Workplace Technology – Systems Engineer III – Identity (Active Directory, Entra ID, PKI, Modern[…]

This role sits within the workplace Identity team which is part of the Tesco Workplace Technology engineering team, part of a global engineering function delivering secure, scalable, and modern workplace solutions for Tesco colleagues. As a senior engineer and domain expert in Identity technologies, you will lead the full technology lifecycle — from strategy and design through to engineering, testing, and delivery — for the services that underpin our digital colleague experience.

Strategic Leadership

• Act as a senior engineer for Identity within the Workplace Technology team, setting the direction, roadmap, and architectural standards for core identity services including Active Directory, Entra ID, PKI and modern authentication protocols.
• Align identity strategy to Tesco’s broader digital workplace vision, collaborating closely with architects, product managers, security, and infrastructure teams.
• Stay ahead of market trends and emerging technologies in identity and access management, advocating for their adoption where beneficial.

Engineering & Delivery

• Design and deliver secure, scalable identity platforms that support global business needs and enable modern digital workplace capabilities.
• Engineer solutions across the identity lifecycle: concept, evaluation, prototyping, testing, production deployment, and service transition.
• Implement automation, codification (IaC), and integration with CI/CD practices to drive efficiency and resilience.
• Act as a senior escalation point for complex issues related to authentication, replication, certificate lifecycle, hybrid identity, and directory services.

Operational Excellence

• Build systems that are secure, stable, and easy to operate, with monitoring, alerting, and lifecycle planning embedded by design.
• Champion remediation of legacy identity components and uplift the security and operational posture of all identity services.
• Ensure knowledge is well documented and transitions smoothly into operational support with clear SLAs and handover practices.

Governance & Security

• Drive adoption of Zero Trust principles, secure admin tiering, modern auth standards, conditional access, and multifactor authentication.
• Own the health, design, and policy of PKI infrastructure and associated services (including certificate templates, CRLs, and HSMs).
• Work closely with the Security and Risk teams to ensure compliance with internal controls, regulatory obligations, and audit findings.

Leadership & Influence

• Represent Workplace Technology Identity Engineering across Tesco Technology and into broader cross-functional initiatives.
• Lead by example in engineering excellence, stakeholder engagement, and mentoring of less experienced engineers.
• Promote a culture of simplification, technical rigour, and continuous improvement.

Qualifications

• Deep expertise in:
• Active Directory: design, hardening, replication, domain controller lifecycle, GPOs, admin tiering.
• Azure AD / Entra ID: hybrid identity, conditional access, MFA, identity protection, SSO, SCIM.
• Public Key Infrastructure (PKI): policy, lifecycle, templates, automation, CRL/OCSP, HSMs.
• Authentication protocols: OAuth2, OpenID Connect, SAML, Kerberos, NTLM, WS-Fed.
• Demonstrated ability to design and deliver identity platforms in large, complex environments.
• Understanding of identity’s role in enterprise security frameworks and compliance requirements.
• Proficiency with scripting and automation tools (PowerShell, Terraform, etc.).
• Familiar with monitoring, backup, recovery, and DR practices for identity systems.
• Ensure identity services are designed with built-in resilience, supporting high availability, fault tolerance, and fast recovery across hybrid environments.
• Contribute to and maintain Business Continuity Plans (BCPs), ensuring critical identity components are documented with clear recovery priorities.
• Design and validate Disaster Recovery (DR) strategies for directory services, authentication systems, and PKI, with regular failover testing and documented RTO/RPO.

Equal Opportunity

We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves. We are committed to creating a workplace where differences are valued, and ensure all colleagues are given the same opportunities. We are a Disability Confident Leader and provide an accessible recruitment process.

#J-18808-Ljbffr…