Skip to main content
  • Working for us
  • Teams
  • Application help
  • Life at Sainsbury's
  • Register your interest
Back to search

Salary: Competitive Plus Benefits
Location: London Store Support Centre and Home, London, EC1M 6HA
Contract type: Permanent
Business area: Sainsbury's Tech
Closing date: 23 February 2026
Requisition ID: 400046121

We’d all like amazing work to do, and real work-life balance. That’s waiting for you at Sainsbury’s. Think about the scale it takes for us to feed the nation. The level of data, transactions and variety it involves. Then you’ll realise that ours is a modern software engineering environment because it has to be. We’ve made serious investment into a Tech Academy and into setting standards and principles. We iterate, learn, experiment and push ways of working such as Agile, Scrum and XP. So you can look forward to awesome opportunities in everything from AI to reusable tech.

The big question: why on earth should a Tech professional like you work for a 150-year-old retail chain? Because we’re on a journey. Changing the way we operate.  Learning to think nimble. Giving our teams the time and freedom they need to push boundaries. To create amazing systems and technologies. To give our colleagues and our customers even more incredible experiences.

There are thousands of experts to talk to and learn from. We’ve got data from billions of transactions for our teams to play with. Things get built here. They get made here. They hit customers and colleagues quickly. Welcome to the home of Sainsbury's Tech.

About the Team

Our Data Governance & Information Security team is at the heart of protecting the organisation’s systems, data, and people. We work across all areas of the business to identify risks, strengthen defences, and ensure compliance with industry standards and regulations.

We value accountability, curiosity, and continuous improvement, and we’re passionate about building a culture where security is second nature. Joining us means being part of a team that tackles evolving threats, drives awareness, and helps the organisation remain resilient and trusted.

More about the role:

The Senior Information Security Tester will be engaged in delivering Penetration Testing & related services and will:

  • Scope penetration testing for both internal and external facing systems
  • Take ownership and perform a wide range of penetration tests in line with internal standards and SLAs, including detailed and actionable reporting
  • Provide expert feedback in several forums related to technical vulnerabilities and processes within and outside of the security testing team
  • Performing Quality Assurance on in-house reports, vulnerability database write-ups, and any related documentation related to the security testing team’s function
  • Improve internal vulnerability database write-ups to increase overall quality of all reports
  • Provides advice and guidance associated with the planning, design, implementation and improvement of system security taking account of current best practice, legislation and regulation when necessary
  • Assist other teams in understanding security vulnerabilities and implications through constructive conversations & meetings when engaged through security testing, or as part of the wider conversation
  • Periodically review external penetration tests as part of ongoing vendor evaluation, along with providing formal feedback for any issues and participating in resolution meetings
  • Provide mentorship to others within the team, along with assisting to fill in any knowledge gaps when identified
  • Be able to perform Purple Team activities as required, with Red Team capabilities a large advantage
  • Participate in reviewing bug bounty findings and providing feedback for issues which are of high severity, complexity, and exceeding a reward threshold

Essential:

  • Extensive experience performing Web Application penetration tests
  • Extensive knowledge of OWASP vulnerabilities, tools and methodologies
  • Strong Experience performing Infrastructure penetration tests against Windows & Linux environments and Databases
  • Strong Experience performing build reviews against Windows & Linux hosts, MacOS a bonus
  • Strong technical writing ability to write penetration test reports for technical and non-technical audiences
  • Strong reporting Quality Assurance skills 
  • Ability to work on their own with minimal supervision and deliver on time to budget
  • Demonstrates extensive knowledge of good security practice covering the physical and logical aspects of information products, systems integrity and confidentiality
  • At least one of the following information security testing certifications OSWE, OSCP, GIAC or CREST (CRT or CCT)
  • Experience using vulnerability scanning tools (e.g., Qualys WAS, IBM AppScan, HP Web inspect etc)
  • Ability to think methodically and logically through situations, problem solve and communicate well using spoken and written word
  • Remains visible to customers as the face of Security Testing to listen to their concerns and share these with others
  • Strong current knowledge or awareness of PCI, DPA and ISO27001
  • Ability to translate complex/technical issues clearly to meet the needs of the audience outside of a written report 
  • Ability to take responsibility, own the issue, resolve it (get the required result) and recognises how individual contributions impacts team delivery
  • Experience performing Purple Team activities

Advantageous:

  • Experience with AI & LLM penetration testing
  • Experience performing Mobile security assessments
  • Experience performing Red Team activities such as phishing, social engineering, malware development and other offensive tooling development, along with knowledge of relevant frameworks
  • Experience with AV & EDR Evasion
  • Experience with scripting and programming languages such as C, CPP, C#, Python
  • Extensive knowledge of PCI, ASV and SSDLC
  • Holds industry respected certifications for any penetration testing or related functions for web applications, infrastructure, mobile, AI/LLM, Red Team, etc
  • Expert in tools or systems which provides access security control (i.e. prevents unauthorised system access)
  • Current Information Security qualifications/certifications e.g. CISSP, CISM, CRISC, CEH etc desirable but not essential
  • Experience of using Static Application Security Testing (SAST) analysis tools such (e.g. HP Fortify, Veracode, Checkmarx)
  • Has expert awareness of problem-solving procedures used for business-critical IT incidents, and a good awareness of their implications for a retail business
  • Ability to balance the benefits of optimised security with the cost of providing it, to promote the best overall interests of the business
  • Mentoring experience assisting others in the team to improve their skills

In return you’ll get:

  • Colleague discount across the multi-brands – Sainsbury’s, Argos and Habitat
  • Holiday allowance
  • Bonus scheme
  • Pension plan
  • Special offers on gym memberships, restaurants, holidays, retail vouchers and more

Flexible working and job share conversations are encouraged. Across our multi-brands, we’re proud to be an equal opportunities employer that champions a diverse and inclusive culture. If you’re reading this, even if you’re not 100% sure you’re there with your experience, we’d still love to hear from you. If you’d like to find out more head to Sainsbury's Tech

We are committed to being a truly inclusive retailer, so you’ll be welcomed whoever you are and wherever you work. Around here, there’s always the chance to try something new - whether that’s as part of an evolving team or somewhere else across the business - and we take development seriously and promise to support you. We also recognise and celebrate colleagues when they go the extra mile and, where possible, offer flexible working. When you join our team, we’ll also offer you an amazing range of benefits. Here are some of them:
 
 Starting off with colleague discount, you'll be able to get 10% off at Sainsbury's, Argos, TU and Habitat after 4 weeks. This increases to 15% off at Sainsbury’s every Friday and Saturday and 15% off at Argos every pay day. We've also got you covered for your future with our pensions scheme and life cover. You'll also be able to share in our success as you may be eligible for a performance-related bonus of up to 20% of salary, depending on how we perform.  
 
 Your wellbeing is important to us too. You'll receive an annual holiday allowance, and you can buy additional holiday. We also offer other benefits that will help your money go further such as season ticket loans, interest free car loan of up to £10k, cycle to work scheme, health cash plans, pay advance (where you can access some of your pay before pay day) as well access to a great range of discounts from hundreds of other retailers. And if you ever need it there is also an Employee Assistance Programme, you will also be eligible for private healthcare too.

Moments that matter are as important to us as they are to you which is why we give up to 26 weeks’ pay for maternity or adoption leave and up to 4 weeks’ pay for paternity leave. 
 
 Please see www.sainsburys.jobs for a range of our benefits (note, length of service and eligibility criteria may apply).

Want to learn more about our teams?

back to top
Logo of the Disability Confident Leader programme, signifying commitment to inclusive recruitment and supporting disabled employees. Logo of the Carer Confident Accomplished programme, demonstrating recognition as a carer-friendly organisation.