remote

Principal Security Consultant - Marks & Spencer

Software Engineer

Lead enterprise‑wide security strategy, driving threat modeling, penetration testing, and risk assessment across cloud and on‑prem environments. Own incident response, compliance, and secure architecture initiatives for a global retail organization.

About the role

Key Responsibilities

Architect and lead comprehensive security programs, including threat modeling, penetration testing, and risk assessments for multi‑region cloud and on‑prem deployments.
Define and enforce security standards, compliance frameworks (ISO 27001, PCI‑DSS, GDPR) and secure architecture guidelines across the organization.
Lead incident response and forensic investigations, coordinating with cross‑functional teams to contain, remediate, and report security events.
Mentor and coach security teams, fostering a culture of continuous improvement and security awareness.
Collaborate with product, engineering, and operations to embed security controls early in the SDLC.

Requirements

10+ years of experience in security consulting or related roles, with a proven track record in large‑scale enterprise environments.
Deep expertise in threat modeling, penetration testing, risk assessment, and incident response.
Strong knowledge of cloud security (AWS, Azure, GCP) and secure architecture principles.
Experience with compliance frameworks such as ISO 27001, PCI‑DSS, and GDPR.
Excellent communication skills and ability to influence stakeholders at all levels.

Skills

penetration testing

CompanyMarks & Spencer

DepartmentEngineering

LocationLondon, United Kingdom

Experience7+ years

Tenurefull-time

LevelLead

Posted June 25, 2026