a security issue; do so.
- Facilitate risk remediation but also challenge decisions and status-quo.
- Facilitate in assurance activities like penetration testing; purple testing; app assurance.
- Build quarterly/monthly roadmaps for security activities and plan them.
- Be an evangelist for security; take part in strengthening Tesco’s internal policies and standards.
Requirements
•Solid security experience across common security domains – the technology might have changed but most of the security challenges have not.
•A thorough understanding of modern application development practices so that security capabilities can be introduced and embedded while minimising developer friction.
•Excellent interpersonal; facilitation; and leadership skills along with effective communication (both written and verbal) skills.
•Be able to provide security guidance to engineering teams throughout the product development lifecycle.
•Be able to develop threat models; attack trees; and embed security by design in product engineering effort.
•Good understanding of web technologies; REST APIs; micro services; modern application development; and mobile apps.
•Good understanding of software architecture; dev-sec-ops; and network security.
Tesco Bengaluru
Tesco Bengaluru is a multi-disciplinary team creating a sustainable competitive advantage for Tesco by standardising processes, delivering cost savings, enabling agility, providing cutting-edge technological solutions and empowering our colleagues to do ever more for our customers
Other jobs at Tesco Bengaluru
Notifications about similar jobs
Get notifications to your inbox about new jobs that are similar to this one.
No spam. No ads. Unsubscribe anytime.
Similar jobs