Job Description
Tesco Czech Republic • Hybrid • Full-Time • Permanent • Working hours 40 • Apply by 15-May-2027About the role
We’re looking for a
Senior Vault & Secrets Management Analyst with deep expertise in enterprise
vaulting, Privileged Access Management (PAM), and
secrets management technologies such as
HashiCorp Vault, CyberArk, and
Azure Key VaultIn this role, you will strengthen our enterprise security posture, lead assessments, identify risks, and drive remediation across mission‑critical vaulting platforms. You’ll collaborate with cloud, infrastructure, DevOps, IAM, and security teams to implement best practices and modernize how we protect privileged credentials and machine identities.
Key skills:- HashiCorp Vault
- CyberArk
- Azure Key Vault
- Secrets Management
- Privileged Access Management (PAM)
- Encryption & Key Management
- Security Hardening
- Cloud Security
- Zero Trust
- Identity Security
- Risk Assessment
- Remediation Planning
- Stakeholder Management
What is in it for you
Tesco is a diverse and exciting employer, dedicated to being #aplacetogeton, providing career-defining opportunities to all of our colleagues. If you choose to join our business, we will provide you with (for all):
- Up to 20% yearly salary bonus - based on both individual and business performance
- Sick leave Compensation
- 1 extra week of annual leave above your legal entitlement of 4 weeks of annual leave of paid leave to support our well-being and family life
- Pension insurance contribution
- Cafeteria benefit system & Multisport card
- Training and Development Plan, supported by certified training and learning platforms like Udemy, Udemy Pro and LinkedIn
- Referral Bonus
- Flexible work time
You will be responsible for
- Assess enterprise vaulting platforms including HashiCorp Vault, Azure Key Vault, and CyberArk.
- Review configurations, authentication methods, authorization models, secrets lifecycle processes, encryption settings, and privileged access controls.
- Identify security gaps such as misconfigurations, excessive permissions, insecure integrations, and weak credential practices.
- Define remediation plans, hardening recommendations, and prioritized mitigation strategies.
- Partner with cloud, infrastructure, IAM, DevOps, application, and cybersecurity teams to implement improvements.
- Lead initiatives to enhance enterprise secrets management maturity and privileged access governance.
Design best practices for:- Secrets rotation
- Credential vaulting
- Machine identity protection
- Certificate management
- API key and token protection
- Privileged session management
- Evaluate integrations with applications, CI/CD pipelines, Kubernetes, cloud platforms, and automation tools.
- Develop governance standards, operational procedures, and security baselines.
- Support audit and compliance activities related to PAM and secrets management.
- Produce technical documentation, architecture recommendations, risk assessments, and executive summaries.
- Mentor junior analysts and act as a subject matter expert for vaulting and PAM technologies
You will need
- Bachelor’s degree in Cybersecurity, Information Security, Computer Science, or equivalent experience.
- 8+ years in cybersecurity, IAM, PAM, or infrastructure security.
Hands‑on expertise with:- HashiCorp Vault
- CyberArk
- Azure Key Vault
Strong understanding of:- Secrets management
- Privileged Access Management (PAM)
- Encryption & key management
- Identity & access management
- Zero Trust architecture
- Cloud security best practices
- Experience conducting security assessments and remediation programs for vaulting solutions.
- Experience securing privileged credentials, service accounts, certificates, tokens, and API secrets.
- Knowledge of authentication/authorization protocols (OAuth, OIDC, SAML, LDAP, Kerberos).
- Experience with cloud and hybrid environments.
- Strong stakeholder management and communication skills.
Preferred QualificationsCertifications:- HashiCorp Vault Associate
- CyberArk Defender / Sentry
- Azure Security certifications
- CISSP, CISM
Experience with:PAM transformation or vault modernization programsCompliance frameworks (SOX, ICFR, NIS2)Cloud‑native security servicesCI/CD security integrationKubernetes secrets management
About us
Tesco Technology was established in Prague to support Tesco’s retail business in Central Europe and across the Tesco Group. What began as a regional center over 25 years ago has evolved into a modern, forward-thinking team, driving innovation and digital transformation throughout the region. With operations in the UK, Ireland, India, Hungary, Poland, and the Czech Republic, we’re committed to delivering great value to our customers every day. Let’s {code} the future together at {Tesco Technology}!
