About The Cyber Security Team
Our cyber security team are the eyes and ears of our organisation. We use the latest technologies to increase visibility and protection of systems, services and data. To do this we need to stay ahead of the latest threats and continuously improve our tooling, techniques, and processes.
Responsible for developing and running security processes day-to-day, we're continually working to step change security capability to further enhance the protection and controls that we offer for our customers and colleagues across the UK, Europe and Asia, and we're looking to add great people to our growing team.
We believe that skilled and passionate people are our greatest asset in reducing risk to our business and customers. We encourage and support continual development and learning and recognise the importance of keeping up with changes in technology and an evolving threat landscape.
Communication is key - working collaboratively with our software and systems engineering teams to support security throughout the development life cycle, as well as to build proactive monitoring and responses to security events.
The Role - Security Engineering Manager
Security Engineering Managers establish and sustain the environment for Security Engineers to succeed. They drive continuous improvement of security engineering practises by managing a motivated and capable team of Security Engineers. They are responsible for the quality of advice and guidance given to Technology teams.
- Represent the Technology Security team and assist other engineering teams in adhering to secure design principles.
- Help teams deliver secure solutions using my team and security skills and also displaying a flexible agile approach by embracing emerging technologies, all working together in a robust technical ecosystem.
- Work closely and collaboratively with a large number of engineering and product teams
- Evaluate technology to ensure adherence to existing standards and technical integration with current capabilities
- Be a problem solver using past engineering experience to create and deliver innovative solutions
- Use my appreciation of the DevSecOps philosophy of bringing Culture, Automation, Lean, Measurement and Sharing into security at the same time as advising on how to embed security into DevOps tooling and processes
- Provide hands on direction during the design and development of applications utilising a threat-based approach to support the business strategy.
- Collaborate closely with colleagues within the wider global Technology Security organisation and technology departments as well as the business to establish effective, productive relationships
- Assist with the creation, adoption, and maturation of threat modelling and application security requirements functions and processes.
- Coordinate and execute threat modelling activities during agile iterations.
- Provide targeted application security requirements based on design, threats, industry best practices, and Tesco specific policy.
- Empower delivery team resources by promoting application security awareness and standards through training, mentoring, and communities of best practice.
- Influence delivery teams in the prioritisation of security activities and issue remediation.
- Evaluate and recommend new and emerging application security products and technologies
- Perform manual code reviews, open source software evaluations, and tests as needed.
- Am involved in and may lead incidents which occur on our systems with regards to technology security.
- Drive adoption of new tools and techniques being able to understand their value and impact.
- Keep my technical skills up to date and keep track of new technologies, understanding how they might benefit the Technology team
- Share knowledge with the wider engineering community.
- Establish and maintain the right team and processes to continually deliver quality advice and engagements.
- Have accountability for ensuring the team deliver on their commitments.
- Champion continuous improvement within the department.
- Communicate clear objectives and career path for the team members.
- Monitor and appraise colleague performance and take appropriate action.
- Facilitate and support the development of individuals.
- Lead and mentor/develop teams containing experienced individuals.
- Recognise and nurture talent.
- Create space for the whole team to innovate.
Relevant Technical Skills
- Previous experience with a Web Application Scanners (WAS) e.g. Qualys /Nessus (Tennable.io), Netsparker, etc
- Knowledge and experience with pen testing tools such as Nmap, Kali Linux, Metasploit
- Ideally an ability to write small tools using one of Python, Ruby, Go, Perl, PHP etc.
- Technical skills as appropriate to specialism
- Agile approach
- Ideally have experience in Cloud architectures and engineering solutions to meet needs in the cloud.
Relevant Soft Skills
- Stakeholder management
- People management
- Technical hands on exposure to the various security products within an Enterprise environment (e.g. SAST).
- Previous experience working in a DevOps environment and building teams deliver secure code in an automated way.
- Strong troubleshooting skills.
- Extensive experience in the Information Technology field.
- Ideally one or more of the following certifications: Security+, CEH, SANS GIAC, SSCP, CISSP, CSSLP, CISA, CISM.