The Infrastructure Engineering team is responsible for designing, developing, implementing, and operating all infrastructure used by Tesco Technology across data centres, offices, stores, and distribution centres. This includes multiple domains such as private and public cloud, connectivity, end-user computing, CI/CD, and monitoring tools. The team manages both third-party and internally developed infrastructure applications that support the broader Tesco business. As part of wider Infrastructure Team, Network Services Team design, develop, implement, and operate Network and Security infrastructure technologies that facilitate both Infrastructure and the rest of Tesco Technology Key activities include: · Design, develop, implement, and operate large-scale, high-capacity, and highly resilient infrastructure solutions that enable Infrastructure, Technology development teams, and business colleagues to utilize Networks and Security Services. · Set the strategy, objectives, and high-level plans for Networks Infrastructure Service to meet the requirements of Tesco Technology and the business. · Define and continually oversee standards and simplification across the entire Network Services portfolio. · Drive innovation through transformation and Continual Service Improvement. · Evaluate partners, software, and hardware to find the right mix for delivering the Technology and business strategy. · Design, develop, implement, and operate Networks solutions using modern automation technologies, such as self-service APIs, to ensure controlled, auditable, and repeatable consumption of Networks and Infrastructure, with seamless failure handling. · Design, deliver, implement, and operate new and reusable infrastructure solutions that meet technological, financial, and business requirements. Collaborate with and advise development teams to create suitable infrastructure solutions that support their needs and the business requirements. The Lead Engineer will report directly into the Head Of System Engineering (HoSE) and whilst specific responsibilities will be dependent upon the changing needs of the Tesco business, the following provides an overview of the role’s key responsibilities and measures: Architect, Design and Deliver solutions using existing Infrastructure components. Where new infrastructure technologies are being introduced, implement them and establish best practice for their adoption. Resolve incidents that have not been seen before and initiate change to ensure that issues can be easily dealt with in future. Contribute to the Infrastructure Product Roadmaps Evaluate new tools and techniques being able to understand their value and impact. Understand current application development techniques and their implications to Network Services and wider Infrastructure Lead group design discussions on my area of expertise and be able to present with authority to a variety of audiences. Collaborate with Software Engineers to understand their requirements and assist them consuming Infrastructure in the most seamless way possible. Coach and mentor System Engineers across Technology who are at a more junior level. Ensure that my own team’s designs are of a high quality and understand the impacts to any other areas of infrastructure. Keep my technical skills up to date and keep track of new technologies, understanding how they might benefit the Technology team and wider Tesco. Introduce automation to all aspects of my day-to-day work. The Lead Engineer will serve as the primary technical and design authority for the team. Alongside the Head of Systems Engineering (HoSE), they will maintain key relationships with the Architecture and Product Team. They will collaborate closely to integrate design and business practicalities and limitations, shaping architectural strategies and roadmaps. Additionally, they will translate these strategies into Network Services and guide the team in delivering practical, real-world designs. This role will best suit an individual who enjoys working as part of a team, is well organised, pragmatic and a lateral thinker with an inquisitive mind who is motivated to make change for the better and, most importantly, puts our customers first. Experience Required Strong collaboration skills for working with cross-functional teams. Excellent communication skills to explain network security concepts to non-technical stakeholders. Commitment to staying current with the latest security trends, technologies, and threats. Analytical and structured approach to design, processes, and advanced troubleshooting. Ability to understand Tesco Technology and business strategies, and translate them into technology roadmaps and innovative solutions. Proficient in producing and maintaining high-quality HLD/LLD and standards documentation. Well-organized self-starter who takes personal ownership and accountability throughout the work stream and project life cycles, always willing to go the extra mile. Builds and maintains positive relationships within and across teams. Provides technical leadership within teams and mentors individuals. Communicates effectively, delivering and presenting designs, strategies, and concepts clearly to both senior and junior staff. Takes ownership of staying up-to-date with the latest industry technologies, approaches, and standards, such as Zero Trust. Technology Skills (Applicant should possess a min 3 of the below) Extensive expertise in configuring, managing, and troubleshooting firewalls and Intrusion Detection/Prevention Systems (IDS/IPS) to safeguard network integrity and prevent unauthorised access. Proficient in securing cloud environments, particularly Azure. Skilled in automation tools and scripting languages such as Python, Ansible, and Terraform. Well-versed in industry standards and compliance frameworks like CIS and NIST. Capable of designing and implementing scalable, high-performance network security solutions. Proficient in load balancing and DNS balancing, with experience in tools like F5 and cloud solutions such as Akamai and Azure ALB. Proficient in configuring and managing proxy servers and remote access solutions, ensuring secure and efficient connectivity. Familiar with network management technologies and protocols like SNMP, Netflow, and IPSLA, and experienced in using network management and alerting tools. Expertise in network segmentation and micro-segmentation strategies Knowledgeable in API security. Desirable Technology Hands-on experience with Zero Trust architecture and its deployment Knowledge of wireless security protocols and best practices. Knowledgeable in managing network access control (NAC) systems. Expertise in optimizing web performance and ensuring security, including implementing CDN, SSL/TLS, and web application firewalls (WAF) Understanding of web technologies and protocols, including HTML, HTTP/HTTPS, and XML.