IT SECURITY ANALYST III - AD

Company description

Tesco is a leading multinational retailer, with more than 336 000 colleagues.

Our software is used by millions of people across several countries every day. Whether it’s the tills and websites our customers use, or the systems our colleagues and partners use, you’ll play your part in keeping it running like a well-oiled machine. And when a business problem pops up? You and the creative minds in our team will be challenged to solve it.

As Tech Hub we cooperate within the group of Tesco Technology Hubs located in the UK, Poland, Czech Republic, Hungary, and India.

Role summary

We are looking for an experienced, senior IT Security Analyst who supports the strengthening of Active Directory security posture, focusing on one or more of the following: risk management, regulatory compliance, threat security policy development and enforcement.

This job requires to be based in/close to Prague. We currently work in a hybrid model and meet in our office 3 days a week.

In this job you are accountable for

• Risk Management: Brings advanced level skills to assess the information security risk associated with existing and proposed business operational programs, systems, applications, practices, and procedures in very complex, business-critical environments. May conduct and document very complex information security risk assessments. May assist in the creation and implementation of security solutions and programs.

• Regulatory Compliance: Brings advanced level skills to manage programs to establish, document and track compliance to industry and government standards and regulations, e.g., ISO-27001, PCI-DSS, HIPAA, FedRAMP, GDPR, etc. Researches and interprets current and pending governmental laws and regulations, industry standards and customer and vendor contracts to communicate compliance requirements to the business. Participates in industry forums monitoring developments in regulatory compliance.

• Mentoring and training other team members.

• Compilation of information and reporting for management.

Job description

• Build out new security control catalogue, security policies and procedures and assist in implementing them
• Knowledge of application, data classification, security infrastructure and governance, Logging, Supervising aspects, and Authorization
• Ability to analyze security requirements and convert into secure and scalable DB security controls
• Review application architectures and implementation details for design flaws, incorrect security implementation and missing security controls
• Drive and lead security processes, tools, methods and knowledge and security enhancements
• Use Static and Dynamic Analysis tools to support broad testing and vulnerability discovery in the CI/CD pipeline
• Conduct security assessments
• Coordinate with Corporate Security teams and System Owners to ensure Corporate Security standards implementation
• Perform security audit, risk assessment, and generate reports of security posture of systems
• Build automation using Python/Ruby/Terraform/Ansible /Oracle Apex to handle large Infrastructure
• Drive innovation and integration of new technologies into projects and activities
• Provide domain-specific expertise, overall security leadership and perspective to cross- organization projects, programs and activities
• Willing to learn new technologies and products
• Knowledge of encryption technologies

Skills relevant for this job

• In-depth knowledge of Active Directory services up to 3rd/engineering level
• Strong experience in PowerShell scripting for AD administration and automation
• Familiarity with Active Directory security standards and RBAC implementation
• Experience in integrating Active Directory services across various platforms
• Review existing workflow and systems to reduce duplication of effort and inefficiencies
• Collaborate across a wide audience of stakeholders regarding business objectives, priorities, and impact of proposed changes
• Experience with security assessments and audits
• Minimum 8 years of experience, preferably 10 years or more

Additional information

Benefits

Tesco is a diverse and exciting employer, dedicated to being #aplacetogeton, providing career-defining opportunities to all of our colleagues. If you choose to join our business, we will provide you with (for all):

• Learning opportunities - certified technical training and learning platforms like Udemy, Pluralsight and O’Reilly
• Referral Bonus
• Up to 20% yearly salary bonus – based on both individual and business performance
• Cafeteria & Multisport
• Additional 5 days of paid leave to support your well-being and family life
• Shopping discount in our stores

What our colleagues like the most at Tesco

• We develop our own products
• We make an impact; large scale of operation
• Accountability and respect are given to us
• We cooperate and support each other
• There are great colleagues who are divided into small teams here
• We can develop and learn new things

Join our team and be a part of building one of the biggest brands in the retail industry!

Let us know you are interested by pushing the APPLY button!

#LI-ACS1