Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead security strategy for web platforms in Azure and Akamai, ensuring compliance and best practices.
- Company: Join M&S, a dynamic and inclusive retailer committed to exceptional quality and service.
- Benefits: Enjoy 20% discount, competitive holidays, bonuses, and wellbeing support including a 24/7 Virtual GP.
- Why this job: Be part of an innovative team transforming retail while making a real impact on security.
- Qualifications: Strong expertise in web application security, Azure, and Akamai solutions; certifications preferred.
- Other info: M&S values diversity and supports all applicants throughout the recruitment process.
The predicted salary is between 60000 - 84000 £ per year.
We are seeking a highly skilled Principal Security Consultant to lead the security strategy, implementation, and assessment of our web platforms in an Azure cloud environment. This role will be instrumental in securing web applications, APIs, cloud workloads, and CI/CD pipelines while ensuring alignment with industry best practices and compliance standards. The successful candidate will work closely with development, DevOps, and architecture teams to embed security within the engineering lifecycle.
Additionally, this role requires expertise in Akamai security solutions, ensuring that edge security, WAF policies, bot mitigation, and CDN configurations align with security best practices.
What you’ll do:
- Lead and define security strategy for web platforms in Azure and Akamai environments, ensuring alignment with security frameworks (OWASP, CIS) and developing policies and guidelines.
- Implement secure-by-design principles, lead threat modeling, and drive security testing (SAST, DAST, IaC) across the SDLC, while securing CI/CD pipelines and authentication mechanisms (Azure AD, OAuth).
- Manage and optimize Akamai security solutions (WAF, Bot Manager, ASE), implementing zero-trust principles and tuning WAF rules to minimize false positives.
- Enforce security controls in Azure (Defender for Cloud, NSGs) and guide secure IaC practices, container security, and monitoring using Azure Sentinel and SIEM tools.
- Lead incident response, security investigations, and compliance with standards (GDPR, PCI-DSS, SOC 2), while mentoring teams and aligning security priorities with business goals.
Who you are:
- Strong expertise in securing web applications (OWASP Top 10, API security, web frameworks) and experience with Akamai security solutions (Kona Site Defender, Bot Manager, Edge DNS).
- Deep knowledge of Azure security (Azure AD, Key Vault, Defender for Cloud, WAFs) and experience securing API gateways, microservices, and serverless functions (Azure Functions, API Management).
- Proficiency in DevSecOps practices, tools (GitHub Actions), and IaC security (Terraform, ARM templates), with hands-on experience in security scanning (SAST, DAST, SCA, IAC).
- Expertise in container security (Docker, Kubernetes, AKS), threat modeling (Microsoft Threat Modeling Tool), and understanding Zero Trust architecture and IAM best practices.
- Strong stakeholder engagement skills, the ability to communicate security risks to technical and non-technical audiences, and experience leading security initiatives.
- Preferred: Certifications (CISSP, CISM, AZ-500), experience with SIEM tools (Azure Sentinel, Splunk), and familiarity with secure coding practices and penetration testing.
Marks & Spencer strives to be an inclusive organisation, trusted and admired by our colleagues, customers and suppliers. Join us and make change happen. We are committed to building diverse and representative teams, where everyone can bring their whole selves to work and be at their best.
Principal Security Consultant - London, Greater London employer: Marks & Spencer
Contact Detail:
Marks & Spencer Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Principal Security Consultant - London, Greater London
✨Tip Number 1
Familiarise yourself with the specific security frameworks mentioned in the job description, such as OWASP and CIS. Being able to discuss these frameworks in detail during your interview will demonstrate your expertise and alignment with the role.
✨Tip Number 2
Showcase your experience with Akamai security solutions by preparing examples of how you've implemented or optimised these tools in previous roles. This will highlight your hands-on experience and make you stand out as a candidate.
✨Tip Number 3
Brush up on your knowledge of Azure security features, especially those related to Defender for Cloud and Azure AD. Be ready to discuss how you've used these tools to secure cloud environments in past projects.
✨Tip Number 4
Prepare to articulate your understanding of DevSecOps practices and how they integrate into the software development lifecycle. Being able to explain your approach to embedding security within engineering processes will be crucial in demonstrating your fit for this role.
We think you need these skills to ace Principal Security Consultant - London, Greater London
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience in security strategy, Azure cloud environments, and Akamai solutions. Use specific examples that demonstrate your expertise in securing web applications and APIs.
Craft a Compelling Cover Letter: In your cover letter, express your passion for security and how your background aligns with the role. Mention your familiarity with industry standards like OWASP and CIS, and how you can contribute to M&S's security initiatives.
Showcase Relevant Certifications: If you have certifications such as CISSP, CISM, or AZ-500, be sure to include them prominently in your application. These credentials can set you apart from other candidates and demonstrate your commitment to the field.
Highlight Soft Skills: M&S values strong stakeholder engagement skills. In your application, mention experiences where you've effectively communicated security risks to both technical and non-technical audiences, showcasing your ability to lead security initiatives.
How to prepare for a job interview at Marks & Spencer
✨Showcase Your Technical Expertise
Make sure to highlight your experience with Azure security and Akamai solutions during the interview. Be prepared to discuss specific projects where you implemented security strategies, as well as your familiarity with tools like Azure Sentinel and GitHub Actions.
✨Demonstrate Your Understanding of Security Frameworks
Familiarise yourself with industry standards such as OWASP and CIS. During the interview, be ready to explain how you've applied these frameworks in past roles, particularly in securing web applications and APIs.
✨Communicate Clearly with Stakeholders
Since this role involves engaging with both technical and non-technical teams, practice explaining complex security concepts in simple terms. This will show your ability to bridge the gap between different audiences and ensure everyone understands security risks.
✨Prepare for Scenario-Based Questions
Expect to face scenario-based questions that assess your problem-solving skills in real-world situations. Think about past incidents you've managed or security challenges you've overcome, and be ready to discuss your thought process and actions taken.
