Security Engineering Specialist

Serving our customers, communities, and planet a little better every day.

Salary - Between £, - £, + annual bonus & benefits

Location – Edinburgh, Permanent

Office Attendance - Our roles are hybrid; however, you should be able to travel to our Edinburgh office 2 days per week for this position.

Closing Date – Applications close //5 at 5pm

A chance to thrive

We’re looking for a Security Engineering Specialist to join our Vulnerability Management and Assurance team at Tesco Bank, part of Barclays Bank UK Plc.

The Vulnerability Management and Assurance team are the technical experts in technical vulnerabilities and weaknesses – senior stakeholders rely on our ability to understand deeply technical topics and interpret the situation at the business level. Our team is responsible for detecting, tracking, and advising on vulnerabilities to protect the Bank and our customers.

What you’ll be doing

Leading by example as the technical expert on vulnerabilities and advise on remediations. Providing security assurance and guidance for complex projects throughout their life-cycles and giving specialist input for go-live decisions. Deciding, scoping, and arranging pragmatic security assessments to be carried out by our panel of security vendors. Liaising with departments across the bank and build working relationships with other teams to spread awareness of security and help the bank achieve required levels of protection and governance. Helping us modernise our practices and drive improvements to the ways the team works, our vulnerability detection and management tooling, security testing processes and their associated processes.

We need you to have

Technical expertise on vulnerabilities and an intimate understanding of an attacker mindset and their techniques. Demonstrable experience in working with a range of security assessment types. Thorough understanding of security best practices and anti-patterns, familiarity with tooling to support these. Excellent communication abilities with technical and non-technical colleagues.

And if you have any of these, even better

Strong understanding of Agile practices and effectively employing the principles in a real life workplace. Experience in offensive IT Security tooling and practices past experience in pentesting, HackTheBox, TryHackMe,). Strong understanding of current and past OWASP Top s (web/API/mobile), CVSSv2 and CVSSv3, MITRE ATT&CK, and NIST Framework. IT Security related achievements, publications, certifications, and other credentials.

We don’t expect you to tick every box, and if you feel you hit most of the brief, it’s worth exploring to further develop your career here with us.

What’s in it for you

Prepare for your retirement with our colleague pension scheme. Private Medical Insurance (WL2+) and virtual GP Service days a year. Performance related annual bonus. Indulge in a generous holiday allowance with a minimum of weeks, with the opportunity to buy more. Embrace the benefits of our Colleague Clubcard, enjoy a % discount that increase to % every payday (worth up to 2K). As an added perk, we’ll give you a second card to share with someone else. Benefit from our family-oriented initiatives, encompassing enhanced maternity leave pay, a shared parental leave policy, and a generous paid paternity leave. A place to get on - take advantage of our ongoing learning opportunities and training, to help you achieve the job and career you want.

Everyone’s welcome

We want all our colleagues to always feel welcome and be themselves at Tesco Bank, part of Barclays Bank UK Plc. We’re committed to building a more inclusive workplace and celebrating everything that makes colleagues unique, and value the richness and diversity this brings to our business. A more diverse business helps us deliver on our purpose to serve our customers, communities, and planet a little better every day.

#LI-KS1