Workplace Technology - Systems Engineer III - Identity (Active Directory, Entra ID, PKI, Modern[...]

This role sits within the workplace Identity team which is part of the Tesco Workplace Technology engineering team, part of a global engineering function delivering secure, scalable, and modern workplace solutions for Tesco colleagues. As a senior engineer and domain expert in Identity technologies, you will lead the full technology lifecycle — from strategy and design through to engineering, testing, and delivery — for the services that underpin our digital colleague experience. Strategic Leadership * Act as a senior engineer for Identity within the Workplace Technology team, setting the direction, roadmap, and architectural standards for core identity services including Active Directory, Entra ID, PKI, and modern authentication protocols. * Align identity strategy to Tesco’s broader digital workplace vision, collaborating closely with architects, product managers, security, and infrastructure teams. * Stay ahead of market trends and emerging technologies in identity and access management, advocating for their adoption where beneficial. Engineering & Delivery * Design and deliver secure, scalable identity platforms that support global business needs and enable modern digital workplace capabilities. * Engineer solutions across the identity lifecycle: concept, evaluation, prototyping, testing, production deployment, and service transition. * Implement automation, codification (IaC), and integration with CI/CD practices to drive efficiency and resilience. * Act as a senior escalation point for complex issues related to authentication, replication, certificate lifecycle, hybrid identity, and directory services. Operational Excellence * Build systems that are secure, stable, and easy to operate, with monitoring, alerting, and lifecycle planning embedded by design. * Champion remediation of legacy identity components and uplift the security and operational posture of all identity services. * Ensure knowledge is well documented and transitions smoothly into operational support with clear SLAs and handover practices. Governance & Security * Drive adoption of Zero Trust principles, secure admin tiering, modern auth standards, conditional access, and multifactor authentication. * Own the health, design, and policy of PKI infrastructure and associated services (including certificate templates, CRLs, and HSMs). * Work closely with the Security and Risk teams to ensure compliance with internal controls, regulatory obligations, and audit findings. Leadership & Influence * Represent Workplace Technology Identity Engineering across Tesco Technology and into broader cross‑functional initiatives. * Lead by example in engineering excellence, stakeholder engagement, and mentoring of less experienced engineers. * Promote a culture of simplification, technical rigour, and continuous improvement. You will need * Deep expertise in: o Active Directory: design, hardening, replication, domain controller lifecycle, GPOs, admin tiering. o Azure AD / Entra ID: hybrid identity, conditional access, MFA, identity protection, SSO, SCIM. o Public Key Infrastructure (PKI): policy, lifecycle, templates, automation, CRL/OCSP, HSMs. o Authentication protocols: OAuth2, OpenID Connect, SAML, Kerberos, NTLM, WS‑Fed. * Demonstrated ability to design and deliver identity platforms in large, complex environments. * Understanding of identity’s role in enterprise security frameworks and compliance requirements. * Proficiency with scripting and automation tools (PowerShell, Terraform, etc.). * Familiar with monitoring, backup, recovery, and DR practices for identity systems. * Ensure identity services are designed with built‑in resilience, supporting high availability, fault tolerance, and fast recovery across hybrid environments. * Contribute to and maintain Business Continuity Plans (BCPs), ensuring critical identity components are documented with clear recovery priorities. * Design and validate Disaster Recovery (DR) strategies for directory services, authentication systems, and PKI, with regular fail‑over testing and documented RTO/RPO. Whats in it for you? * Annual bonus scheme of up to 20% of base salary * Holiday starting at 25 days plus a personal day (plus Bank holidays) * Private medical insurance * 26 weeks maternity and adoption leave (after 1 year’s service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay; 4 weeks fully paid paternity leave * Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, and free access to a range of experts to support your mental wellbeing We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves. We celebrate diversity, recognise the value and opportunity it brings, and are committed to providing a fully inclusive and accessible recruitment process. All colleagues are given the same opportunities. We are a Disability Confident Leader and provide the accessibility support you may require. #J-18808-Ljbffr