Security Engineering Analyst

Salary is up to £45000 + Benefits.

Location – Edinburgh or Newcastle or Glasgow, Permanent

Flexible hybrid working available - to be considered for this position you must be within commutable distance to either office, as you may be required to attend the office at short notice.

Applications close 18/04 at 5pm & Interviews will be held from 22/04.

Following the announcement regarding Tesco's' strategic partnership with Barclays, this role will support our banking business and will transfer to Barclay's UK towards the end of 2024, subject to regulatory approval. Please note, the transfer date may change.

A career that works for you

We’re looking for a Security Engineering Analyst

As a junior member of the Vulnerability Management and Assurance team, you will be specialising in vulnerabilities and weaknesses across the bank’s IT estate – you will be able to rely on peers to help understand deeply technical topics and interpret the situation at the business level. Our team is responsible for detecting, tracking, and advising on vulnerabilities to protect the Bank and our customers.

Everyone’s welcome.

We want all our colleagues to always feel welcome and be themselves at Tesco Bank. We’re committed to building a more inclusive workplace and celebrating everything that makes colleagues unique, and value the richness and diversity this brings to our business. A more diverse business helps us deliver on our purpose to serve our customers, communities, and planet a little better every day.

What you’ll be doing

• Assurance & Consultancy for proposed changes to the bank’s systems.
• Scoping and arranging pragmatic assessments and penetration tests.
• Vulnerability Scanning & Compliance Benchmarking of all our assets.
• Managing vulnerability and non-compliance data, driving improvements across the bank; and
• Advising system owners, risk teams, and senior stakeholders.

We don’t expect you to tick every box, and if you feel you hit most of the brief, it’s worth exploring to further develop your career here with us at Tesco Bank.

We need you to have

• Technical understanding of vulnerabilities and a familiarity with the attacker mindset.
• Familiarity with a range of security assessment types and ambition to decide, scope, and arrange pragmatic security tests to be carried out by our panel of security vendors.
• Strong understanding of security best practices and anti-patterns; and
• Great communication abilities with technical and non-technical colleagues across the bank to build working relationships with other teams, spread awareness of security, and help the bank achieve required levels of protection and governance.

And if you have any of these, even better.

• Understanding of Agile practices and effectively employing the principles in a real-life workplace to improve the team’s service.
• Experience in offensive IT Security tooling and practices (e.g. experience in pentesting, HackTheBox, TryHackMe, …)
• Understanding of current and past OWASP Top 10s (web/API/mobile), CVSSv2 and CVSSv3, MITRE ATT&CK, and NIST Framework.
• IT Security related achievements, publications, certifications, and other credentials.

What’s in it for you

• Embrace the benefits of our Colleague Clubcard, enjoy a 10% discount that increase to 15% every payday. As an added perk, we’ll give you a second card to share with someone else.
• Virtual GP Service for you and your family 365 days a year.
• Indulge in a generous holiday allowance with a minimum of 7.2 weeks, with the opportunity to buy more.
• Embrace our family-oriented initiatives, encompassing enhanced maternity leave pay, a shared parental leave policy, and a generous 8-week paid paternity leave.
• Prepare for your retirement with our colleague pension scheme.
• Opportunity to develop your career.