This role sits within the workplace Identity team which is part of the Tesco Workplace Technology engineering team, part of a global engineering function delivering secure, scalable, and modern workplace solutions for Tesco colleagues. As a senior engineer and domain expert in Identity technologies, you will lead the full technology lifecycle — from strategy and design through to engineering, testing, and delivery — for the services that underpin our digital colleague experience.
Strategic Leadership
- Act as a senior engineer for Identity within the Workplace Technology team, setting the direction, roadmap, and architectural standards for core identity services including Active Directory, Entra ID, PKI and modern authentication protocols.
- Align identity strategy to Tesco’s broader digital workplace vision, collaborating closely with architects, product managers, security, and infrastructure teams.
- Stay ahead of market trends and emerging technologies in identity and access management, advocating for their adoption where beneficial.
Engineering & Delivery
- Design and deliver secure, scalable identity platforms that support global business needs and enable modern digital workplace capabilities.
- Engineer solutions across the identity lifecycle: concept, evaluation, prototyping, testing, production deployment, and service transition.
- Implement automation, codification (IaC), and integration with CI/CD practices to drive efficiency and resilience.
- Act as a senior escalation point for complex issues related to authentication, replication, certificate lifecycle, hybrid identity, and directory services.
Operational Excellence
- Build systems that are secure, stable, and easy to operate, with monitoring, alerting, and lifecycle planning embedded by design.
- Champion remediation of legacy identity components and uplift the security and operational posture of all identity services.
- Ensure knowledge is well documented and transitions smoothly into operational support with clear SLAs and handover practices.
Governance & Security
- Drive adoption of Zero Trust principles, secure admin tiering, modern auth standards, conditional access, and multifactor authentication.
- Own the health, design, and policy of PKI infrastructure and associated services (including certificate templates, CRLs, and HSMs).
- Work closely with the Security and Risk teams to ensure compliance with internal controls, regulatory obligations, and audit findings.
Leadership & Influence
- Represent Workplace Technology Identity Engineering across Tesco Technology and into broader cross-functional initiatives.
- Lead by example in engineering excellence, stakeholder engagement, and mentoring of less experienced engineers.
- Promote a culture of simplification, technical rigour, and continuous improvement.
Qualifications
- Deep expertise in:
- Active Directory: design, hardening, replication, domain controller lifecycle, GPOs, admin tiering.
- Azure AD / Entra ID: hybrid identity, conditional access, MFA, identity protection, SSO, SCIM.
- Public Key Infrastructure (PKI): policy, lifecycle, templates, automation, CRL/OCSP, HSMs.
- Authentication protocols: OAuth2, OpenID Connect, SAML, Kerberos, NTLM, WS-Fed.
- Demonstrated ability to design and deliver identity platforms in large, complex environments.
- Understanding of identity’s role in enterprise security frameworks and compliance requirements.
- Proficiency with scripting and automation tools (PowerShell, Terraform, etc.).
- Familiar with monitoring, backup, recovery, and DR practices for identity systems.
- Ensure identity services are designed with built-in resilience, supporting high availability, fault tolerance, and fast recovery across hybrid environments.
- Contribute to and maintain Business Continuity Plans (BCPs), ensuring critical identity components are documented with clear recovery priorities.
- Design and validate Disaster Recovery (DR) strategies for directory services, authentication systems, and PKI, with regular failover testing and documented RTO/RPO.
Equal Opportunity
We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves. We are committed to creating a workplace where differences are valued, and ensure all colleagues are given the same opportunities. We are a Disability Confident Leader and provide an accessible recruitment process.
#J-18808-Ljbffr