Systems Engineer III

About the role

This role sits within the workplace Identity team which is

part of the Tesco
Workplace Technology engineering team
, part of a

global engineering function delivering secure, scalable, and modern workplace

solutions for Tesco colleagues. As a senior engineer and domain expert in
**Identity

technologies**
, you will lead the full technology lifecycle — from strategy

and design through to engineering, testing, and delivery — for the services

that underpin our digital colleague experience.

You will be responsible for

Strategic Leadership

• Act as a senior engineer for Identity within the Workplace Technology team, setting the 
  direction, roadmap, and architectural standards

for core identity services including 
Active Directory, Entra ID, PKI

, and modern authentication protocols.
- Align identity strategy to Tesco's broader digital

workplace vision, collaborating closely with architects, product managers,

security, and infrastructure teams.

• Stay ahead of market trends and emerging

technologies in identity and access management, advocating for their

adoption where beneficial.

Engineering & Delivery

• Design and deliver secure, scalable identity

platforms that support global business needs and enable modern digital

workplace capabilities.

• Engineer solutions across the identity lifecycle:

concept, evaluation, prototyping, testing, production deployment, and

service transition.

• Implement automation, codification (IaC), and

integration with CI/CD practices to drive efficiency and resilience.

• Act as a senior escalation point for complex issues

related to authentication, replication, certificate lifecycle, hybrid

identity, and directory services.

Operational Excellence

• Build systems that are
  **secure, stable, and easy

to operate**
, with monitoring, alerting, and lifecycle planning embedded

by design.

• Champion remediation of legacy identity components

and uplift the security and operational posture of all identity services.

• Ensure knowledge is well documented and transitions

smoothly into operational support with clear SLAs and handover practices.

Governance & Security

• Drive adoption of Zero Trust principles, secure

admin tiering, modern auth standards, conditional access, and multifactor

authentication.

• Own the health, design, and policy of PKI

infrastructure and associated services (including certificate templates,

CRLs, and HSMs).

• Work closely with the Security and Risk teams to

ensure compliance with internal controls, regulatory obligations, and

audit findings.

Leadership & Influence

• Represent
  **Workplace Technology Identity

Engineering**
across Tesco Technology and into broader cross-functional

initiatives.

• Lead by example in engineering excellence,

stakeholder engagement, and mentoring of less experienced engineers.

• Promote a culture of simplification, technical

rigour, and continuous improvement.

You will need

• Deep expertise in:

• Active Directory
  : design, hardening,

replication, domain controller lifecycle, GPOs, admin tiering.

• Azure AD / Entra ID
  : hybrid identity,

conditional access, MFA, identity protection, SSO, SCIM.

• Public Key Infrastructure (PKI)
  : policy,

lifecycle, templates, automation, CRL/OCSP, HSMs.

• Authentication protocols
  : OAuth2, OpenID

Connect, SAML, Kerberos, NTLM, WS-Fed.

• Demonstrated ability to design and deliver identity

platforms in large, complex environments.

• Understanding of identity's role in enterprise

security frameworks and compliance requirements.

• Proficiency with scripting and automation tools

(PowerShell, Terraform, etc.).

• Familiar with monitoring, backup, recovery, and DR

practices for identity systems.

• Ensure identity services are designed with built-in

resilience, supporting high availability, fault tolerance, and fast

recovery across hybrid environments.

• Contribute to and maintain Business Continuity

Plans (BCPs), ensuring critical identity components are documented with

clear recovery priorities.

• Design and validate Disaster Recovery (DR)

strategies for directory services, authentication systems, and PKI, with

regular failover testing and documented RTO/RPO.

Whats in it for you?
We're all about the little helps. That's why we make sure our Tesco colleague benefits package takes care of you – both in and out of work. Click Here to find out more 

• Annual bonus scheme of up to 20% of base salary

• Holiday starting at 25 days plus a personal day (plus Bank holidays)

• Private medical insurance

• 26 weeks maternity and adoption leave (after 1 years' service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 4 weeks fully paid paternity leave

• Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing

About Us
Our vision at Tesco is to become every customer's favourite way to shop, whether they are at home or out on the move. Our core purpose is 'Serving our customers, communities and planet a little better every day'. Serving means more than a transactional relationship with our customers. It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of and for the planet. 

We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves. At Tesco, we not only celebrate diversity, but recognise the value and opportunity it brings. We're committed to creating a workplace where differences are valued, and make sure that all colleagues are given the same opportunities. We're proud to have been accredited Disability Confident Leader and we're committed to providing a fully inclusive and accessible recruitment process. For further information on the accessibility support we can offer, please click here. 

We're a big business and we can offer a range of diverse full-time & part-time working patterns across our many business areas, which means that we can find something that works for you.  We work in a more blended pattern - combining office and remote working.  Our offices will continue to be where we connect, collaborate and innovate.  If you are applying internally, please speak to the Hiring Manager about how this can work for you - Everyone is welcome at Tesco.