Company
We’re Kingfisher, a team of over 74,000 passionate people who bring Kingfisher and all our other brands: B&Q, Screwfix, Brico Depot, Castorama, and Koctasto to life. Guided by our purpose "Better Homes. Better Lives. For Everyone." We believe a better world starts with better homes, and we work every day to make that a reality.
Role Summary
Senior Identity Platform Engineering Owner
We’re looking for a senior technical leader to own and deliver the technical strategy and roadmap for Kingfisher’s core identity platforms (Cloud Identity, Directory Infrastructure, and PKI & Machine Identity). The role will shape secure, resilient, and future‑ready identity services that support a Zero Trust, cloud‑first environment.
Location
Based in a UK office (Paddington, Southampton or Yeovil) with an expectation of 12 days a month in the office. The role will primarily be based out of Southampton with weekly travel to that site.
Responsibilities
* Own and continuously evolve the technical roadmap for cloud identity, directory infrastructure and PKI/machine identity platforms, ensuring alignment with security and cloud‑first principles.
* Act as the senior technical authority for identity platform design, providing clear architectural direction and leadership on complex technical decisions.
* Ensure the security, resilience, performance and availability of Active Directory, Microsoft Entra ID and hybrid identity services.
* Govern identity security controls, including Conditional Access, MFA, passwordless authentication, federation technologies and directory access models.
* Lead modernisation initiatives that improve automation, simplify platforms and support the structured de‑commissioning of legacy identity services.
* Oversee PKI governance, certificate lifecycle management and machine/workload identity services, setting clear operational standards.
* Use service metrics, operational insights, audit findings and incident learnings to drive continuous improvement across identity platforms.
Qualifications
* Strong hands‑on experience with Active Directory, Microsoft Entra ID and hybrid identity environments.
* Proven experience designing, implementing and governing Conditional Access, MFA, passwordless authentication and federation technologies (OIDC/SAML).
* Practical knowledge of PKI, ADCS, certificate lifecycle management and machine or workload identities.
* Deep understanding of identity security controls, including privileged access management and administrative hardening.
* Ability to provide senior technical leadership, influencing technical and non‑technical stakeholders and clearly explaining risk and impact.
How We Work
We believe in flexibility and balance. Our hybrid model blends home working with time spent in the office or at off‑site locations. On average, about 60% of your time will involve in‑person collaboration.
Diversity & Inclusion
Our customers and colleagues come from diverse walks of life. We’re committed to ensuring all colleagues, future colleagues, and applicants are treated equally, regardless of age, gender, marital or civil partnership status, ethnicity, culture, religion, belief, political opinion, disability, gender identity, gender expression, or sexual orientation.
Benefits
* Private Health Care – up to family level cover with AXA.
* Kingfisher Pension Scheme – immediate eligibility through auto‑enrolment, 8% contribution for 14% company match.
* 25 Days’ Holiday – plus bank holidays, pro‑rated for part‑time colleagues.
* Staff Discount – 20% discount at B&Q and Screwfix after 3 months.
* Kingfisher Share Incentive Plan (SIP) – tax‑efficient share ownership.
* Life Assurance – x4 salary (or x1 if not active member).
* Competitive Bonus Scheme aligned to role level.
* Kingfisher Share Save – option to buy shares after 3 or 5 year period.
#J-18808-Ljbffr