Cyber Security Specialist - eCommerce Security

Requirements

• Strong experience in Application Security / Product Security
• Experience securing web applications, APIs, and eCommerce platforms
• Hands-on knowledge of:
• OWASP Top 10 / ASVS
• SAST, DAST, SCA tooling
• Authentication (OAuth, SSO, MFA), session management
• Experience working with engineering teams in Agile / DevOps environments
• Ability to translate security into pragmatic, delivery-focused guidance
• Desirable:
• Experience in retail / eCommerce environments
• Familiarity with payment security (PCI DSS, tokenisation, payment gateways)
• Experience with cloud-native applications (Azure preferred)
• Knowledge of Microsoft security stack (Defender, Sentinel, etc.)
• Exposure to bug bounty / penetration testing / red teaming outputs
• What Success Looks Like
• Security is embedded into eCommerce and application delivery, with teams engaging early and adopting secure-by-design practices
• Measurable reduction in critical and high-risk application vulnerabilities, with improved remediation times
• Engineering teams take ownership of security, with secure coding and tooling consistently adopted across pipelines
• Clear, business-aligned visibility of application security risk, particularly across customer journeys and payment flows
• Trusted partner to digital and engineering teams, influencing decisions without slowing delivery
• Apply today by completing an online application...
• #LI-ES1 #LI-Hybrid
• Everything you'll love
• You will also get an excellent benefits package including:
• Discretionary company bonus
• Company pension up to 7% matched
• Company Car allowance of £5,700
• 15% colleague discount in store and online
• Free access to wellbeing services such as Stream, 24/7 virtual GP, counselling, health and dental cash plans and a 24/7 employee assistance helpline, alongside discounts across a range of services and activities, from airport parking, enhanced to theme parks and cinemas.
• Asda Allies Inclusion Networks - helping colleagues to make sure everybody is included and that our differences are recognised and celebrated
• Excellent parental leave policies, including maternity & adoption leave, paternity leave,

Benefits

Additional Information

Job Title Cyber Security Specialist - eCommerce Security Location Asda House Employment Type Full time Contract Type Permanent Hours Per Week 37.5 Salary Competitive salary plus benefits Category Cyber Security Closing Date 19 June 2026 This role is responsible for embedding security into the design, development, and operation of our eCommerce and customer-facing application landscape. You will act as the primary security partner to digital and engineering teams, ensuring that security is integrated into delivery at pace-supporting secure-by-design principles, reducing risk exposure, and protecting customer data and revenue-critical platforms. This is a hands-on role combining application security expertise, stakeholder engagement, and pragmatic risk management within a fast-paced retail environment. Please be advised that this position requires attendance at Asda House in Leeds for a minimum of three days per week. We're really looking forward to having you around! We welcome applications from candidates seeking part-time hours, flexible working arrangements, or job share opportunities. What You'll Love Secure eCommerce and Digital Platforms Provide security oversight and guidance across all eCommerce platforms, APIs, and customer-facing applications Identify and mitigate risks relating to payment processing, authentication, session management, and data handling Support secure design reviews for new features, integrations, and third-party services Embed Secure SDLC Practices within Asda and guide 3rd party practices Partner with AppSec team and engineering teams to embed security into CI/CD pipelines and development workflows Drive adoption of secure coding standards and best practices (e.g. OWASP Top 10) Vulnerability and testing management Own the identification, triage, and remediation tracking of application-level vulnerabilities Work with engineering teams to prioritise fixes based on risk and business impact Provide clear reporting on application security posture and trends Assist risk management team with pen testing prioritisation and track remediation work Translate technical risks into clear, business-aligned recommendations Cross team with with Architecture and Risk Management Conduct threat modelling with Architecture for key systems, focusing on eCommerce journeys and customer data flows Assess risks associated with new technologies, integrations, and architectural changes Translate technical risks into clear, business-aligned recommendations

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at asda? Share your experience