Senior Information Security Analyst – SecurityTesting (C5)


In a highly competitive industry, our values make us different and make strong commercial sense. Our values help us strengthen relationships with all our stakeholders, build trust, reduce operating costs, mitigate risks and attract and retain talent in a crowded marketplace.

There’s a whole lot more to technology at Sainsbury’s than meets the eye. In this vital role at the forefront of Information Security, you’ll find we’re as much a Digital and Technology company as we are a Supermarket Chain. And as we continue our digital transformation, you’ll be at the heart of it.

You’ll discover a business with a Cloud-first approach, embracing the latest technologies. We’re ahead of the game in methodology too, building a DevOps culture and embedding Agile working. Our Digital and Technology teams develop an extraordinary variety of products and services spanning our supermarkets, online shopping, and our finance offerings through Sainsbury’s Bank. They power a diverse back office, too – from logistics and store support, through to HR apps.

We take our responsibility for protecting customer and colleague data seriously, so Information Security is crucial to our success in all these areas. The scope to develop a rewarding career is every bit as big as our ambitious plans to develop new apps and services.

As an experienced Senior Information Security Analyst, you’ll be a trusted consultant to the business. Your brief will span security testing, both forbusiness as usual and a diverse portfolio of IT projects. Working closely with BAU, project and programme teams, including Service Owners and Managers, Delivery Managers, Solution Architects, Developers, DevOpsand Product Owners, you’ll ensure that all Sainsbury’s IT Systems and Data is protected. Put simply, you will test to make sure the security controls we build in do the job.

Supporting in-house development utilising Agile and Waterfall methodologies, a strong knowledge and experienceof penetration and other security testing will be vital. This key role goes far beyond testing new systems, services and products. We’re constantly changing and updating both business and customer-focused systems, so there’s a constant need to test. You’ll manage remediation of identified vulnerabilities and play a pivotal role in the full risk management lifecycle. Getting to know our systems well, you’ll understand your important role in the big picture of Sainsbury’s thriving, and making a positive difference for our customers. Widely recognised for your expertise, the impact you have will be huge. This will includementoring and developing junior colleagues in the Information Security Testing team.

So what are we looking for?

To join us, you’ll need to have either OSCP, GIAC or CEH, or be a Qualys Certified Specialist. It would also be an advantage to have CISSP, CISM, CRISC, CISA or an equivalent Information Security qualification.

You’ll bring to the role proven experience of using web application vulnerability scanning tools such as Qualys WAS, IBM AppScan and HP Web Inspect. We’ll also expect you to be highly skilled in the use of Static Application Security Testing (SAST), Dynamic ApplicationSecurityTesting (DAST)and Source Code Analysis tools like HP Fortify, Veracode and Checkmarx.

You must register to apply for this job.