Ocado Group is hiring an

AppSec Engineer

Hatfield, United Kingdom

“We are on a mission to transform the future of grocery retail through sustained technology innovation.”


Ocado Technology is putting the world’s retailers online using advanced artificial intelligence, robotics, big data, the cloud and IoT. We develop the innovative software and hardware systems that power Ocado.com, as well as the unique ‘Ocado Smart Platform’ which is being implemented by ambitious retailers across the world from Europe to America, Asia and beyond. With everything from websites to highly automated warehouses that we design in-house, our employees are skilled specialists with expertise across a wide range of technologies, working on cutting-edge innovations that are shaping the future of our society.

We are a fast- growing company: today we have colleagues in 7 development centre across the UK and Europe, with offices open in London, Hatfield, Welwyn Garden City (UK), Krakow, Wroclaw (Poland), Sofia (Bulgaria) and Barcelona (Spain), with a satellite office in Stockholm (Sweden).

We champion a value-led culture to get our teams working at their very best and to help create a collaborative working environment with inspiring projects that our people love. Core values of Trust, Autonomy, Craftsmanship, Collaboration and Learn Fast help drive our innovative culture.  But don’t just take our word for it, have a look at what our people are saying about us on Glassdoor

What would I be doing?

The main mission of the AppSec engineers is to help us build secure systems by embedding security in our SDLC. You will achieve this by providing expertise and guidance, working closely with the development teams, central AppSec function, InfoSec team and Security Chapters. 

This is a great opportunity to be able to shape the processes for an entire department as well as working with the central function.

You will do the following:

  • Provide security expertise and guidance to development teams.
  • Assess SDLC security gap risks and propose remedies.
  • Promote a security-focused culture in all activities of our SDLC.
  • Assist teams with conducting threat modelling. 
  • Educating and supporting teams perform their security code reviews and triage vulnerabilities.
  • Write and maintain software for automating security processes. 
  • Write and maintain software for monitoring and security vulnerabilities checks.
  • Develop and improve tools that enable the detection, exposing, reporting and auditing security activities.
  • Research and propose security best practices in other organisations.
  • Help with penetration testing of new and existing applications.
  • Demonstrate development and/or scripting abilities working with API’s.
  • Collaborate with other departments to achieve business outcomes.
  • Knowledge of standards such as SOC II, ISO/IEC 27001 and SOX are a plus.
  • Security awareness, including web application security awareness, is a plus.
  • Contributing to the centralised:
    • Application security practice
    • Tooling
      • Static and dynamic analysis
      • Fuzz testing
      • Security monitoring and alerting
      • Security reporting

What does the team do

We are Shopping Platforms and we build the online shopping experience for our retailer’s customers. Working with retail partners around the world, our engineering teams strive to create the next-generation shopping platform that will change the way the world shops. We obsess about performance, developer experience and automation. To do this we use cutting edge technology, and when that's not enough, we push the boundaries of what's possible" 

What we are looking for 


  • Strong understanding of application security awareness, including the security of web application
  • Experience identifying, assessing and providing remediation options for application and technology related security risks.
  • Experience providing governance and validating compliance of internal and external teams providing security services.
  • Demonstrable Java, Python or C# programming ability with an in-depth understanding of underpinning techniques  
  • Excellent communication and collaboration skills to enable effective working relationships with our development teams.


  • Knowledge of backend and frontend web application vulnerabilities
  • Knowledge of Agile methodologies

What we offer you

Our employee benefits are designed for you, we care about people and we’ve ensured we have a wealth of benefits that focus on your well-being. Within our flexible environment we can offer technically stretching work, a competitive salary and share schemes. Benefits include pension scheme, train season ticket loan (interest-free), free shuttle bus from Hatfield train station and of course, healthy Ocado retail staff discounts. 

We also have regular divisional socials, sports clubs not to mention the Ocado Technology Academy for a packed schedule of courses, conferences and events such as discussion sessions, conference briefs and external guest speakers. If you think you have what it takes to make a difference, please submit your application below.

Due to the energising nature of Ocado's business, vacancy close dates, when stated, are indicative and may be subject to change so please apply as soon as possible to avoid disappointment. 

Please note: If you have applied and been rejected for this role in the last 6 months, or applied and been rejected for a role with a similar skill set, we will not re-evaluate you for this position. After 6 months, we will treat your application as a new one. 

Be bold, be unique, be brilliant, be you. We are looking for individuality and we value diversity above gender, sexual orientation, race, nationality, ethnicity, religion, age, disability or union participation. We are an equal opportunities employer and we are committed to treating all applicants and employees fairly and equally.