Tesco

Senior Cloud Security Analyst - Azure

Tesco  •  Czechia (Hybrid)  •  12 days ago
Apply
Save Job
Mark Applied Mark Interviewed Mark Offered
Hide Job Report Job
AI can make mistakes so check important info. Chat history is never stored.

Job Description

Tesco Czech Republic Hybrid Full-Time Permanent Working hours 40 Apply by 15-May-2027
About the role
We are looking for a highly skilled Senior Cloud Security Analyst with deep expertise in Microsoft Azure IAM, Privileged Identity Management (PIM), and cloud security governance In this role, you will lead security posture assessments, identify identity‑related risks, define remediation strategies, and drive security improvements across large‑scale enterprise Azure environments.
This is a strategic, hands‑on position where your decisions directly shape the security of our cloud platforms.

Key Skills:
  • Azure IAM Security
  • Microsoft Entra ID
  • Cloud Security Governance
  • RBAC & PIM
  • Identity Governance
  • Zero Trust
  • Security Assessments & Remediation
  • Risk Analysis
  • Stakeholder Management
  • Cloud Infrastructure Security

What is in it for you
Tesco is a diverse and exciting employer, dedicated to being #aplacetogeton, providing career-defining opportunities to all of our colleagues. If you choose to join our business, we will provide you with (for all):

  • Up to 20% yearly salary bonus - based on both individual and business performance
  • Sick leave Compensation
  • 1 extra week of annual leave above your legal entitlement of 4 weeks of annual leave of paid leave to support our well-being and family life
  • Pension insurance contribution
  • Cafeteria benefit system & Multisport card
  • Training and Development Plan, supported by certified training and learning platforms like Udemy, Udemy Pro and LinkedIn
  • Referral Bonus
  • Flexible work time

You will be responsible for
  • Assess Azure IAM security across enterprise environments, including architecture, configurations, and access controls.
  • Identify risks and misconfigurations such as excessive privileges, orphaned identities, privilege escalation paths, and compliance gaps.
Review and analyse:
    • Azure Active Directory / Microsoft Entra ID
    • RBAC models
    • PIM
    • Conditional Access
    • Managed Identities
    • Service Principals
    • Identity Governance
    • MFA and Access Review processes
  • Define remediation plans and security hardening recommendations.
  • Collaborate with cloud engineering, infrastructure, SecOps, IAM teams, and application owners to implement remediation.
  • Lead remediation workshops and track progress to closure.
  • Develop Azure IAM governance standards, policies, and best practices.
  • Perform security reviews for new Azure deployments and cloud transformation initiatives.
  • Support audit and compliance activities related to cloud IAM.
  • Produce technical reports, risk assessments, dashboards, and executive summaries.
  • Provide guidance on Zero Trust and least‑privilege models.
  • Monitor Azure security posture using native and third‑party tools.
  • Recommend improvements for automation, monitoring, and continuous compliance.

You will need
  • Bachelor’s degree in Cybersecurity, Information Security, Computer Science, or equivalent experience.
  • 8+ years in cybersecurity, IAM, or cloud security.
  • 5+ years securing Microsoft Azure environments.

Strong expertise in:
  • Microsoft Azure
  • Microsoft Entra ID (Azure AD)
  • Azure RBAC
  • PIM
  • Conditional Access
  • Identity Governance
  • Azure Policy
  • Microsoft Defender for Cloud
  • Microsoft Sentinel

Solid understanding of:
  • Zero Trust architecture
  • Least privilege principles
  • IAM governance frameworks
  • Cloud security architecture
  • Security risk management
  • Experience leading IAM maturity assessments and remediation programs.
  • Strong analytical, problem‑solving, and stakeholder management skills.
  • Excellent written and verbal communication skills.

Preferred Qualifications
Microsoft certifications:
  • Azure Security Engineer Associate
  • Cybersecurity Architect Expert
  • Identity & Access Administrator Associate
  • Security certifications: CISSP, CCSP, CISM, GIAC.
  • Experience with hybrid identity and multi‑cloud security.
  • PowerShell, Terraform, Azure CLI.
  • Familiarity with SOX, ICFR, NIS2.

About us
Tesco Technology was established in Prague to support Tesco’s retail business in Central Europe and across the Tesco Group. What began as a regional center over 25 years ago has evolved into a modern, forward-thinking team, driving innovation and digital transformation throughout the region.    With operations in the UK, Ireland, India, Hungary, Poland, and the Czech Republic, we’re committed to delivering great value to our customers every day.    Let’s {code} the future together at {Tesco Technology}!
Tesco

About Tesco

One of the world’s largest retailers of consumer goods from food to fashion. Serving our customers, communities and planet a little better every day in our stores and online is at the heart of everything we do.

Founded in 1919 by Jack Cohen using the £30 he received on leaving the Royal Flying Corp, we’ve come a long way from his small market stall in East London. Today over 400,000 colleagues work across our stores, office, distribution and customer engagement centres in the UK, Europe and Asia.

Share our passion for the people, products and places that make us great, and we can offer the right support to develop your skills. If you’re looking for the perfect work-life balance, a collaborative culture and flexible ways of working, find your opportunity to get on at www.tesco-careers.com

Industry
Retail & Ecommerce
Company Size
10,000+ employees
Headquarters
Welwyn Garden City, GB
Year Founded
Unknown
Website
tesco.com
Social Media