About the role
This role sits within the workplace
Identity team which is part of the Tesco Workplace Technology engineering team,
part of a global engineering function delivering secure, scalable, and modern
workplace solutions for Tesco colleagues. As a senior engineer and domain
expert in Identity technologies, you will lead the full technology
lifecycle from strategy and design through to engineering, testing, and
delivery for the services that underpin our digital colleague experience.
You will be responsible for
Strategic Leadership
- Act as a senior engineer for
Identity within the Workplace Technology team, setting the direction,
roadmap, and architectural standards for core identity services
including Active Directory, Entra ID, PKI, and modern
authentication protocols.
- Align identity strategy to Tesco's
broader digital workplace vision, collaborating closely with architects,
product managers, security, and infrastructure teams.
- Stay ahead of market trends and
emerging technologies in identity and access management, advocating for
their adoption where beneficial.
Engineering
& Delivery
- Design and deliver secure, scalable
identity platforms that support global business needs and enable modern
digital workplace capabilities.
- Engineer solutions across the
identity lifecycle: concept, evaluation, prototyping, testing, production
deployment, and service transition.
- Implement automation, codification
(IaC), and integration with CI/CD practices to drive efficiency and
resilience.
- Act as a senior escalation point for
complex issues related to authentication, replication, certificate
lifecycle, hybrid identity, and directory services.
Operational
Excellence
- Build systems that are secure,
stable, and easy to operate, with monitoring, alerting, and lifecycle
planning embedded by design.
- Champion remediation of legacy
identity components and uplift the security and operational posture of all
identity services.
- Ensure knowledge is well documented
and transitions smoothly into operational support with clear SLAs and
handover practices.
Governance
& Security
- Drive adoption of Zero Trust
principles, secure admin tiering, modern auth standards, conditional
access, and multifactor authentication.
- Own the health, design, and policy
of PKI infrastructure and associated services (including certificate
templates, CRLs, and HSMs).
- Work closely with the Security and
Risk teams to ensure compliance with internal controls, regulatory
obligations, and audit findings.
Leadership
& Influence
- Represent Workplace Technology
Identity Engineering across Tesco Technology and into broader
cross-functional initiatives.
- Lead by example in engineering
excellence, stakeholder engagement, and mentoring of less experienced
engineers.
Promote a culture of simplification, technical
rigour, and continuous improvement
You will need
Required
Skills & Experience
- Deep expertise in:
- Active Directory: design, hardening, replication, domain controller lifecycle,
GPOs, admin tiering.
- Azure AD / Entra ID: hybrid identity, conditional access, MFA, identity
protection, SSO, SCIM.
- Public Key Infrastructure (PKI): policy, lifecycle, templates, automation, CRL/OCSP, HSMs.
- Authentication protocols: OAuth2, OpenID Connect, SAML, Kerberos, NTLM, WS-Fed.
- Demonstrated ability to design and
deliver identity platforms in large, complex environments.
- Understanding of identity's role in
enterprise security frameworks and compliance requirements.
- Proficiency with scripting and
automation tools (PowerShell, Terraform, etc.).
- Familiar with monitoring, backup,
recovery, and DR practices for identity systems.
- Ensure identity services are
designed with built-in resilience, supporting high availability, fault
tolerance, and fast recovery across hybrid environments.
- Contribute to and maintain Business
Continuity Plans (BCPs), ensuring critical identity components are
documented with clear recovery priorities.
- Design and validate Disaster
Recovery (DR) strategies for directory services, authentication systems,
and PKI, with regular failover testing and documented RTO/RPO.
- Define and verify backup and
recovery plans for identity infrastructure, including domain controllers,
certificate authorities, and configuration artifacts.
- Estimate engineering effort and
support the costing of identity-related projects, including resource
planning, licensing, infrastructure, and delivery timelines.
- Partner with Workplace Technology
leadership to shape and manage budgets, forecasts, and business cases for
new identity initiatives.
Nice to Have
- Experience integrating identity
across Linux, SaaS, and multi-cloud platforms.
- Understanding of M365, Microsoft
ecosystem, and their dependency on robust identity infrastructure.
- Exposure to identity governance,
entitlement management, and lifecycle workflows.
Whats in it for you
At Tesco, we are committed to providing the best for you.
As a result, our colleagues enjoy a unique, differentiated, market- competitive reward package, based on the current industry practices, for all the work they put into serving our customers, communities and planet a little better every day.
Our Tesco Rewards framework consists of pillars - Fixed Pay, Incentives, and Benefits.
Total Rewards offered at Tesco is determined by four principles -simple, fair, competitive, and sustainable.
Salary - Your fixed pay is the guaranteed pay as per your contract of employment.
Leave & Time-off - Colleagues are entitled to 30 days of leave (18 days of Earned Leave, 12 days of Casual/Sick Leave) and 10 national and festival holidays, as per the company's policy.
Making Retirement Tension-FreeSalary - In addition to Statutory retirement beneets, Tesco enables colleagues to participate in voluntary programmes like NPS and VPF.
Health is Wealth - Tesco promotes programmes that support a culture of health and wellness including insurance for colleagues and their family. Our medical insurance provides coverage for dependents including parents or in-laws.
Mental Wellbeing - We offer mental health support through self-help tools, community groups, ally networks, face-to-face counselling, and more for both colleagues and dependents.
Financial Wellbeing - Through our financial literacy partner, we offer one-to-one financial coaching at discounted rates, as well as salary advances on earned wages upon request.
Save As You Earn (SAYE) - Our SAYE programme allows colleagues to transition from being employees to Tesco shareholders through a structured 3-year savings plan.
Physical Wellbeing - Our green campus promotes physical wellbeing with facilities that include a cricket pitch, football field, badminton and volleyball courts, along with indoor games, encouraging a healthier lifestyle.
About Us
Tesco in Bengaluru is a multi-disciplinary team serving our customers, communities, and planet a little better every day across markets. Our goal is to create a sustainable competitive advantage for Tesco by standardising processes, delivering cost savings, enabling agility through technological solutions, and empowering our colleagues to do even more for our customers. With cross-functional expertise, a wide network of teams, and strong governance, we reduce complexity, thereby offering high-quality services for our customers.
Tesco in Bengaluru, established in 2004 to enable standardisation and build centralised capabilities and competencies, makes the experience better for our millions of customers worldwide and simpler for over 3,30,000 colleagues
Tesco TechnologyToday, our Technology team consists of over 5,000 experts spread across the UK, Poland, Hungary, the Czech Republic, and India. In India, our Technology division includes teams dedicated to Engineering, Product, Programme, Service Desk and Operations, Systems Engineering, Security & Capability, Data Science, and other roles.
At Tesco, our retail platform comprises a wide array of capabilities, value propositions, and products, essential for crafting exceptional retail experiences for our customers and colleagues across all channels and markets. This platform encompasses all aspects of our operations - from identifying and authenticating customers, managing products, pricing, promoting, enabling customers to discover products, facilitating payment, and ensuring delivery. By developing a comprehensive Retail Platform, we ensure that as customer touchpoints and devices evolve, we can consistently deliver seamless experiences. This adaptability allows us to respond flexibly without the need to overhaul our technology, thanks to the creation of capabilities we have built.
