Tesco India Bengaluru, Karnataka, India Hybrid Full-Time Permanent Working hours 45 Apply by 16-Sep-2026
About the role
We are looking for a Senior IAM Engineer who is deeply hands on and passionate about building secure, scalable Single Sign On (SSO) and identity orchestration solutions. This is a pure individual contributor role focused on design, integration, automation, and troubleshooting—ideal for engineers who enjoy solving complex identity and authentication challenges in enterprise environments.
You will work closely with application, platform, and security teams to deliver robust identity solutions using Microsoft Entra ID, Okta, or OneLogin, while leveraging strong scripting, API, and infrastructure fundamentals.
What is in it for you
At Tesco, we are committed to providing the best for you.
As a result, our colleagues enjoy a unique, differentiated, market- competitive reward package, based on the current industry practices, for all the work they put into serving our customers, communities and planet a little better every day.
Our Tesco Rewards framework consists of pillars - Fixed Pay, Incentives, and Benefits.
Total Rewards offered at Tesco is determined by four principles -simple, fair, competitive, and sustainable.
Salary - Your fixed pay is the guaranteed pay as per your contract of employment.
Leave & Time-off - Colleagues are entitled to 30 days of leave (18 days of Earned Leave, 12 days of Casual/Sick Leave) and 10 national and festival holidays, as per the company’s policy.
Making Retirement Tension-FreeSalary - In addition to Statutory retirement beneets, Tesco enables colleagues to participate in voluntary programmes like NPS and VPF.
Health is Wealth - Tesco promotes programmes that support a culture of health and wellness including insurance for colleagues and their family. Our medical insurance provides coverage for dependents including parents or in-laws.
Mental Wellbeing - We offer mental health support through self-help tools, community groups, ally networks, face-to-face counselling, and more for both colleagues and dependents.
Financial Wellbeing - Through our financial literacy partner, we offer one-to-one financial coaching at discounted rates, as well as salary advances on earned wages upon request.
Save As You Earn (SAYE) - Our SAYE programme allows colleagues to transition from being employees to Tesco shareholders through a structured 3-year savings plan.
Physical Wellbeing - Our green campus promotes physical wellbeing with facilities that include a cricket pitch, football field, badminton and volleyball courts, along with indoor games, encouraging a healthier lifestyle.
You will be responsible for
• Design, build, and support SSO integrations using Microsoft Entra ID, Okta, or OneLogin.
• Develop and maintain custom SSO plugins and connectors for internal and third party applications.
• Implement and troubleshoot SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), and SCIM integrations.
• Build and manage identity orchestration workflows for user provisioning, de provisioning, and access lifecycle management.
• Integrate IAM platforms with applications and services using REST APIs.
• Create and maintain scripts using Python and PowerShell to support IAM operations and automation.
• Work with infrastructure components such as TLS and certificate lifecycle management.
• Support SSO integrations involving DNS, reverse proxies, load balancers, and network security controls.
• Ensure IAM implementations follow security best practices and enterprise standards.
You will need
• 7–10 years of hands on experience in Identity and Access Management (IAM) or security engineering roles.
• Strong, practical experience implementing SSO with Azure Entra ID.
• Proven experience developing custom SSO plugins or integrations.
• Solid understanding of identity orchestration concepts and user lifecycle management.
• Strong scripting skills with Python and PowerShell.
• Experience working with REST APIs for identity and application integrations.
o Hands on experience with at least 2 SSO platform - Microsoft Entra ID, Okta, OneLogin
• Strong infrastructure fundamentals, including:
o TLS / certificate lifecycle management
o DNS
o Reverse proxies
o Load balancers
About us
At Tesco, inclusion is at the heart of everything we do. We believe in treating everyone fairly and with respect, valuing individuality and uniqueness to create a true sense of belonging. Diversity and inclusion are deeply embedded in our values—we treat people how they want to be treated. Our goal is for all colleagues to feel they can be themselves at work, and we are committed to helping them thrive. Across the Tesco group, we are building an inclusive workplace that actively celebrates the cultures, personalities, and preferences of our colleagues, who in turn contribute to the success of our business and reflect the diversity of the communities we serve.
At Tesco Bengaluru, we are proud to be a Disability Confident Committed Employer, highlighting our commitment to creating a supportive environment for individuals with disabilities. We are dedicated to offering equal opportunities for all candidates and encourage applicants with disabilities to apply. Our recruitment process is fully accessible, and we are happy to provide reasonable adjustments during interviews. If you need any accommodations to participate in the recruitment process, please let us know. We are here to ensure that everyone has the chance to succeed.
We also believe in fostering a work environment where you can excel both professionally and personally. Our hybrid model allows you to work flexibly—spend 60% of your week collaborating in person with colleagues at our office locations or local sites, and the rest of the time working remotely. We understand that everyone’s life journey is unique, whether you are starting your career, pursuing passions, or navigating life changes, and we are here to support you. Flexibility is a core part of our culture, and we encourage open conversations about how we can best accommodate your needs, so talk to us throughout your application process on the support required.