At a Glance
- Tasks: Lead cyber security initiatives and ensure secure design throughout project lifecycles.
- Company: Join a major retail transformation programme in London with a hybrid work model.
- Benefits: Competitive contract rate, flexible working, and the chance to shape security practices.
- Other info: Engage with senior stakeholders and enjoy a dynamic, fast-paced environment.
- Why this job: Be the senior authority in cyber security and make a significant impact on transformation.
- Qualifications: 10+ years in cyber security, strong expertise in security frameworks, and relevant certifications.
The predicted salary is between 70000 - 90000 Β£ per year.
Join a major retail transformation programme as the senior cyber security authority, driving secure-by-design principles across the full project lifecycle from requirements through to BAU handover.
Key Responsibilities
- Lead threat modelling, security architecture, design assurance, testing, deployment, and operational handover.
- Own cyber security sign-off and Definition-of-Done evidence across all programme stages.
- Validate security controls against CIS Controls v8.1, NIST CSF, and ISO 27001 frameworks.
- Drive penetration testing, control validation, security monitoring, and risk reduction activities.
- Engage with senior stakeholders, Security Councils, external assurance teams, and programme leadership.
- Ensure audit-ready evidence, governance compliance, and operational security readiness.
Essential Skills
- 10+ years' enterprise cyber security engineering and architecture experience.
- Strong expertise in CIS Controls v8.1, threat modelling (STRIDE, MITRE ATT&CK, OWASP), and security assurance.
- Hands-on experience with penetration testing, vulnerability management, SIEM, endpoint security, and DevSecOps.
- Experience working within large-scale transformation programmes.
- CISSP certification plus one of CISM, CISA, CCSP, CRISC, or SABSA.
- Strong stakeholder management and executive communication skills.
Technology Exposure: Microsoft Sentinel, Elastic, CrowdStrike, Defender, Zscaler, Qualys, Snyk, Semgrep, Burp Suite, Akamai WAF, BMC Helix, Azure DevOps, Jira, Power BI.
Principal Security Engineer employer: Gazelle Global
Join a leading retail transformation programme in London as a Principal Security Engineer, where you will be at the forefront of driving secure-by-design principles. Our hybrid work culture promotes flexibility and collaboration, while our commitment to employee growth ensures you have access to continuous learning opportunities and professional development. With a focus on innovation and a supportive environment, we empower our team to make a meaningful impact in the cyber security landscape.
