Security Testing Lead

Job Type IT
Region South East England
Location Bracknell
Preferred Hours Full and Part Time
Partnership Level
This role is at Partnership Level 6 and includes entitlement to the following additional benefits:
  • Invitation to join the Bupa Private Medical Insurance scheme
  • 5 weeks holiday
Further details will be provided at interview and upon successful offer
Closing Date 14/8/2020
Vacancy Type
Salary £53,000 - £76,000
Salary Frequency per annum
Hours of Work
35 hours per week - Monday-Friday - 09:00-17:30

*We have a number of different ways to work flexibly so at your interview feel free to talk about what flexibility means to you. There are no guarantees, however, it may open the door to not only a new role but a new way of working.*

Duties & Responsibilities

What's the role about?

The John Lewis Partnership's Information Security strategy is bold and ambitious. We provide a collection of security services, delivered through people, processes and technology. Working collaboratively, these services ensure that customers can shop with us efficiently, safely and securely, every single day.

A key component of this function is the Threat and Vulnerability Management team. A group of Partners who take active responsibility for understanding threats posed to the John Lewis Partnership, the vulnerabilities that we're carrying and the testing of the security defenses we put in place to protect the Partnership.

We are currently looking for an experienced Security Testing Lead to take control of the team responsible for security testing. This team is set up to ensure that the technical security controls we have in place are functioning properly and identify any gaps in our armour that might need closing. In order to do this, the team is experienced in performing a variety of security testing activities, such as penetration tests, red teams, bug bounty programs, compliance scanning and more.

It goes without saying that security testing is vital to the John Lewis Partnership, as it allows us to look at our defenses through the eyes of an attacker to ensure that we're aware of and mitigate any risks that external or internal threats might pose. The roles that our Security Operations Partners perform are invaluable to the health of the John Lewis Partnership and without them we would not be able to protect the loyalty and trust of all those that have a relationship with us.

Please note that within the John Lewis Partnership, this role is known as InfoSec Lead, Threat and Vulnerability Management.

Job Requirements

What you'll be doing as a Security Testing Lead

In this role you will be required to manage the work of a team of analysts and oversee a number of third parties that support us with our security testing, you can be assured that no two days are ever the same in the world of Information Security.

You will be responsible for the day-to-day operation of our security testing service, ensuring that our security defences are working correctly and identifying any gaps in our armour that could be exploited by an attacker. Continuous improvement and automation is key to our ability to move at pace with our ever changing demands, so you will define and deliver an improvement roadmap, automate controls testing wherever possible and streamline manual processes where automation isn't in place.

In order to perform your duties, you will need to be able to understand the highly technical nature of the work that we do and translate that into understandable language for a non-technical audience.

With the above in mind, the role of Security Testing Lead will need to engage with a wide variety of stakeholders across the whole IT department and the broader John Lewis Partnership business. You will have the opportunity to inform and influence at the highest levels.

Why do our Security Operations Partners love working for us?

"We have a friendly team culture where everyone is keen to develop their skills and support those around them. I've been given great opportunities to further my career. The work we do is challenging and varied, and it's really satisfying to be part of a team that's integral to protecting our customers and Partners." - Laurence Jeffcoate - Information Security Analyst

Required essential experience skills and qualifications

What you'll have

Direct experience in security testing or ethical hacking. This can include performing the following activities, or similar:

- Penetration testing
- Bug bounty programs
- Attack simulation testing
- Compliance scanning

Expertise across a number of the following areas:

- Application security
- Cloud platform security
- Infrastructure security
- Network security
- Mitre ATT&CK framework
- CIS Controls framework
- DevOps
- CI/CD tooling
- Social engineering techniques

Familiarity with security testing tools such as Kali Linux, Burp Suite, Nmap, Metasploit, Wireshark, OWASP ZAP or similar.

Qualifications in ethical hacking, such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or equivalent experience

Required desirable experience skills and qualifications

What else you can bring to the role

Experience leading a team and task managing the work of others.
Experience owning third party relationships, overseeing the work of third parties and dealing with any issues.
An ability to communicate technical issues to a non-technical audience across a variety of roles and levels.
A proven track record of delivering continuous improvements aligned with a roadmap
Hands-on technology management experience directly relevant to Information Security or an accreditation such as ISC2 CISSP or similar.

*Please note that we reserve the right to close the vacancy earlier than advertised due to high volume*

Internal Use Only;


Latest opportunities

Customer Delivery Driver - PM shift, Enfield Customer Fulfilment Centre (CFC)
  • Enfield CFC, London
  • £10.58 - £13.23 depending on relevant experience
  • Closing Date: 7/8/2020
Mushroom Farm Worker, Leckford
  • Leckford, South East England
  • £8.72- £10.30
  • Closing Date: 9/8/2020
Customer Delivery Driver Installer PM, Avonmouth
  • Avonmouth, South West England
  • £12.22 - £15.89
  • Closing Date: 13/8/2020