At a Glance
- Tasks: Review and assess security designs for online platforms and provide expert recommendations.
- Company: Join M&S, a dynamic and inclusive leader in the retail industry.
- Benefits: Enjoy a 20% discount, competitive holidays, and generous pension schemes.
- Other info: Be part of a diverse team that values innovation and personal growth.
- Why this job: Make a real impact on digital security while working with cutting-edge technology.
- Qualifications: Senior experience in security consulting and strong knowledge of Azure cloud security.
The predicted salary is between 70000 - 90000 £ per year.
The Principal Security Consultant (Online) is a senior, hands-on security specialist supporting the secure design and delivery of online and digital platforms. The role provides expert security assurance, design review, and DevSecOps guidance across web, mobile, API, and cloud-native services hosted primarily on Microsoft Azure.
The role works closely with the Business Information Security Officer (BISO) for the online domain to ensure security risks are identified early, assessed pragmatically, and managed in line with business priorities and enterprise risk appetite.
What you'll do:
- Review and assess solution designs and architectures for online and digital services
- Identify security risks across identity, APIs, cloud services, data flows, and third-party integrations
- Provide clear, proportionate security recommendations aligned to enterprise standards
- Advise on embedding security controls into CI/CD pipelines (e.g. SAST, SCA, secrets scanning, IaC scanning)
- Support secure engineering practices across build, deploy, and operate phases
Who you are:
- Senior experience in security consulting, product security, or application security
- Strong background in online and digital platforms (web, mobile, APIs, e-commerce)
- Proven ability to review and challenge technical designs and architectures
- Strong understanding of DevSecOps and modern CI/CD practices
- Hands-on knowledge of Azure cloud security
What’s in it for you:
- Being a part of M&S is exactly that – playing your part to bring the magic of M&S to our customers every day.
- After completing your probationary period, you’ll receive 20% colleague discount across all M&S products and many of our third-party brands for you and a member of your household.
- Competitive holiday entitlement with the potential to buy extra holiday days!
- Discretionary bonus schemes awarded based on how you achieve your personal objectives and our performance as a business.
- A generous Defined Contribution Pension Scheme and Life Assurance.
- A dedicated welcome to our teams with a tailored induction and a wide range of training programmes to develop your skills.
- Amazing perks and discounts via our M&S Choices portal to maximise your financial and personal wellbeing.
- Industry-leading parental, adoption and neonatal policies, providing support and flexibility for your family.
- Access to a fantastic range of wellbeing support for all colleagues including access to our 24/7 Virtual GP and PAM Assist to support you and your family.
- A charity volunteer day to support a charity or cause you're passionate about through a dedicated day away from work.
We’re ambitious about the future of retail. We’re innovating, disrupting, and leading the way into a more inspiring, digital era. It’s an exciting time to be part of M&S.
To support us on our journey, we’re building inclusive, diverse teams where everyone can be themselves, do their best work, and make change happen. We support each other and succeed together.
Don’t worry if you don’t meet every single requirement of the job description. It’s more of a guide to what’s possible within the role. If you’re passionate, ready to work hard, and think the role feels right for you, we’d love to hear from you.
Principal Security Consultant employer: Marks & Spencer Plc
Joining M&S as a Principal Security Consultant means becoming part of a forward-thinking, inclusive team dedicated to delivering exceptional quality and service. With competitive benefits such as a generous pension scheme, extensive training programmes, and a strong focus on employee wellbeing, M&S fosters a dynamic work culture that prioritises personal growth and collaboration. Located in a vibrant environment, this role offers the unique opportunity to influence the security landscape of digital platforms while enjoying a supportive workplace that values diversity and innovation.
StudySmarter Expert Advice🤫
We think this is how you could land Principal Security Consultant
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, attend meetups, and connect with potential colleagues on LinkedIn. You never know who might have the inside scoop on job openings or can put in a good word for you.
✨Tip Number 2
Prepare for those interviews by practising common questions and scenarios related to security consulting. We recommend doing mock interviews with friends or using online platforms to get comfortable with your responses.
✨Tip Number 3
Showcase your expertise! Bring along examples of your past work, especially projects that highlight your skills in DevSecOps and cloud security. This will help you stand out and demonstrate your hands-on experience.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, it shows you’re genuinely interested in being part of our team at M&S.
We think you need these skills to ace Principal Security Consultant
Some tips for your application 🫡
Tailor Your Application:Make sure to customise your CV and cover letter to highlight your experience in security consulting and online platforms. We want to see how your skills align with the role of Principal Security Consultant, so don’t hold back on showcasing your relevant achievements!
Showcase Your Technical Skills:Since this role involves a lot of hands-on work with Azure and DevSecOps practices, be sure to mention any specific tools or technologies you’ve worked with. We love seeing practical examples of how you've embedded security into CI/CD pipelines or assessed solution designs.
Be Clear and Concise:When writing your application, clarity is key! Use straightforward language and get straight to the point. We appreciate well-structured applications that make it easy for us to see your qualifications and fit for the role.
Apply Through Our Website:We encourage you to submit your application through our website. It’s the best way for us to receive your details and ensures you’re considered for the role. Plus, it shows you’re keen to join our team at M&S!
How to prepare for a job interview at Marks & Spencer Plc
✨Know Your Stuff
Make sure you brush up on your knowledge of security consulting, especially around online and digital platforms. Be ready to discuss specific examples of how you've identified and managed security risks in previous roles, particularly in relation to Azure cloud security.
✨Showcase Your Hands-On Experience
Prepare to share your hands-on experience with DevSecOps practices and CI/CD pipelines. Highlight any tools or methodologies you've used for embedding security controls, like SAST or IaC scanning, and be ready to explain how these have improved security in your past projects.
✨Understand the Business Context
Familiarise yourself with the business priorities and risk appetite of the company you're interviewing with. Be prepared to discuss how your security recommendations can align with their goals and help mitigate risks effectively.
✨Ask Insightful Questions
Prepare thoughtful questions that show your interest in the role and the company. Inquire about their current security challenges, how they approach security assurance, and what tools they use for monitoring and managing security risks. This will demonstrate your proactive mindset and genuine interest in contributing to their success.
