Senior Systems Engineer – Identity, DirectAccess, AIP, PKI

Hours: 36

Salary: Competitve

Location: Welwyn Garden City, Hertfordshire AL7 1GA

United Kingdom

Apply by: 24/09/2018

Senior Systems Engineer – Identity, DirectAccess, AIP, PKI

Welwyn Garden City, Hertfordshire AL7 1GA

About the role

About the Tesco Technology Infrastructure Team


The Infrastructure Engineering team design, develop, implement and operate all infrastructure used by Tesco Technology across our data centres, offices, stores and distribution centres. This encompasses multiple domains; private and public cloud, connectivity, end-user computing, CI/CD and monitoring toolkit. This includes both 3rd party and internally developed infrastructure applications and infrastructure that support the wider Tesco business.

As part of wider Infrastructure Team, Networks and Security Team design, develop, implement and operate all Network and Security infrastructure technologies that facilitate the both Infrastructure and the rest of Tesco Technology

You will be responsible for

Key activities include:

·         Designs, develops, implements and operates the ­large-scale, high-capacity and highly resilient infrastructure solutions that allow the rest of Infrastructure, Technology development teams and business colleagues to consume the End User Desktop Services.

·         Setting the strategy, objectives and high-level plans for End User Computing across Tesco Group in order to best deliver requirements of Tesco Technology and thus the business.

·         Defining and continually overseeing standards and simplification across the entire End User Computing estate.

·         Driving innovation through transformation and Continual Service Improvement

·         Evaluating partners, software and hardware and finding the right mix to deliver the Technology and ultimately, business strategy

·         Designs, develops, implements and operates End User solutions in line with modern automation technologies where possible through self-service APIs. These solutions will allow End User Computing and rest of Infrastructure to be consumed in a controlled, auditable and repeatable manner, automatically handling failure seamlessly.

·         Designing, delivering, implementing and operating new and re-usable infrastructure solutions to meet both technological, financial and business requirements. Collaborate with, and advise, development teams, to create appropriate infrastructure solutions to facilitate both their and ultimately the business requirements

You will need

The Role – Systems Engineer II – Identity, DirectAccess, AIP, PKI

Whilst specific responsibilities will be dependent upon the changing needs of the Tesco business, the following provides an overview of the role’s key responsibilities and measures:

  • Architect, Design and Deliver solutions using existing Infrastructure components. Where new infrastructure technologies are being introduced, implement them and establish best practice for their adoption. Resolve incidents that have not been seen before and initiate change to ensure that issues can be easily dealt with in future.
  • Contribute to the Technology Roadmap for Windows and Non-Windows end user devices across Tesco
  • Evaluate new tools and techniques being able to understand their value and impact.
  • Understand current application development techniques and their implications to infrastructure
  • Lead group design discussions on my area of expertise and be able to present with authority to a variety of audiences.
  • Collaborate with Software Engineers to understand their requirements and assist them consuming Infrastructure in the most seamless way possible.
  • Coach and mentor system engineers across Technology who are at a more junior level. Ensure that my own team’s designs are of a high quality and understand the impacts to any other areas of infrastructure.
  • Keep my technical skills up to date and keep track of new technologies, understanding how they might benefit the Technology team and wider Tesco.
  • Introduce automation to all aspects of my day to day work.


This role will best suit an individual who enjoys working as part of a team, is well organised, pragmatic and a lateral thinker with an inquisitive mind who is motivated to make change for the better and, most importantly, puts our customers first.

  • Skills / Experience Required Experience designing and deploying system management solutions for large, complex global organisations
  • Analytical and structured approach to design, process and advanced trouble-shooting
  • Understand Tesco Technology and business strategies and convert into technology roadmaps and innovative solutions that best achieve these goals
  • Ability to produce and maintain high quality HLD/LLD and Standards documentation
  • Well organised self-starter who takes personal ownership and accountability at required levels of the work stream and project life cycles; willing to go the extra mile at every opportunity
  • Builds and maintains positive relationships within and across teams
  • Provides technical leadership within teams and mentoring for individuals
  • Communicates effectively, able to deliver and present both written and verbal, designs, strategies and concepts clearly and affectively to Senior & Jnr staff alike
  • Take ownership, to keep up-to-date and embrace the latest industry technologies and associated supplier solutions across key areas of End User Systems and Security Management.  

Required Technology Skills (Applicant should possess a min 3 of below)

  • Architecture, Design, Administration and Management of large scale Active Directory.
  • Extensive experience with Microsoft Cloud Products, be able to design, implement and support Office 365 and Azure AD and related technologies including but not limited to, Active Directory and Active Directory Federation Services (ADFS), Directory Synchronization, Azure AD.
  • Significant Cloud Identity Engineering experience with Office 365 and Advanced PowerShell.
  • Knowledge of Microsoft Azure cloud Identity and Security technologies with good understanding of the cloud platforms and capabilities.
  • Good understanding of DNS, DHCP and Active Directory.
  • Knowledge on Identity & Access Management.
  • Extensive PowerShell knowledge to automate Joiners/Movers & Leavers processes.
  • Active Directory Rights Management with knowledge on Data Leak Prevention.
  • Design and deploy Public Key Infrastructure
  • Design and deploy Azure Information protection
  • Design and deploy DirectAccess solution.
  • Design and deploy of Azure multi-factor solution

Desired Technical Skills

  • Design and Operational knowledge on Active Directory, Office 365.
  • Design and Operational knowledge on Active Directory Rights Management.
  • Scripting knowledge with Windows PowerShell.
  • Good technical mentoring skills across all levels of an engineering team.
  • Experience of working with Vendors and consultancies to deliver outcome-based engagements.
  • Expert knowledge of Microsoft DirectAccess
  • Expert knowledge of Microsoft Public Key Infrastructure and SCEP
  • Expert knowledge of Azure Information protection.
  • Expert knowledge on Microsoft on-premise Azure Multi-factor solution.

About us

About Tesco                                         

Our vision here at Tesco is to become every customer's favourite way to shop online, whether they are at home, out shopping, on the move, anywhere in the world.

We want our customers to be inspired and whatever they are looking for, we’re finding bigger and better ways to provide it.

Everything is underpinned by our continuous drive for the best tools and technology to deliver our vision. We’re driving innovation and transforming our Technology to become the world’s leading e-commerce business.

We need people who share our ambition to deliver for our customers; Passionate and confident people willing to take the initiative and drive us forwards. In return we offer excitement, a great team, an excellent benefit package, and significant career development opportunities.

The position will be based at our Head Office, Welwyn Garden City, Hertfordshire. (However, staff have opportunity to work at other offices as well as their home where circumstances require. Staff will also be required to occasionally travel on business to other parts of UK and abroad where necessary)

What’s in it for you

We offer excellent benefits that help make Tesco a great place to work.  These include but aren’t limited to:


  • An annual bonus scheme which you can achieve up to 3.5% of base salary
  • Colleague Clubcard (including a 2nd card for a family member) after 6 months service with 10% off most purchases at Tesco
  • Holiday starting at 25 days plus a personal day
  • A retirement savings plan - 4%-7.5% contribution rate
  • Life Assurance - 5 x contractual pay
  • Buy As You Earn Scheme
  • Save As You Earn Scheme
  • Deals & Discounts through Tesco including Tesco Mobile & Tesco Bank
  • Deals and Discounts through many other external businesses

Application process

Our office application process varies depending on the role and the level of experience needed.

Back to top

Explore our opportunities to get on. A place for everyone.