Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead security strategy and implementation for web platforms in Azure and Akamai environments.
- Company: Join Marks & Spencer, a forward-thinking retailer transforming the digital landscape.
- Benefits: Enjoy a diverse workplace, inclusive culture, and opportunities for personal growth.
- Why this job: Be at the forefront of security innovation while making a real impact in retail.
- Qualifications: Expertise in web application security, Azure, and Akamai solutions required.
- Other info: We value diversity and support all applicants throughout the recruitment process.
The predicted salary is between 43200 - 72000 £ per year.
We are seeking a highly skilled Principal Security Consultant to lead the security strategy, implementation, and assessment of our web platforms in an Azure cloud environment. This role will be instrumental in securing web applications, APIs, cloud workloads, and CI/CD pipelines while ensuring alignment with industry best practices and compliance standards. The successful candidate will work closely with development, DevOps, and architecture teams to embed security within the engineering lifecycle. Additionally, this role requires expertise in Akamai security solutions, ensuring that edge security, WAF policies, bot mitigation, and CDN configurations align with security best practices.
What you’ll do:
- Lead and define security strategy for web platforms in Azure and Akamai environments, ensuring alignment with security frameworks (OWASP, CIS) and developing policies and guidelines.
- Implement secure-by-design principles, lead threat modeling, and drive security testing (SAST, DAST, IaC) across the SDLC, while securing CI/CD pipelines and authentication mechanisms (Azure AD, OAuth).
- Manage and optimize Akamai security solutions (WAF, Bot Manager, ASE), implementing zero-trust principles and tuning WAF rules to minimize false positives.
- Enforce security controls in Azure (Defender for Cloud, NSGs) and guide secure IaC practices, container security, and monitoring using Azure Sentinel and SIEM tools.
- Lead incident response, security investigations, and compliance with standards (GDPR, PCI-DSS, SOC 2), while mentoring teams and aligning security priorities with business goals.
Who you are:
- Strong expertise in securing web applications (OWASP Top 10, API security, web frameworks) and experience with Akamai security solutions (Kona Site Defender, Bot Manager, Edge DNS).
- Deep knowledge of Azure security (Azure AD, Key Vault, Defender for Cloud, WAFs) and experience securing API gateways, microservices, and serverless functions (Azure Functions, API Management).
- Proficiency in DevSecOps practices, tools (GitHub Actions), and IaC security (Terraform, ARM templates), with hands-on experience in security scanning (SAST, DAST, SCA, IAC).
- Expertise in container security (Docker, Kubernetes, AKS), threat modeling (Microsoft Threat Modeling Tool), and understanding Zero Trust architecture and IAM best practices.
- Strong stakeholder engagement skills, the ability to communicate security risks to technical and non-technical audiences, and experience leading security initiatives.
Preferred: Certifications (CISSP, CISM, AZ-500), experience with SIEM tools (Azure Sentinel, Splunk), and familiarity with secure coding practices and penetration testing.
We are ambitious about the future of retail. We’re disrupting, innovating and leading the industry into a more conscientious, inspiring digital era. We’re transforming how we work together and offering our most exciting opportunities yet. Marks & Spencer strives to be an inclusive organisation, trusted and admired by our colleagues, customers and suppliers. Join us and make change happen. We are committed to building diverse and representative teams, where everyone can bring their whole selves to work and be at their best. We support each other and work together to win together. If you feel you’d benefit from any support or reasonable adjustments during any stage of the recruitment process, please don’t hesitate to let us know when completing your application. This information will be picked up by our team, so we can try and put steps in place to help you be at your best through this process.
Principal Security Consultant employer: ENGINEERINGUK
Contact Detail:
ENGINEERINGUK Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Principal Security Consultant
✨Tip Number 1
Familiarise yourself with the latest security frameworks like OWASP and CIS. Being able to discuss how these frameworks apply to the role will show your expertise and understanding of industry standards.
✨Tip Number 2
Network with professionals in the field, especially those who work with Azure and Akamai security solutions. Engaging in discussions or forums can provide insights and potentially lead to referrals.
✨Tip Number 3
Prepare to demonstrate your hands-on experience with security tools and practices during interviews. Be ready to share specific examples of how you've implemented secure-by-design principles in past projects.
✨Tip Number 4
Stay updated on the latest trends in DevSecOps and container security. Showing that you are proactive about learning and adapting to new technologies will make you a more attractive candidate.
We think you need these skills to ace Principal Security Consultant
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights your experience with web application security, Azure environments, and Akamai solutions. Use specific examples that demonstrate your expertise in securing APIs, CI/CD pipelines, and compliance with standards like GDPR and PCI-DSS.
Craft a Strong Cover Letter: In your cover letter, express your passion for security and how your skills align with the role. Mention your experience with DevSecOps practices and your ability to communicate security risks effectively to both technical and non-technical audiences.
Highlight Relevant Certifications: If you have certifications such as CISSP, CISM, or AZ-500, be sure to include them prominently in your application. These credentials can set you apart from other candidates and demonstrate your commitment to the field.
Showcase Leadership Experience: Since the role involves leading security initiatives, highlight any previous leadership roles or projects where you mentored teams or drove security strategies. This will show your capability to lead and influence within an organisation.
How to prepare for a job interview at ENGINEERINGUK
✨Showcase Your Technical Expertise
Be prepared to discuss your experience with securing web applications, particularly focusing on the OWASP Top 10 and API security. Highlight any hands-on experience you have with Akamai security solutions and Azure security features, as these are crucial for the role.
✨Demonstrate Your Understanding of Security Frameworks
Familiarise yourself with industry best practices and compliance standards such as GDPR, PCI-DSS, and SOC 2. Be ready to explain how you have implemented these frameworks in previous roles and how they align with the security strategy.
✨Prepare for Scenario-Based Questions
Expect questions that assess your problem-solving skills in real-world scenarios. Think about past incidents you've managed or security challenges you've faced, and be ready to discuss your approach to incident response and threat modelling.
✨Communicate Effectively with Stakeholders
Since this role involves engaging with both technical and non-technical audiences, practice explaining complex security concepts in simple terms. Show that you can bridge the gap between security needs and business goals, which is essential for stakeholder engagement.
