(Snr) SE III Lead Engineer - Network Security Services
About the role
The Infrastructure Engineering team is responsible for designing, developing, implementing, and operating all infrastructure used by Tesco Technology across data centres, offices, stores, and distribution centres. This includes multiple domains such as private and public cloud, connectivity, end-user computing, CI/CD, and monitoring tools. The team manages both third-party and internally developed infrastructure applications that support the broader Tesco business.
As part of the wider Infrastructure Team, the Network Services Team designs, develops, implements, and operates Network and Security infrastructure technologies that facilitate both Infrastructure and the rest of Tesco Technology.
Key activities include:
1. Design, develop, implement, and operate large-scale, high-capacity, and highly resilient infrastructure solutions that enable Infrastructure, Technology development teams, and business colleagues to utilize Networks and Security Services.
2. Set the strategy, objectives, and high-level plans for Networks Infrastructure Service to meet the requirements of Tesco Technology and the business.
3. Define and continually oversee standards and simplification across the entire Network Services portfolio.
4. Drive innovation through transformation and Continual Service Improvement.
5. Evaluate partners, software, and hardware to find the right mix for delivering the Technology and business strategy.
6. Design, develop, implement, and operate Networks solutions using modern automation technologies, such as self-service APIs, to ensure controlled, auditable, and repeatable consumption of Networks and Infrastructure, with seamless failure handling.
7. Design, deliver, implement, and operate new and reusable infrastructure solutions that meet technological, financial, and business requirements. Collaborate with and advise development teams to create suitable infrastructure solutions that support their needs and the business requirements.
You will be responsible for:
1. Architect, Design and Deliver solutions using existing Infrastructure components. Where new infrastructure technologies are being introduced, implement them and establish best practice for their adoption. Resolve incidents that have not been seen before and initiate change to ensure that issues can be easily dealt with in future.
2. Contribute to the Infrastructure Product Roadmaps.
3. Evaluate new tools and techniques being able to understand their value and impact.
4. Understand current application development techniques and their implications to Network Services and wider Infrastructure.
5. Lead group design discussions on my area of expertise and be able to present with authority to a variety of audiences.
6. Collaborate with Software Engineers to understand their requirements and assist them in consuming Infrastructure in the most seamless way possible.
7. Coach and mentor System Engineers across Technology who are at a more junior level. Ensure that my own team's designs are of a high quality and understand the impacts to any other areas of infrastructure.
8. Keep my technical skills up to date and track new technologies, understanding how they might benefit the Technology team and wider Tesco.
9. Introduce automation to all aspects of my day-to-day work.
10. The Lead Engineer will serve as the primary technical and design authority for the team. Alongside the Head of Systems Engineering (HoSE), they will maintain key relationships with the Architecture and Product Team. They will collaborate closely to integrate design and business practicalities and limitations, shaping architectural strategies and roadmaps. Additionally, they will translate these strategies into Network Services and guide the team in delivering practical, real-world designs.
This role will best suit an individual who enjoys working as part of a team, is well organised, pragmatic and a lateral thinker with an inquisitive mind who is motivated to make change for the better and, most importantly, puts our customers first.
You will need:
Experience Required:
1. Strong collaboration skills for working with cross-functional teams.
2. Excellent communication skills to explain network security concepts to non-technical stakeholders.
3. Commitment to staying current with the latest security trends, technologies, and threats.
4. Analytical and structured approach to design, processes, and advanced troubleshooting.
5. Ability to understand Tesco Technology and business strategies, and translate them into technology roadmaps and innovative solutions.
6. Proficient in producing and maintaining high-quality HLD/LLD and standards documentation.
7. Well-organized self-starter who takes personal ownership and accountability throughout the work stream and project life cycles, always willing to go the extra mile.
8. Builds and maintains positive relationships within and across teams.
9. Provides technical leadership within teams and mentors individuals.
10. Communicates effectively, delivering and presenting designs, strategies, and concepts clearly to both senior and junior staff.
11. Takes ownership of staying up-to-date with the latest industry technologies, approaches, and standards, such as Zero Trust.
Technology Skills (Applicant should possess a minimum of 3 of the below):
1. Extensive expertise in configuring, managing, and troubleshooting firewalls and Intrusion Detection/Prevention Systems (IDS/IPS) to safeguard network integrity and prevent unauthorized access.
2. Proficient in securing cloud environments, particularly Azure.
3. Skilled in automation tools and scripting languages such as Python, Ansible, and Terraform.
4. Well-versed in industry standards and compliance frameworks like CIS and NIST.
5. Capable of designing and implementing scalable, high-performance network security solutions.
6. Proficient in load balancing and DNS balancing, with experience in tools like F5 and cloud solutions such as Akamai and Azure ALB.
7. Proficient in configuring and managing proxy servers and remote access solutions, ensuring secure and efficient connectivity.
8. Familiar with network management technologies and protocols like SNMP, Netflow, and IPSLA, and experienced in using network management and alerting tools.
9. Expertise in network segmentation and micro-segmentation strategies.
10. Knowledgeable in API security.
Desirable Technology:
1. Hands-on experience with Zero Trust architecture and its deployment.
2. Knowledge of wireless security protocols and best practices.
3. Knowledgeable in managing network access control (NAC) systems.
4. Expertise in optimizing web performance and ensuring security, including implementing CDN, SSL/TLS, and web application firewalls (WAF).
5. Understanding of web technologies and protocols, including HTML, HTTP/HTTPS, and XML.
What's in it for you:
We're all about the little helps. That's why we make sure our Tesco colleague benefits package takes care of you - both in and out of work. Click Here to find out more!
* Annual bonus scheme of up to 20% of base salary
* Holiday starting at 25 days plus a personal day (plus Bank holidays)
* Private medical insurance
* 26 weeks maternity and adoption leave (after 1 year's service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 6 weeks fully paid paternity leave
* Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing
About us:
Our vision at Tesco is to become every customer's favourite way to shop, whether they are at home or out on the move. Our core purpose is 'Serving our customers, communities and planet a little better every day'. Serving means more than a transactional relationship with our customers. It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of and for the planet.
Diversity, equity and inclusion (DE&I) at Tesco means that whoever you are and whatever your background, we always want you to feel represented and that you can be yourself at work. In short, we're a place where Everyone's Welcome. We're proud to have been accredited Disability Confident Leader and we're committed to providing a fully inclusive and accessible recruitment process. For further information on the accessibility support we can offer, please click here.
We're a big business and we can offer a range of diverse full-time & part-time working patterns across our many business areas, which means that we can find something that works for you. We work in a more blended pattern - combining office and remote working. Our offices will continue to be where we connect, collaborate and innovate.
#J-18808-Ljbffr