Cyber Security Specialist - eCommerce Security

Job Title

Cyber Security Specialist - eCommerce Security

Location

Asda House

Employment Type

Full time

Contract Type

Permanent

Hours Per Week

37.5

Salary

Competitive salary plus benefits

Category

Cyber Security

Closing Date

10 May 2026

 

This role is responsible for embedding security into the design, development, and operation of our eCommerce and customer-facing application landscape.
You will act as the primary security partner to digital and engineering teams, ensuring that security is integrated into delivery at pace—supporting secure-by-design principles, reducing risk exposure, and protecting customer data and revenue-critical platforms.

This is a hands-on role combining application security expertise, stakeholder engagement, and pragmatic risk management within a fast-paced retail environment.

Please be advised that this position requires attendance at Asda House in Leeds for a minimum of three days per week. We’re really looking forward to having you around!

We welcome applications from candidates seeking part-time hours, flexible working arrangements, or job share opportunities.

What You’ll Love

• Secure eCommerce and Digital Platforms
  • Provide security oversight and guidance across all eCommerce platforms, APIs, and customer-facing applications
  • Identify and mitigate risks relating to payment processing, authentication, session management, and data handling
  • Support secure design reviews for new features, integrations, and third-party services
• Embed Secure SDLC Practices within Asda and guide 3rd party practices
  • Partner with AppSec team and engineering teams to embed security into CI/CD pipelines and development workflows
  • Drive adoption of secure coding standards and best practices (e.g. OWASP Top 10)
• Vulnerability and testing management
  • Own the identification, triage, and remediation tracking of application-level vulnerabilities
  • Work with engineering teams to prioritise fixes based on risk and business impact
  • Provide clear reporting on application security posture and trends
  • Assist risk management team with pen testing prioritisation and track remediation work
  • Translate technical risks into clear, business-aligned recommendations
• Cross team with with Architecture and Risk Management
  • Conduct threat modelling with Architecture for key systems, focusing on eCommerce journeys and customer data flows
  • Assess risks associated with new technologies, integrations, and architectural changes
  • Translate technical risks into clear, business-aligned recommendations

What You’ll Need

• Strong experience in Application Security / Product Security
• Experience securing web applications, APIs, and eCommerce platforms
• Hands-on knowledge of:
• OWASP Top 10 / ASVS
• SAST, DAST, SCA tooling
• Authentication (OAuth, SSO, MFA), session management
• Experience working with engineering teams in Agile / DevOps environments
• Ability to translate security into pragmatic, delivery-focused guidance

Desirable:

• Experience in retail / eCommerce environments
• Familiarity with payment security (PCI DSS, tokenisation, payment gateways)
• Experience with cloud-native applications (Azure preferred)
• Knowledge of Microsoft security stack (Defender, Sentinel, etc.)
• Exposure to bug bounty / penetration testing / red teaming outputs

What Success Looks Like

• Security is embedded into eCommerce and application delivery, with teams engaging early and adopting secure-by-design practices
• Measurable reduction in critical and high-risk application vulnerabilities, with improved remediation times
• Engineering teams take ownership of security, with secure coding and tooling consistently adopted across pipelines
• Clear, business-aligned visibility of application security risk, particularly across customer journeys and payment flows
• Trusted partner to digital and engineering teams, influencing decisions without slowing delivery

Apply today by completing an online application…

#LI-ES1 #LI-Hybrid

Everything you'll love

To ensure we balance moments where we know we need to collaborate together and the need for flexibility, Asda has a hybrid way of working with a minimum 3 days a week in one of our Home Offices. Over and above this, each area of Asda may have additional requirements which may require spending more days in the office, visiting suppliers, stores or depots.

You will also get an excellent benefits package including:

• Discretionary company bonus

• Company pension up to 7% matched

• Company Car allowance of £5,700

• 15% colleague discount in store and online

• Free access to wellbeing services such as Stream, 24/7 virtual GP, counselling, health and dental cash plans and a 24/7 employee assistance helpline, alongside discounts across a range of services and activities, from airport parking, enhanced to theme parks and cinemas.

• Asda Allies Inclusion Networks – helping colleagues to make sure everybody is included and that our differences are recognised and celebrated

• Excellent parental leave policies, including maternity & adoption leave, paternity leave, shared parental leave, neonatal care leave, and support for those doing fertility treatments.

We want all colleagues to be able to bring their best and true selves to work, every day. Simply put, we want our colleagues to be Proud to be Asda and proud to be themselves