You will need to login before you can apply for a job.
Sector: Administration and Secretarial
Role: Consultant
Contract Type: Permanent
Hours: Full Time
Summary
We are seeking a highly skilled Principal Security Consultant to lead the security strategy, implementation, and assessment of our web platforms in an Azure cloud environment. This role will be instrumental in securing web applications, APIs, cloud workloads, and CI/CD pipelines while ensuring alignment with industry best practices and compliance standards. The successful candidate will work closely with development, DevOps, and architecture teams to embed security within the engineering lifecycle. Additionally, this role requires expertise in Akamai security solutions, ensuring that edge security, WAF policies, bot mitigation, and CDN configurations align with security best practices.
What you'll do
* Lead and define security strategy for web platforms in Azure and Akamai environments, ensuring alignment with security frameworks (OWASP, CIS) and developing policies and guidelines.
* Implement secure-by-design principles, lead threat modeling, and drive security testing (SAST, DAST, IaC) across the SDLC, while securing CI/CD pipelines and authentication mechanisms (Azure AD, OAuth).
* Manage and optimize Akamai security solutions (WAF, Bot Manager, ASE), implementing zero-trust principles and tuning WAF rules to minimize false positives.
* Enforce security controls in Azure (Defender for Cloud, NSGs) and guide secure IaC practices, container security, and monitoring using Azure Sentinel and SIEM tools.
* Lead incident response, security investigations, and compliance with standards (GDPR, PCI-DSS, SOC 2), while mentoring teams and aligning security priorities with business goals.
Who you are
* Strong expertise in securing web applications (OWASP Top 10, API security, web frameworks) and experience with Akamai security solutions (Kona Site Defender, Bot Manager, Edge DNS).
* Deep knowledge of Azure security (Azure AD, Key Vault, Defender for Cloud, WAFs) and experience securing API gateways, microservices, and serverless functions (Azure Functions, API Management).
* Proficiency in DevSecOps practices, tools (GitHub Actions), and IaC security (Terraform, ARM templates), with hands-on experience in security scanning (SAST, DAST, SCA, IAC).
* Expertise in container security (Docker, Kubernetes, AKS), threat modeling (Microsoft Threat Modeling Tool), and understanding Zero Trust architecture and IAM best practices.
* Strong stakeholder engagement skills, the ability to communicate security risks to technical and non-technical audiences, and experience leading security initiatives.
* Preferred: Certifications (CISSP, CISM, AZ-500), experience with SIEM tools (Azure Sentinel, Splunk), and familiarity with secure coding practices and penetration testing.
Everyone's welcome
We are ambitious about the future of retail. We're disrupting, innovating and leading the industry into a more conscientious, inspiring digital era. We're transforming how we work together and offering our most exciting opportunities yet. Marks & Spencer strives to be an inclusive organisation, trusted and admired by our colleagues, customers and suppliers. Join us and make change happen.
We are committed to building diverse and representative teams, where everyone can bring their whole selves to work and be at their best. We support each other and work together to win together.
If you feel you'd benefit from any support or reasonable adjustments during any stage of the recruitment process, please don't hesitate to let us know when completing your application. This information will be picked up by our team, so we can try and put steps in place to help you be at your best through this process.
Company
Learn more about this company
Visit this company’s hub to learn about their values, culture, and latest jobs.
#J-18808-Ljbffr