Skip to content
Tesco UK Welwyn Garden City Hybrid Full-Time Working hours 36 Apply by 31-Jul-2026
About the role

The Security Engineer III role focused on Infrastructure Security is responsible for overseeing and shaping security controls across core infrastructure platforms. This role focuses on securing virtual machines, container platforms, infrastructure as code, and desired state configuration technologies across on-premises and cloud environments.

The engineer works closely with infrastructure and cloud teams to ensure security is embedded into infrastructure services by design. They act as a senior technical specialist, driving security improvements, reducing risk through automation, and helping establish secure engineering practices.

What is in it for you
We’re all about the little helps. That’s why we make sure our Tesco colleague benefits package takes care of you – both in and out of work. Click Here to find out more!
 
  • Annual bonus scheme of up to 20% of base salary.
  • Holiday starting at 25 days plus a personal day (plus Bank holidays).
  • Private medical insurance.
  • 26 weeks maternity and adoption leave (12 months service required at the qualifying date) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 6 weeks fully paid paternity leave.
  • Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing.
The above information is a shortened summary, refer to our policies for full details
You will be responsible for

    Secure Infrastructure Platforms: Implement and maintain security controls for virtual machine platforms, container environments, operating systems, and cloud infrastructure

    Infrastructure as Code Security: Develop and maintain security standards, policies, and guardrails for infrastructure delivered through Terraform, Bicep, or similar IaC technologies.

    Container & Kubernetes Security: Build and enhance security capabilities across container platforms, including image security, workload protection, runtime controls, admission policies, and Kubernetes hardening.

    Desired State Configuration & Platform Hardening: Define and maintain secure configuration baselines for Windows, Linux, containers, and cloud services using technologies such as Ansible or equivalent platforms.

    Security Automation: Develop automation and engineering solutions that improve prevention, detection, remediation, compliance validation, and operational efficiency.

    Secure Platform Design: Partner with infrastructure and platform engineering teams to provide security guidance, and ensure secure-by-design implementation.


You will need

Essential

    Infrastructure Security Expertise: Strong hands-on experience securing enterprise infrastructure platforms, including Windows, Linux, VMware, cloud platforms, and hybrid environments.

    Virtualisation Security: Experience securing virtual machine environments including platform hardening, configuration management, and workload protection.

    Container Security: Deep understanding of container and Kubernetes security principles, including image security, workload isolation, runtime protection, secret management, and cluster hardening.

    Infrastructure as Code: Proven experience developing and securing infrastructure using Terraform, Bicep or equivalent IaC technologies.


Desirable

  • Experience with Kubernetes platforms such as AKS, EKS, OpenShift, or Tanzu.
  • Experience implementing policy-as-code using technologies such as OPA Gatekeeper, Kyverno, Sentinel, or Azure Policy.
  • Familiarity with supply chain security practices, software bill of materials (SBOM), and artifact security.
About us
You might know us as a supermarket, technology company or even for our award-winning mobile network. Truth is, we’re all of those things, and much more. Our colleagues work with one goal in mind, helping to make every day a little better for our customers, colleagues and communities all over the world. No two customers are the same, neither are our colleagues. 
 
At Tesco, we champion a balance that lets you thrive both in and out of work. Spend 60% of your week collaborating with colleagues at our office locations or local sites and the rest remotely. Whether you're just kicking off your career, juggling passions, or navigating big life events, we're here to support you. We always welcome a conversation about flexible working, so talk to us throughout your application about how we can support. 
 
We're proud to be an accredited Disability Confident Leader, where everyone’s welcome. That’s why we commit to providing a fully inclusive and accessible recruitment process. If you need support with your application, click here  for more information. And if you're interested in joining our team but don't tick every box, don't let that hold you back from applying.