Monday , October 19 2020

Sainsburys Job Vacancies – Senior Information Security Tester


Job Description:

The big question: why on earth should a Tech professional like you work for a 150-year-old retail chain? Because we’re on a journey. Changing the way we operate. Learning to think nimble. Giving our teams the time and freedom they need to push boundaries. To create amazing systems and technologies. To give our colleagues and our customers even more incredible experiences.There are thousands of experts to talk to and learn from. We’ve got data from billions of transactions for our teams to play with. Things get built here. They get made here. They hit customers and colleagues quickly. Welcome to the home of Sainsbury’s Tech.

Job Responsibilities:

  • Manage internal security assurance for internally developed applications within a DevOps environment
  • Responsible for ensuring that vulnerabilities identified via internal scanning programme, Internal or external penetration testing are suitably mitigated and any residual risks are documented and formally accepted
  • Conduct Information Security Risk Assessments using the Information Security Risk Management Process
  • Ensures the benefits of Information security and concept of risks is understood by all colleagues
  • Pro-actively manages security risk assessments and mitigation plans to address risks within agreed timescales, evaluating business impact
  • Manage the internal vulnerability scanning programme to ensure that scans are planned and carried out in a timely manner
  • Responsible for performing internal security testing, including detailed and actionable reporting
  • Provides advice and guidance associated with the planning, design, implementation and improvement of system security taking account of current best practice, legislation and regulation
  • Works with Sainsbury’s Legal team to ensure Data protection regulation is supported by all IT systems and processes
  • Reports effectiveness of information security against industry standards and agreed KPI’s, along with Security Incident Response Plans
  • Liaises with industry and national bodies (including regulators and auditors) to ensure the appropriateness of the information security function, e.g. PCI compliance
  • Ensures all Product Teams consider the security implications throughout the product lifecycles
  • Security risks are identified early on and catered for in the solution design and that the resulting implementation addresses these risks
  • Authorises implementation of procedures to satisfy new access requirements, or provide effective interfaces between users and service providers

Job Requirements:

  • Expert in methods and techniques for risk management, business impact analysis, countermeasures and contingency arrangements relating to the serious disruption of IT services
  • Expert in tools or systems which provides access security control (i.e. prevents unauthorised system access)
  • Strong current knowledge of PCI, DPA and ISO27001
  • Has expert awareness of problem solving procedures used for business-critical IT incidents, and a good awareness of their implications for a retail business
  • Remains visible to customers as the face of Security Testing to listen to their concerns and share these with others
  • Ability to take responsibility, own the issue, resolve it (get the required result) and recognises how individual responsibility impacts team delivery
  • Works collaboratively with a range of Teams/People to support the wider business needs
  • At least one of the following information security testing certifications OSCP, GIAC or CREST (CRT or CCT)
  • Current Information Security qualifications/certifications e.g. CISSP, CISM, CRISC, CEH etc desirable but not essential
  • Experience using web application vulnerability scanning tools (e.g., Qualys WAS, IBM AppScan, HP Web inspect etc)
  • Experience of using (SAST) Static Application security testing /Source Code Analysis tools such (e.g. HP Fortify, Veracode, Checkmarx)
  • Ability to write penetration test reports for technical and non-technical audiences
  • Ability to work on own with minimal supervision and deliver on time to budget
  • Ability to think methodically and logically situations, problem solve and communicate well using spoken and written word
  • Ability translate complex/technical issues clearly to meet the needs of the audience
  • Ability to balance the benefits of optimised security with the cost of providing it, to promote the best overall interests of the business

Qualification & Experience:

  • Extensive knowledge of OWASP vulnerabilities, tools and methodologies
  • Extensive knowledge of HTTP, PCI ASV and SSDLC
  • Demonstrates extensive knowledge of good security practice covering the physical and logical aspects of information products, systems integrity and confidentiality
  • Experience of performing mobile security assessments (Android – iOS)
  • Experience of performing Infrastructure Assessments and Security Reviews on Windows/Linux environments and Databases
  • Experience of performing Red Team activities and knowledge of relevant frameworks

Job Details:

Company: Sainsbury’s

Vacancy Type:  Full Time

Job Location: London, England

Application Deadline: N/A

Apply Here