Security Engineer III – Infrastructure

Company: Tesco
Apply for the Security Engineer III – Infrastructure
Location: Welwyn Garden City
Job Description:

The Security Engineer III role focused on Infrastructure Security is responsible for overseeing and shaping security controls across core infrastructure platforms. This role focuses on securing virtual machines, container platforms, infrastructure as code, and desired state configuration technologies across on-premises and cloud environments.

The engineer works closely with infrastructure and cloud teams to ensure security is embedded into infrastructure services by design. They act as a senior technical specialist, driving security improvements, reducing risk through automation, and helping establish secure engineering practices.

  • Secure Infrastructure Platforms: Implement and maintain security controls for virtual machine platforms, container environments, operating systems, and cloud infrastructure
  • Infrastructure as Code Security: Develop and maintain security standards, policies, and guardrails for infrastructure delivered through Terraform, Bicep, or similar IaC technologies.
  • Container & Kubernetes Security: Build and enhance security capabilities across container platforms, including image security, workload protection, runtime controls, admission policies, and Kubernetes hardening.
  • Desired State Configuration & Platform Hardening: Define and maintain secure configuration baselines for Windows, Linux, containers, and cloud services using technologies such as Ansible or equivalent platforms.
  • Security Automation: Develop automation and engineering solutions that improve prevention, detection, remediation, compliance validation, and operational efficiency.
  • Secure Platform Design: Partner with infrastructure and platform engineering teams to provide security guidance, and ensure secure-by-design implementation.

Essential

  • Infrastructure Security Expertise: Strong hands‑on experience securing enterprise infrastructure platforms, including Windows, Linux, VMware, cloud platforms, and hybrid environments.
  • Virtualisation Security: Experience securing virtual machine environments including platform hardening, configuration management, and workload protection.
  • Container Security: Deep understanding of container and Kubernetes security principles, including image security, workload isolation, runtime protection, secret management, and cluster hardening.
  • Infrastructure as Code: Proven experience developing and securing infrastructure using Terraform, Bicep or equivalent IaC technologies.

Desirable

  • Experience with Kubernetes platforms such as AKS, EKS, OpenShift, or Tanzu.
  • Experience implementing policy‑as‑code using technologies such as OPA Gatekeeper, Kyverno, Sentinel, or Azure Policy.
  • Familiarity with supply chain security practices, software bill of materials (SBOM), and artifact security.

#J-18808-Ljbffr…

Posted: July 17th, 2026