Security Testing & Attack Surface Manager

Job Description

Serving our customers, communities, and planet a little better every day.

Salary - Between £76,400 - £114,600 + annual bonus & benefits Work Level – WL2 Location – Edinburgh, Glasgow or Newcastle. Permanent Office Attendance - Our roles are hybrid; however, you should be able to travel to our office, 1-3 days per week for this position. Closing Date - Applications close 25th March at 5pm
We’re looking for a Security Testing & Attack Surface Manager (known internally as Lead Security Ops Manager) to join our Insurance Money and Services team.
Lead the enterprise vulnerability management, penetration testing, and attack surface management (ASM) functions to proactively reduce cyber risk across technology estates (cloud, on-prem, endpoints, third-parties, and internet-facing assets). Own the end-to-end lifecycle from discovery to remediation, ensuring measurable risk reduction, regulatory compliance, and clear business outcomes.
What you’ll be doing • Own and govern vulnerability management lifecycle (policy, standards, SLAs, identification through remediation) with risk based prioritization and executive reporting. Oversee enterprise-wide scanning across infra, cloud, endpoints, and applications, ensuring accurate asset attribution and false positive management. • Manage penetration testing strategy: third party relationships, scoping and delivery, remediation oversight, retesting, and SDLC integration, plus red/purple team assurance. • Operate continuous attack surface management to discover external assets and identify exposures such as misconfigurations, expired certs, and shadow IT, driving rapid remediation. Integrate ASM with EASM, CAASM, and CSPM for unified visibility and preventive guardrails. • Provide audit/regulator evidence, ensure alignment to secure baselines, and support vulnerability disclosure processes.
We need you to have • Vulnerability & attack surface expertise: Demonstrated ability to run vulnerability scanning and management at enterprise scale (on‑prem, cloud, containers, endpoints) plus strong understanding of ASM/EASM, DNS/TLS/PKI, and shadow‑IT discovery. • Penetration testing & threat‑path knowledge: Solid grasp of pen test methodologies (OWASP, NIST 800‑115, OSSTMM), exploit chains, and cloud attack paths. • Risk‑based security decisioning: Proficiency with CVSS/EPSS/KEV, threat‑intel consumption, and exploit validation to drive prioritisation. • Leadership & delivery: Proven cross‑functional operator with clear risk communication, strong stakeholder management, ability to influence without authority, and track record leading large‑scale programmes or vendors.
And if you have any of these, even better • Cloud & platform security depth: Familiarity with AWS/Azure/GCP, IAM, networking, Kubernetes, serverless, and CI/CD pipeline security integrations. • Secure SDLC integration: Understanding of SAST/DAST/IAST/SCA, pipeline gating, and ability to advocate for developer‑friendly security patterns. • Behavioural strengths: Data‑driven, pragmatic, calm under pressure, outcome‑focused, holds teams accountable. • Qualifications: Significant cyber experience with VM and/or testing; hands‑on pen testing preferred; relevant certifications are beneficial (OSCP/OSWE/OSEP, CRTO, GIAC, CISSP, cloud security). We don’t expect you to tick every box, and if you feel you hit most of the brief, it’s worth exploring to further develop your career here with us.
What’s in it for you • Prepare for your retirement with our colleague pension scheme. • Private Medical Insurance (WL2+) and virtual GP Service you and your family 365 days a year. • Critical Illness Insurance. • Performance related annual bonus. • Indulge in a generous holiday allowance with a minimum of 7.2 weeks, with the opportunity to buy more. • Embrace the benefits of our Colleague Clubcard, enjoy a 10% discount that increase to 15% every payday. As an added perk, we’ll give you a second card to share with someone else. • Benefit from our family-oriented initiatives, encompassing enhanced maternity leave pay, a shared parental leave policy, and a generous 8-week paid paternity leave. • A place to get on - take advantage of our ongoing learning opportunities and award-winning training, to help you achieve the job and career you want. • Take part in our Buy as you Earn and Save as your Earn share schemes.
Everyone’s welcome We want all our colleagues to always feel welcome and be themselves. We’re committed to building a more inclusive workplace and celebrating everything that makes colleagues unique, and value the richness and diversity this brings to our business. A more diverse business helps us deliver on our purpose to serve our customers, communities, and planet a little better every day.
Interviews We know the importance of balancing work with life’s other commitments. Please talk to us at interview about the flexibility you need, as we’re committed to exploring part time and flexible working opportunities, at every level of the organisation.
Interviews are expected to be held shortly after closing date.

Why Tesco Insurance and Money Services?

Seeing your impact all around you: there's no better feeling.

Lucky for us, we get to feel it all the time. Because whatever our role, we're helping our colleagues and serving our customers, communities and planet a little better every day.

We deal in the personal – from pet insurance for your best friend, and home insurance for peace of mind, to motor insurance for your dream car or travel money for that trip you’ve worked hard for.

Everything we do is about making things better. Not just for others, but for you too. It's why you'll get bags of choice and plenty of development. It's why you'll always be heard and find balance that works for you. It's why you'll feel totally at home in a place where everyone's welcome.

So, if you want a career where you can do good and feel good, you've found it.

Let's make everyday a little better.

Our story

Making Insurance and Money Services more rewarding and offering great value and choice - because we know little wins can make a big difference.

We began life in 1997 and now help more than 2 million customers protect what matters to them.

We want to deliver a helpful service in everything we do and to make life easier for our customers. Our policies are really easy to manage online for our customers, but we know that being able to speak to our customer service staff when you need to is really important. This is why our customer service centers are open seven days a week.

Delivering great customer service means having great people behind the scenes – people who understand our customers and are driven by doing the right thing for them. We offer colleagues a place where they can feel totally at home in a place where everyone's welcome, where they can be part of a great team focused on making a real difference for our customers.

How to apply

We value our people and diverse teams and believe the variety of backgrounds and experiences make us stronger to achieve our goals.

Our colleagues are working hybrid, taking time to meet with colleagues in our offices for moments that matter, such as team catch ups, planning meetings and more. If you’re interested in finding out more about what a career at Tesco Insurance and Money Services looks like, click apply to find out more!