Senior Cyber Security Partner
Tesco
Senior Cyber Security Partner
Job Description
You build a comprehensive understanding of the threat landscape and its potential risks to the business. Through effective partnership; you engage the leadership to make well-informed decisions about security and privacy. Following our Business Code of Conduct and always acting with integrity and due diligence and have these specific risk responsibilities:
• Provide product and engineering teams with direction and guidance on all security matters. There is a whole security
group to back you up; so it is not as scary as it sounds.
• Engage engineering leadership on security roadmap and oversee security posture of what they build.
• Co-own the security roadmap; discuss; prioritise; and co-develop plans for remediation for the product areas.
• Empower security champions to succeed and creating a strong feedback loop for improvements.
• Represent security in all product and architecture meet-ups. Be part of critical decisions about security.
• Oversee product security activities; from the early development of security requirements; architecture reviews; and
threat modelling; to strengthening application security; mitigating supply-chain risks; securing secrets; pipelines;
reviewing vulnerabilities; and infrastructure security.
• Perform security architecture reviews of third-party services.
• Identify acceptable risk levels and assist with action plan; policy; and procedural changes for risk mitigation.
• Adopt a risk-based approach and guide management in identifying business risks and potential impact to Tesco.
Continuously seek both tactical and strategic solutions to enhance security.
• As the security expert for the product area; engage across the security group to strengthen controls across
identification; protection; detection; response; and recovery.
• Oversee assurance activities like security testing; purple testing; assurance; auditing.
• Reduce security fatigue for engineering and provide faster feedback within existing developer workflows; not adding
another tool for them to check.
• Empower the teams you work with; but also challenge the status-quo.
• As a senior member of the team; engage across the security group on new ideas and initiatives.
• Contribute to strengthen organisation standards and policies; develop cookbooks; secure patterns; take part in
security research and tool evaluations.
• You are committed to continuous improvement; seizing opportunities; and inspire change for the team.
• Mentor others in the team and take part in enhancing their skills and career development. To excel in this position, we expect you to have the following:
• Possess experience across multiple sectors and have undertaken diverse roles in engineering and security.
Demonstratable accomplishments of collaborating with leadership and management on security programmes and initiatives.
• Good knowledge of various security domains, and solid experience in architecture practices and design patterns – the technology might have changed but most of the security challenges have not.
• Experience in designing security and privacy controls with sound understanding of standards and regulation.
• Experience in threat modelling, attack trees, vulnerability chaining, applying MITRE ATT&CK framework.
• Good understanding of web applications, REST APIs, micro services, eventing, modern application frameworks, and mobile apps.
• Good understanding of software architecture, network topologies, SaaS, PaaS, IaaS (infrastructure as a service).
• Proficient in applying industry standards such as OWASP ASVS (Application Security Verification Standard), OWASP Top
10, CIS (Centre of Internet Security) controls and benchmarks.
• Experience with cloud native and hybrid architectures with an emphasis on containerised workloads and Kubernetes.
• Some development experience is always a plus - Java, cloud, Golang, python. You do not need to “be a developer” but we need you to understand the implications of security on engineering velocity.
• Degree in computer science / information systems or engineering field, or equivalent experience.
• Experience with regulations like GDPR (General Data Protection Regulation), PCI-DSS is desirable.
• Azure or AWS (Amazon Web Services) cloud security certifications is desirable.
• Excellent interpersonal skills and leadership skills.
Tesco in Bengaluru is a multi-disciplinary team serving our customers, communities, and planet a little better every day across markets. Our goal is to create a sustainable competitive advantage for Tesco by standardising processes, delivering cost savings, enabling agility through technological solutions, and empowering our colleagues to do even more for our customers. With cross-functional expertise, a wide network of teams, and strong governance, we reduce complexity, thereby offering high-quality services for our customers.
Tesco in Bengaluru, established in 2004 to enable standardisation and build centralised capabilities and competencies, makes the experience better for our millions of customers worldwide and simpler for over 3,30,000 colleagues
Tesco Technology
Today, our Technology team consists of over 5,000 experts spread across the UK, Poland, Hungary, the Czech Republic, and India. In India, our Technology division includes teams dedicated to Engineering, Product, Programme, Service Desk and Operations, Systems Engineering, Security & Capability, Data Science, and other roles.
At Tesco, our retail platform comprises a wide array of capabilities, value propositions, and products, essential for crafting exceptional retail experiences for our customers and colleagues across all channels and markets. This platform encompasses all aspects of our operations – from identifying and authenticating customers, managing products, pricing, promoting, enabling customers to discover products, facilitating payment, and ensuring delivery. By developing a comprehensive Retail Platform, we ensure that as customer touchpoints and devices evolve, we can consistently deliver seamless experiences. This adaptability allows us to respond flexibly without the need to overhaul our technology, thanks to the creation of capabilities we have built.
At Tesco, inclusion is at the heart of everything we do. We believe in treating everyone fairly and with respect, valuing individuality to create a true sense of belonging. It’s deeply embedded in our values — we treat people how they want to be treated. Our goal is to ensure all colleagues feel they can be themselves at work and are supported to thrive. Across the Tesco group, we are building an inclusive workplace that celebrates the diverse cultures, personalities, and preferences of our colleagues — who, in turn, reflect the communities we serve and drive our success.
At Tesco India, we are proud to be a Disability Confident Committed Employer, reflecting our dedication to creating a supportive and inclusive environment for individuals with disabilities. We offer equal opportunities to all candidates and encourage applicants with disabilities to apply. Our fully accessible recruitment process includes reasonable adjustments during interviews - just let us know what you need. We are here to ensure everyone has the chance to succeed.
We believe in creating a work environment where you can thrive both professionally and personally. Our hybrid model offers flexibility - spend 60% of your week collaborating in person at our offices or local sites, and the rest working remotely. We understand that everyone’s journey is different, whether you are starting your career, exploring passions, or navigating life changes. Flexibility is core to our culture, and we’re here to support you. Feel free to talk to us during your application process about any support or adjustments you may need.
Locations
- Bengaluru, Karnataka, India
Salary
600,000 - 1,500,000 INR / yearly
Source: ai estimated
* This is an estimated range based on market data and may vary based on experience and qualifications.
Skills Required
- build a comprehensive understanding of the threat landscapeintermediate
- effective partnership with leadershipintermediate
- risk-based approachintermediate
- security architecture reviewsintermediate
- identify acceptable risk levelsintermediate
Responsibilities
- transform the security maturity of key product areas and teams
- provide product and engineering teams with direction and guidance on all security matters
- engage engineering leadership on security roadmap and oversee security posture
- co-own the security roadmap, discuss, prioritise, and co-develop plans for remediation
- empower security champions
- represent security in all product and architecture meet-ups
- oversee product security activities from early development to infrastructure security
- perform security architecture reviews of third-party services
- assist with action plan, policy, and procedural changes for risk mitigation
- guide management in identifying business risks
Tags & Categories
Answer 10 quick questions to check your fit for Senior Cyber Security Partner @ Tesco.
Senior Cyber Security Partner
Tesco
Senior Cyber Security Partner
Job Description
You build a comprehensive understanding of the threat landscape and its potential risks to the business. Through effective partnership; you engage the leadership to make well-informed decisions about security and privacy. Following our Business Code of Conduct and always acting with integrity and due diligence and have these specific risk responsibilities:
• Provide product and engineering teams with direction and guidance on all security matters. There is a whole security
group to back you up; so it is not as scary as it sounds.
• Engage engineering leadership on security roadmap and oversee security posture of what they build.
• Co-own the security roadmap; discuss; prioritise; and co-develop plans for remediation for the product areas.
• Empower security champions to succeed and creating a strong feedback loop for improvements.
• Represent security in all product and architecture meet-ups. Be part of critical decisions about security.
• Oversee product security activities; from the early development of security requirements; architecture reviews; and
threat modelling; to strengthening application security; mitigating supply-chain risks; securing secrets; pipelines;
reviewing vulnerabilities; and infrastructure security.
• Perform security architecture reviews of third-party services.
• Identify acceptable risk levels and assist with action plan; policy; and procedural changes for risk mitigation.
• Adopt a risk-based approach and guide management in identifying business risks and potential impact to Tesco.
Continuously seek both tactical and strategic solutions to enhance security.
• As the security expert for the product area; engage across the security group to strengthen controls across
identification; protection; detection; response; and recovery.
• Oversee assurance activities like security testing; purple testing; assurance; auditing.
• Reduce security fatigue for engineering and provide faster feedback within existing developer workflows; not adding
another tool for them to check.
• Empower the teams you work with; but also challenge the status-quo.
• As a senior member of the team; engage across the security group on new ideas and initiatives.
• Contribute to strengthen organisation standards and policies; develop cookbooks; secure patterns; take part in
security research and tool evaluations.
• You are committed to continuous improvement; seizing opportunities; and inspire change for the team.
• Mentor others in the team and take part in enhancing their skills and career development. To excel in this position, we expect you to have the following:
• Possess experience across multiple sectors and have undertaken diverse roles in engineering and security.
Demonstratable accomplishments of collaborating with leadership and management on security programmes and initiatives.
• Good knowledge of various security domains, and solid experience in architecture practices and design patterns – the technology might have changed but most of the security challenges have not.
• Experience in designing security and privacy controls with sound understanding of standards and regulation.
• Experience in threat modelling, attack trees, vulnerability chaining, applying MITRE ATT&CK framework.
• Good understanding of web applications, REST APIs, micro services, eventing, modern application frameworks, and mobile apps.
• Good understanding of software architecture, network topologies, SaaS, PaaS, IaaS (infrastructure as a service).
• Proficient in applying industry standards such as OWASP ASVS (Application Security Verification Standard), OWASP Top
10, CIS (Centre of Internet Security) controls and benchmarks.
• Experience with cloud native and hybrid architectures with an emphasis on containerised workloads and Kubernetes.
• Some development experience is always a plus - Java, cloud, Golang, python. You do not need to “be a developer” but we need you to understand the implications of security on engineering velocity.
• Degree in computer science / information systems or engineering field, or equivalent experience.
• Experience with regulations like GDPR (General Data Protection Regulation), PCI-DSS is desirable.
• Azure or AWS (Amazon Web Services) cloud security certifications is desirable.
• Excellent interpersonal skills and leadership skills.
Tesco in Bengaluru is a multi-disciplinary team serving our customers, communities, and planet a little better every day across markets. Our goal is to create a sustainable competitive advantage for Tesco by standardising processes, delivering cost savings, enabling agility through technological solutions, and empowering our colleagues to do even more for our customers. With cross-functional expertise, a wide network of teams, and strong governance, we reduce complexity, thereby offering high-quality services for our customers.
Tesco in Bengaluru, established in 2004 to enable standardisation and build centralised capabilities and competencies, makes the experience better for our millions of customers worldwide and simpler for over 3,30,000 colleagues
Tesco Technology
Today, our Technology team consists of over 5,000 experts spread across the UK, Poland, Hungary, the Czech Republic, and India. In India, our Technology division includes teams dedicated to Engineering, Product, Programme, Service Desk and Operations, Systems Engineering, Security & Capability, Data Science, and other roles.
At Tesco, our retail platform comprises a wide array of capabilities, value propositions, and products, essential for crafting exceptional retail experiences for our customers and colleagues across all channels and markets. This platform encompasses all aspects of our operations – from identifying and authenticating customers, managing products, pricing, promoting, enabling customers to discover products, facilitating payment, and ensuring delivery. By developing a comprehensive Retail Platform, we ensure that as customer touchpoints and devices evolve, we can consistently deliver seamless experiences. This adaptability allows us to respond flexibly without the need to overhaul our technology, thanks to the creation of capabilities we have built.
At Tesco, inclusion is at the heart of everything we do. We believe in treating everyone fairly and with respect, valuing individuality to create a true sense of belonging. It’s deeply embedded in our values — we treat people how they want to be treated. Our goal is to ensure all colleagues feel they can be themselves at work and are supported to thrive. Across the Tesco group, we are building an inclusive workplace that celebrates the diverse cultures, personalities, and preferences of our colleagues — who, in turn, reflect the communities we serve and drive our success.
At Tesco India, we are proud to be a Disability Confident Committed Employer, reflecting our dedication to creating a supportive and inclusive environment for individuals with disabilities. We offer equal opportunities to all candidates and encourage applicants with disabilities to apply. Our fully accessible recruitment process includes reasonable adjustments during interviews - just let us know what you need. We are here to ensure everyone has the chance to succeed.
We believe in creating a work environment where you can thrive both professionally and personally. Our hybrid model offers flexibility - spend 60% of your week collaborating in person at our offices or local sites, and the rest working remotely. We understand that everyone’s journey is different, whether you are starting your career, exploring passions, or navigating life changes. Flexibility is core to our culture, and we’re here to support you. Feel free to talk to us during your application process about any support or adjustments you may need.
Locations
- Bengaluru, Karnataka, India
Salary
600,000 - 1,500,000 INR / yearly
Source: ai estimated
* This is an estimated range based on market data and may vary based on experience and qualifications.
Skills Required
- build a comprehensive understanding of the threat landscapeintermediate
- effective partnership with leadershipintermediate
- risk-based approachintermediate
- security architecture reviewsintermediate
- identify acceptable risk levelsintermediate
Responsibilities
- transform the security maturity of key product areas and teams
- provide product and engineering teams with direction and guidance on all security matters
- engage engineering leadership on security roadmap and oversee security posture
- co-own the security roadmap, discuss, prioritise, and co-develop plans for remediation
- empower security champions
- represent security in all product and architecture meet-ups
- oversee product security activities from early development to infrastructure security
- perform security architecture reviews of third-party services
- assist with action plan, policy, and procedural changes for risk mitigation
- guide management in identifying business risks
Tags & Categories
Answer 10 quick questions to check your fit for Senior Cyber Security Partner @ Tesco.