Connecting to LinkedIn...

Security Engineering Manager - Cyber Platforms

Job Title: Security Engineering Manager - Cyber Platforms
Contract Type: Permanent
Location: Welwyn
Salary: Not Specified
Reference: WRT-2020-12-02-4AA189AEAD7C
Job Published: January 19, 2021 18:33

Job Description

Job Description

The Role - Security Engineering Manager for Cyber Platforms Security Engineering Managers establish and sustain the environment for Security Engineers to succeed. They build, develop and lead the continuous improvement of security engineering practises at Tesco with a motivated and capable team of Security Engineers. They are also responsible for the quality of advice and guidance given to Technology teams. The Security Engineering Manager for Cyber Platforms provides technical direction and advanced support for security products used across the organisation, responsible for the team and multiple tools and platforms that deliver key security capabilities. This will include researching, engineering, implementing and operating enterprise security products. This will also involve managing and improving platform security compliance, through automation, monitoring and alerting, SIEM integration, development and implementation of standards, procedures, and guidelines covering different platforms and devices. This role will suit an individual who enjoys working as part of a team, is well organised, pragmatic and a lateral thinker with an inquisitive mind. You should be motivated to make change for the better and, most importantly, put customers first.

You will be responsible for The following provides an overview of the role's responsibilities:

  • Represent the Technology Security team and assist other engineering teams in adhering to secure design principles.

  • Help teams deliver secure solutions using security skills and displaying a flexible agile approach by embracing emerging technologies.

  • Work closely and collaboratively with engineering and product teams.

  • Deliver innovation using past engineering experience to create and deliver solutions.

  • Use an appreciation of the DevSecOps philosophy of bringing culture, automation, lean, measurement and sharing into security.

  • Provide targeted application security requirements based on design, threats, industry best practices, and Tesco policies.

  • Empower delivery team resources by promoting application security awareness and standards through training, mentoring, and communities of best practice.

  • Influence delivery teams in the prioritisation of security activities and issue remediation.

  • Evaluate and recommend new and emerging application security products and technologies.

  • Support and lead on security incidents.

  • Drive adoption of new tools and techniques with an understanding of their value and impact.

  • Keep technical skills up to date and keep track of new technologies, understanding how they might benefit the Technology team and wider Tesco.

  • Share knowledge with the wider engineering community.

  • Lead and develop a high performing team., Our cyber security team are the eyes and ears of our organisation. We use the latest technologies to increase visibility and protection of systems, services and data. To do this we need to stay ahead of the latest threats and continuously improve our tooling, techniques, and processes. Responsible for developing and running security processes day-to-day for the Tesco Group, we're continually working to step change security capability to further enhance the protection and controls that we offer for our customers and colleagues across the UK, Europe and Asia, and we're looking to add great people to our growing team. We believe that skilled and passionate people are our greatest asset in reducing risk to our business and customers. We encourage and support continual development and learning, and recognise the importance of keeping up with changes in technology and an evolving threat landscape. Communication is key - working collaboratively with our software and systems engineering teams to support security throughout the development lifecycle, as well as to build proactive monitoring and responses to security events.

Candidate Description

Relevant Technical Skills:

  • A strong understanding of information and cyber security principles and best practices.

  • A demonstrable understanding of enterprise cyber security products, such as; anti-virus / anti-malware, endpoint detection and response, data loss prevention, secure email gateways, proxies, threat intelligence platforms and content providers (e.g. Symantec, Sophos, Proofpoint, Carbon Black, Forcepoint).

  • A strong understanding of Windows and Unix internals.

  • Ability to pick up new technology quickly, transferring skills and best practices when needed.

  • Ideally an ability to write small tools using scripting languages and general-purpose programming languages (e.g. Python).

  • Rest API's, automation, system integration and automated testing.

  • Cloud (e.g. AWS, Azure).

    Relevant Soft Skills:

  • Stakeholder management.

  • People management.

    Relevant Experience:

  • Experience leading and developing a team of engineers in a similar role.

  • Experience developing and maintaining working relationships with 3 rd party solution and service providers.

  • Previous experience working in a DevOps environment and building teams deliver secure code in an automated way.

  • Strong troubleshooting skills.

  • Extensive experience in the Information Technology field.

  • Ideally one of the following certifications: CEH, SANS GIAC, SSCP, CISSP, CSSLP.