At a Glance
- Tasks: Review and assess security designs for online platforms, ensuring robust protection against risks.
- Company: Join a dynamic and inclusive team at M&S, committed to exceptional quality and service.
- Benefits: Enjoy a 20% discount, competitive holidays, bonuses, and a generous pension scheme.
- Other info: Access to wellbeing support, training programmes, and a charity volunteer day.
- Why this job: Make a real impact on digital security while developing your skills in a supportive environment.
- Qualifications: Senior experience in security consulting with a strong background in online platforms and Azure security.
The predicted salary is between 70000 - 90000 £ per year.
The Principal Security Consultant (Online) is a senior, hands-on security specialist supporting the secure design and delivery of online and digital platforms. The role provides expert security assurance, design review, and DevSecOps guidance across web, mobile, API, and cloud-native services hosted primarily on Microsoft Azure. The role works closely with the Business Information Security Officer (BISO) for the online domain to ensure security risks are identified early, assessed pragmatically, and managed in line with business priorities and enterprise risk appetite.
What you'll do:
- Review and assess solution designs and architectures for online and digital services
- Identify security risks across identity, APIs, cloud services, data flows, and third-party integrations
- Provide clear, proportionate security recommendations aligned to enterprise standards
- Advise on embedding security controls into CI/CD pipelines (e.g. SAST, SCA, secrets scanning, IaC scanning)
- Support secure engineering practices across build, deploy, and operate phases
Who you are:
- Senior experience in security consulting, product security, or application security
- Strong background in online and digital platforms (web, mobile, APIs, e-commerce)
- Proven ability to review and challenge technical designs and architectures
- Strong understanding of DevSecOps and modern CI/CD practices
- Hands-on knowledge of Azure cloud security
What's in it for you:
We're an inclusive, dynamic, exciting, and ever-evolving business built on doing the right thing and bringing exceptional quality, value, service to every customer, whenever, wherever and however they want to shop with us. Here are some of the benefits we offer that make working for M&S just that little bit more special:
- After completing your probationary period, you'll receive 20% colleague discount across all M&S products and many of our third-party brands for you and a member of your household.
- Competitive holiday entitlement with the potential to buy extra holiday days!
- Discretionary bonus schemes awarded based on how you achieve your personal objectives and our performance as a business.
- A generous Defined Contribution Pension Scheme and Life Assurance.
- A dedicated welcome to our teams with a tailored induction and a wide range of training programmes to develop your skills.
- Amazing perks and discounts via our M&S Choices portal to maximise your financial and personal wellbeing.
- Industry-leading parental, adoption and neonatal policies, providing support and flexibility for your family.
- Access to a fantastic range of wellbeing support for all colleagues including access to our 24/7 Virtual GP and PAM Assist to support you and your family.
- A charity volunteer day to support a charity or cause you're passionate about through a dedicated day away from work.
Principal Security Consultant employer: Marks & Spencers
At M&S, we pride ourselves on being an inclusive and dynamic employer that values exceptional quality and service. As a Principal Security Consultant, you'll benefit from a competitive salary, generous holiday entitlement, and a tailored induction programme designed to foster your professional growth. With industry-leading parental policies, wellbeing support, and a commitment to doing the right thing, M&S offers a rewarding environment where you can thrive both personally and professionally.
StudySmarter Expert Advice🤫
We think this is how you could land Principal Security Consultant
✨Tip Number 1
Network like a pro! Reach out to your connections in the security field, especially those who work with online and digital platforms. A friendly chat can lead to insider info about job openings or even a referral.
✨Tip Number 2
Show off your skills! Prepare a portfolio or case studies that highlight your experience with security consulting and DevSecOps. This will give potential employers a clear picture of what you bring to the table.
✨Tip Number 3
Stay updated on industry trends! Follow blogs, podcasts, and forums related to security in online services. This knowledge can help you during interviews and show that you're passionate about the field.
✨Tip Number 4
Apply through our website! We love seeing applications directly from candidates who are excited about joining us. It shows initiative and gives you a better chance of standing out in the crowd.
We think you need these skills to ace Principal Security Consultant
Some tips for your application 🫡
Tailor Your Application:Make sure to customise your CV and cover letter to highlight your experience in security consulting and online platforms. We want to see how your skills align with the role of Principal Security Consultant, so don’t hold back on showcasing your relevant achievements!
Showcase Your Technical Skills:Since this role involves a lot of hands-on work, be sure to mention your expertise in Azure cloud security and DevSecOps practices. We love seeing candidates who can demonstrate their technical prowess, especially when it comes to secure design and delivery.
Be Clear and Concise:When writing your application, keep it straightforward and to the point. We appreciate clarity, so avoid jargon unless it's necessary. Make it easy for us to see why you’re the perfect fit for the role without wading through unnecessary fluff!
Apply Through Our Website:We encourage you to submit your application directly through our website. It’s the best way for us to receive your details and ensures you’re considered for the role. Plus, it’s super easy and quick!
How to prepare for a job interview at Marks & Spencers
✨Know Your Stuff
Make sure you brush up on your knowledge of security consulting, especially in online and digital platforms. Be ready to discuss your hands-on experience with Azure cloud security and how you've tackled security risks in previous roles.
✨Showcase Your Problem-Solving Skills
Prepare to share specific examples where you've identified security risks and provided clear recommendations. Think about how you can demonstrate your ability to challenge technical designs and architectures effectively.
✨Understand DevSecOps Inside Out
Since the role involves advising on CI/CD pipelines, be prepared to discuss modern DevSecOps practices. Familiarise yourself with tools like SAST, SCA, and IaC scanning, and be ready to explain how you've embedded security controls in past projects.
✨Align with Business Priorities
During the interview, highlight your understanding of aligning security measures with business objectives. Discuss how you've worked with stakeholders to ensure that security risks are managed in line with enterprise risk appetite.
