“We are on a mission to transform the future of grocery retail through sustained technology innovation.”

Ocado Technology is putting the world’s retailers online using advanced artificial intelligence, robotics, big data, the cloud and IoT. We develop the innovative software and hardware systems that power Ocado.com, as well as the unique ‘Ocado Smart Platform’ which is being implemented by ambitious retailers across the world from Europe to America, Asia and beyond. With everything from websites to highly automated warehouses that we design in-house, our employees are skilled specialists with expertise across a wide range of technologies, working on cutting-edge innovations that are shaping the future of our society.

We are a fast- growing company: today we have colleagues in 7 development centre across the UK and Europe, with offices open in London, Hatfield, Welwyn Garden City (UK), Krakow, Wroclaw (Poland), Sofia (Bulgaria) and Barcelona (Spain), with a satellite office in Stockholm (Sweden).

We champion a value-led culture to get our teams working at their very best and to help create a collaborative working environment with inspiring projects that our people love. Core values of Trust, Autonomy, Craftsmanship, Collaboration and Learn Fast help drive our innovative culture.  But don’t just take our word for it, have a look at what our people are saying about us on Glassdoor. 

What would I be doing?

Cybersecurity is not optional for the platform business. A single security incident can result in a complete loss of credibility and customers. As we grow we need to make sure that security principles and practices are deeply embedded in our engineering culture and that we create necessary feedback loops that keep us continuously improving in this area.

We are creating a team of Application Security Engineers with different skills sets and levels of experience, providing services to different streams. Application Security Engineers will be in all the development centres and will collaborate as a team.

As part of the Application Security team you will be responsible for:

• Providing development teams guidelines and assistance on addressing security threats that span across web and mobile applications, cloud computing, robotics, artificial intelligence and automation
• Providing support to development teams in: - Architecture and design - Threat modelling activities - Security code reviews - Remediation guidance for: security vulnerabilities, penetration testing findings, cybersecurity issues and threats - Improve SDLC security via CI/CD tooling
• Running, maintaining and leading activities related to bug bounty program  
• Educating development teams on performing security activities
• Taking part in preparing study materials for security awareness of development teams 

What we would like to you to have: 

• 2 or more years experience in one of the application security, development or penetration testing 
• OWASP Top 10 web application security risks and countermeasures
• A clear conceptual understanding of the SDLC
• Strong communication skills and ability to influence engineering behaviours
• Interest in continuous learning

Nice to have but do not feel hesitant to apply if you don’t

• Experience in threat modelling
• Ability to read and understand code written, ideally, in one of the following languages: Java, Javascript, Python, C, C++, Kotlin, Swift
• Experience in mobile or web development
• Experience in security assessment (design review, vulnerability assessment, penetration testing) 
• Knowledge of cloud environments and how to secure them
• Experience with container technology
• Knowledge of cryptographic concepts applied to data protection
• Relevant certifications (OSCP, OSWE, eCPPT, eWPT, GPEN, GWEB, etc.)

Benefits

• Permanent Contract
• Multi-Sport Card
• Medical Insurance
• Life assurance
• Lunch Vouchers
• Training and Development opportunities

Be bold, be unique, be brilliant, be you. We are looking for individuality and we value diversity above gender, sexual orientation, race, nationality, ethnicity, religion, age, disability or union participation. We are an equal opportunities employer and we are committed to treating all applicants and employees fairly and equally.