Benefits
We're all about the little helps. That's why we make sure our Tesco colleague benefits package takes care of you - both in and out of work. Find out more!
* Annual bonus scheme of up to 20% of base salary
* Holiday starting at 25 days plus a personal day (plus Bank holidays)
* Private medical insurance
* 26 weeks maternity and adoption leave (after 1 years' service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 4 weeks fully paid paternity leave
* Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing
Responsibilities
Strategic Leadership
* Act as a senior engineer for Identity within the Workplace Technology team, setting the direction, roadmap, and architectural standards for core identity services including Active Directory, Entra ID, PKI, and modern authentication protocols.
* Align identity strategy to Tesco's broader digital workplace vision, collaborating closely with architects, product managers, security, and infrastructure teams.
* Stay ahead of market trends and emerging technologies in identity and access management, advocating for their adoption where beneficial.
Engineering & Delivery
* Design and deliver secure, scalable identity platforms that support global business needs and enable modern digital workplace capabilities.
* Engineer solutions across the identity lifecycle: concept, evaluation, prototyping, testing, production deployment, and service transition.
* Implement automation, codification (IaC), and integration with CI/CD practices to drive efficiency and resilience.
* Act as a senior escalation point for complex issues related to authentication, replication, certificate lifecycle, hybrid identity, and directory services.
Operational Excellence
* Build systems that are secure, stable, and easy to operate, with monitoring, alerting, and lifecycle planning embedded by design.
* Champion remediation of legacy identity components and uplift the security and operational posture of all identity services.
* Ensure knowledge is well documented and transitions smoothly into operational support with clear SLAs and handover practices.
Governance & Security
* Drive adoption of Zero Trust principles, secure admin tiering, modern auth standards, conditional access, and multifactor authentication.
* Own the health, design, and policy of PKI infrastructure and associated services (including certificate templates, CRLs, and HSMs).
* Work closely with the Security and Risk teams to ensure compliance with internal controls, regulatory obligations, and audit findings.
Leadership & Influence
* Represent Workplace Technology Identity Engineering across Tesco Technology and into broader cross-functional initiatives.
* Lead by example in engineering excellence, stakeholder engagement, and mentoring of less experienced engineers.
* Promote a culture of simplification, technical rigour, and continuous improvement.
Requirements
* Deep expertise in:
o Active Directory: design, hardening, replication, domain controller lifecycle, GPOs, admin tiering.
o Azure AD / Entra ID: hybrid identity, conditional access, MFA, identity protection, SSO, SCIM.
o Public Key Infrastructure (PKI): policy, lifecycle, templates, automation, CRL/OCSP, HSMs.
o Authentication protocols: OAuth2, OpenID Connect, SAML, Kerberos, NTLM, WS-Fed.
* Demonstrated ability to design and deliver identity platforms in large, complex environments.
* Understanding of identity's role in enterprise security frameworks and compliance requirements.
* Proficiency with scripting and automation tools (PowerShell, Terraform, etc.).
* Familiar with monitoring, backup, recovery, and DR practices for identity systems.
* Ensure identity services are designed with built-in resilience, supporting high availability, fault tolerance, and fast recovery across hybrid environments.
* Contribute to and maintain Business Continuity Plans (BCPs), ensuring critical identity components are documented with clear recovery priorities.
* Design and validate Disaster Recovery (DR) strategies for directory services, authentication systems, and PKI, with regular failover testing and documented RTO/RPO.
We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves. We celebrate diversity and recognize its value. We are committed to creating a workplace where differences are valued, giving all colleagues the same opportunities. We are proud to have been accredited Disability Confident Leader and are committed to providing a fully inclusive and accessible recruitment process. For further information on the accessibility support we can offer.
#J-18808-Ljbffr