Lead Systems Engineer III Networks Services

The Infrastructure Engineering team is responsible for designing, developing, implementing, and operating all infrastructure used by Tesco Technology across data centres, offices, stores, and distribution centres. This includes multiple domains such as private and public cloud, connectivity, end-user computing, CI/CD, and monitoring tools. The team manages both third-party and internally developed infrastructure applications that support the broader Tesco business.

As part of wider Infrastructure Team, Network Services Team design, develop, implement, and operate Network and Security infrastructure technologies that facilitate both Infrastructure and the rest of Tesco Technology

Key activities include:

·       Design, develop, implement, and operate large-scale, high-capacity, and highly resilient infrastructure solutions that enable Infrastructure, technology development teams, and business colleagues to utilise Network Security Services.

·       Set the strategy, objectives, and high-level plans for Networks Infrastructure to meet the requirements of Tesco Technology and the business.

·       Define and continually oversee standards and simplification across the entire Network Services portfolio.

·       Drive innovation through transformation and continual service improvement.

·       Evaluate partners, software, and hardware to find the right mix for delivering the Technology and business strategy.

·       Design, develop, implement, and operate Networks solutions using modern automation technologies, such as self-service APIs, to ensure controlled, auditable, and repeatable consumption of Networks and Infrastructure, with seamless failure handling.

The Role – Lead Engineer – Network Security Services

As a Lead Engineer – Network Security Services, you will be the technical authority for designing and delivering secure, automated, and scalable network infrastructure solutions. You’ll shape the roadmap, drive innovation, and ensure our network security services are productised, consumable, and aligned with Tesco’s technology and business strategy.

You’ll work closely with architecture, product, and engineering teams to deliver infrastructure as a product—focusing on reusability, automation, and developer experience.

·       Define and evolve network security infrastructure as a product—ensuring it is scalable, secure, and easy to consume by internal teams.

·       Lead the design and implementation of modern, automated network security solutions using APIs and infrastructure-as-code.

·       Shape the infrastructure roadmap in collaboration with Architecture and Product teams, aligning with Tesco’s business goals.

·       Drive transformation through automation, self-service, and continuous improvement.

·       Partner with software engineers and platform teams to ensure seamless integration and adoption of network services.

·       Coach and mentor engineers, ensuring high-quality designs and fostering a culture of technical excellence.

·       Provide technical leadership if needed in incident analysis, driving design improvements to enhance resilience, reliability, and long-term stability

This role will best suit an individual who brings a product mindset focused on delivering scalable, reusable, and user-friendly infrastructure services, deep technical expertise in network security, cloud networking (especially Azure), and automation. Strong collaboration and communication skills to influence across engineering, architecture, and product teams. A passion for continuous learning, innovation, and mentoring others.

Skills / Experience Required

• Strong collaboration skills for working with cross-functional teams.
• Excellent communication skills to explain network security concepts to non-technical stakeholders.
• Commitment to staying current with the latest security trends, technologies, and threats.
• Analytical and structured approach to design, processes, and advanced troubleshooting.
• Ability to understand Tesco Technology and business strategies and translate them into technology roadmaps and innovative solutions.
• Proficient in producing and maintaining high-quality HLD/LLD and standards documentation.
• Well-organised self-starter who takes personal ownership and accountability throughout the work stream and project life cycles, always willing to go the extra mile.
• Builds and maintains positive relationships within and across teams.
• Provides technical leadership within teams and mentors individuals.
• Communicates effectively, delivering and presenting designs, strategies, and concepts clearly to both senior and junior staff.
• Takes ownership of staying up to date with the latest industry technologies, approaches, and standards, such as Zero Trust.

Technology Skills

• Proven track record in designing and operating secure, scalable network infrastructure across hybrid and cloud environments (especially Azure).
• Strong expertise in firewalls, IDS/IPS, VPNs, and cloud-native security tools (e.g., Azure Firewall, NSGs).
• Hands-on experience with automation and IaC using Terraform, Ansible, and Python.
• Deep understanding of container networking in Kubernetes, including CNI plugins, Ingress, service mesh and network policies.
• Familiar with CI/CD integration, DevOps practices, and secure infrastructure delivery via Azure DevOps or GitHub Actions.
• Skilled in traffic management (F5, Akamai, Azure Load Balancer) and network observability tools.
• Strong documentation, troubleshooting, and cross-team collaboration skills.

Desirable Technology

• Experience with NAC, CDN, WAF, SSL/TLS, and web performance optimisation.
• Knowledge of compliance frameworks (CIS, NIST) and wireless security protocols.
• Hands-on experience with network observability tools and protocols (SNMP, Netflow, IPSLA).
•