Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead security design and assurance for online platforms, ensuring robust protection against risks.
- Company: Join M&S, a dynamic and inclusive leader in the retail industry.
- Benefits: Enjoy 20% discount, competitive holidays, bonuses, and extensive wellbeing support.
- Why this job: Make a real impact in securing digital services while working with cutting-edge technology.
- Qualifications: Senior experience in security consulting and strong knowledge of Azure cloud security required.
- Other info: Be part of a diverse team driving innovation in a rapidly evolving digital landscape.
The predicted salary is between 43200 - 72000 £ per year.
The Principal Security Consultant (Online) is a senior, hands-on security specialist supporting the secure design and delivery of online and digital platforms. The role provides expert security assurance, design review, and DevSecOps guidance across web, mobile, API, and cloud-native services hosted primarily on Microsoft Azure. The role works closely with the Business Information Security Officer (BISO) for the online domain to ensure security risks are identified early, assessed pragmatically, and managed in line with business priorities and enterprise risk appetite.
What you’ll do
- Review and assess solution designs and architectures for online and digital services
- Identify security risks across identity, APIs, cloud services, data flows, and third-party integrations
- Provide clear, proportionate security recommendations aligned to enterprise standards
- Advise on embedding security controls into CI/CD pipelines (e.g. SAST, SCA, secrets scanning, IaC scanning)
- Support secure engineering practices across build, deploy, and operate phases
Who you are
- Senior experience in security consulting, product security, or application security
- Strong background in online and digital platforms (web, mobile, APIs, e-commerce)
- Proven ability to review and challenge technical designs and architectures
- Strong understanding of DevSecOps and modern CI/CD practices
- Hands-on knowledge of Azure cloud security
What’s in it for you
- 20% colleague discount across all M&S products and many of our third-party brands for you and a member of your household after completing your probationary period
- Competitive holiday entitlement with the potential to buy extra holiday days
- Discretionary bonus schemes awarded based on how you achieve your personal objectives and our performance as a business
- A generous Defined Contribution Pension Scheme and Life Assurance
- A dedicated welcome to our teams with a tailored induction and a wide range of training programmes to develop your skills
- Amazing perks and discounts via our M&S Choices portal to maximise your financial and personal wellbeing
- Industry-leading parental, adoption and neonatal policies, providing support and flexibility for your family
- Access to a fantastic range of wellbeing support for all colleagues including access to our 24/7 Virtual GP and PAM Assist to support you and your family
- A charity volunteer day to support a charity or cause you’re passionate about through a dedicated day away from work
We’re ambitious about the future of retail. We’re innovating, disrupting, and leading the way into a more inspiring, digital era. It’s an exciting time to be part of M&S. To support us on our journey, we’re building inclusive, diverse teams where everyone can be themselves, do their best work, and make change happen. We support each other and succeed together. Don’t worry if you don’t meet every single requirement of the job description. It’s more of a guide to what’s possible within the role. If you’re passionate, ready to work hard, and think the role feels right for you, we’d love to hear from you.
Principal Security Consultant in City of London employer: Marks and Spencer
Contact Detail:
Marks and Spencer Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Principal Security Consultant in City of London
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, especially those already working at M&S. A friendly chat can open doors and give you insider info that could help you stand out.
✨Tip Number 2
Prepare for the interview by brushing up on your technical skills. Make sure you can confidently discuss security risks, DevSecOps practices, and Azure cloud security. We want to see your expertise shine!
✨Tip Number 3
Showcase your hands-on experience! Be ready to share specific examples of how you've tackled security challenges in online platforms. Real-world stories resonate well with interviewers.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets noticed. Plus, it shows you’re genuinely interested in being part of the M&S team.
We think you need these skills to ace Principal Security Consultant in City of London
Some tips for your application 🫡
Tailor Your CV: Make sure your CV reflects the skills and experiences that align with the Principal Security Consultant role. Highlight your hands-on security expertise, especially in online and digital platforms, to catch our eye!
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Share your passion for security consulting and how your background in DevSecOps and Azure cloud security makes you the perfect fit for us.
Showcase Relevant Projects: If you've worked on projects involving security assurance or design reviews, don’t hold back! Include specific examples that demonstrate your ability to identify and manage security risks effectively.
Apply Through Our Website: We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you’re considered for this exciting opportunity with M&S!
How to prepare for a job interview at Marks and Spencer
✨Know Your Security Stuff
Make sure you brush up on your knowledge of security principles, especially around online and digital platforms. Be ready to discuss specific examples of how you've identified and mitigated security risks in past projects, particularly in areas like APIs and cloud services.
✨Show Off Your DevSecOps Skills
Since the role involves advising on CI/CD pipelines, be prepared to talk about your hands-on experience with DevSecOps practices. Share examples of how you've embedded security controls into development processes and any tools you've used for SAST or IaC scanning.
✨Understand the Business Context
It's crucial to align security recommendations with business priorities. Familiarise yourself with M&S's values and how they approach risk management. Be ready to discuss how you would assess security risks pragmatically while considering the enterprise risk appetite.
✨Ask Insightful Questions
Interviews are a two-way street! Prepare thoughtful questions that show your interest in the role and the company. Ask about their current security challenges, how they integrate security into their digital transformation, or what success looks like for this position.
