Principal Security Consultant

Summary

We are seeking a highly skilled Principal Security Consultant to lead the security strategy, implementation, and assessment of our web platforms in an Azure cloud environment. This role will be instrumental in securing web applications, APIs, cloud workloads, and CI/CD pipelines while ensuring alignment with industry best practices and compliance standards. The successful candidate will work closely with development, DevOps, and architecture teams to embed security within the engineering lifecycle.
Additionally, this role requires expertise in Akamai security solutions, ensuring that edge security, WAF policies, bot mitigation, and CDN configurations align with security best practices.

What’s in it for you

Being a part of M&S is exactly that – playing your part to bring the magic of M&S to our customers every day. We’re an inclusive, dynamic, exciting, and ever evolving business built on doing the right thing and bringing exceptional quality, value, service to every customer, whenever, wherever and however they want to shop with us.

Here are some of the benefits we offer that make working for M&S just that little bit more special…

• After completing your probationary period, you’ll receive 20% colleague discount across all M&S products and many of our third-party brands for you and a member of your household.
• Competitive holiday entitlement with the potential to buy extra holiday days!
• Discretionary bonus schemes awarded based on how you achieve your personal objectives and our performance as a business.
• A generous Defined Contribution Pension Scheme and Life Assurance.
• A dedicated welcome to our teams with a tailored induction and a wide range of training programmes to develop your skills.
• Amazing perks and discounts via our M&S Choices portal to maximise your financial and personal wellbeing.
• Industry-leading parental, adoption and neonatal policies, providing support and flexibility for your family.
• Access to a fantastic range of wellbeing support for all colleagues including access to our 24/7 Virtual GP and PAM Assist to support you and your family.
• A charity volunteer day to support a charity or cause you're passionate about through a dedicated day away from work.

What you'll do

• Lead and define security strategy for web platforms in Azure and Akamai environments, ensuring alignment with security frameworks (OWASP, CIS) and developing policies and guidelines.
• Implement secure-by-design principles, lead threat modeling, and drive security testing (SAST, DAST, IaC) across the SDLC, while securing CI/CD pipelines and authentication mechanisms (Azure AD, OAuth).
• Manage and optimize Akamai security solutions (WAF, Bot Manager, ASE), implementing zero-trust principles and tuning WAF rules to minimize false positives.
• Enforce security controls in Azure (Defender for Cloud, NSGs) and guide secure IaC practices, container security, and monitoring using Azure Sentinel and SIEM tools.
• Lead incident response, security investigations, and compliance with standards (GDPR, PCI-DSS, SOC 2), while mentoring teams and aligning security priorities with business goals.

Who you are

• Strong expertise in securing web applications (OWASP Top 10, API security, web frameworks) and experience with Akamai security solutions (Kona Site Defender, Bot Manager, Edge DNS).
• Deep knowledge of Azure security (Azure AD, Key Vault, Defender for Cloud, WAFs) and experience securing API gateways, microservices, and serverless functions (Azure Functions, API Management).
• Proficiency in DevSecOps practices, tools (GitHub Actions), and IaC security (Terraform, ARM templates), with hands-on experience in security scanning (SAST, DAST, SCA, IAC).
• Expertise in container security (Docker, Kubernetes, AKS), threat modeling (Microsoft Threat Modeling Tool), and understanding Zero Trust architecture and IAM best practices.
• Strong stakeholder engagement skills, the ability to communicate security risks to technical and non-technical audiences, and experience leading security initiatives.
• Preferred: Certifications (CISSP, CISM, AZ-500), experience with SIEM tools (Azure Sentinel, Splunk), and familiarity with secure coding practices and penetration testing.

Everyone’s welcome

We are ambitious about the future of retail. We’re disrupting, innovating and leading the industry into a more conscientious, inspiring digital era. We’re transforming how we work together and offering our most exciting opportunities yet. Marks & Spencer strives to be an inclusive organisation, trusted and admired by our colleagues, customers and suppliers. Join us and make change happen.

We are committed to building diverse and representative teams, where everyone can bring their whole selves to work and be at their best. We support each other and work together to win together.

If you feel you'd benefit from any support or reasonable adjustments during any stage of the recruitment process, please don’t hesitate to let us know when completing your application. This information will be picked up by our team, so we can try and put steps in place to help you be at your best through this process.

#LI-LS1 #LI-Hybrid #hybridrole