Marks and Spencer

About the Company

At M&S, we're dedicated to being the most trusted retailer, prioritising quality and delivering value. Every day, we bring the magic of M&S to our customers, whenever, wherever and however they want to shop with us.
For over a century, we've set the standard, doing the right thing and embracing innovation. Today, with over 65,000 colleagues serving 32 million customers globally, we're putting quality products at the heart of everything we do.

Tomorrow holds boundless opportunities with us. We're pioneering digital innovation and shaping the future of retail where our values drive every action.

We stay close to customers and colleagues, always curious and connected. Our decisions are bold, our actions ambitious. Transparency is paramount, with straightforward, honest communication. We're constantly innovating, always striving for the best. Our focus is on aiming higher and winning together, combined with wise financial decisions to secure our future.
Join us at M&S to shape the future of retail.

Listed Jobs

Company Name

Marks and Spencer

Job Title

Security Platform Engineer

Job Description

**Job title**: Security Platform Engineer **Role Summary**: Design, implement, and maintain security controls for SaaS, PaaS, and internal cloud platforms. Provide technical consulting to detect misconfigurations, automate security checks, and enforce platform security standards across development and operations teams. **Expectations**: - Deliver robust identity, access, and configuration security across Microsoft, Google, Atlassian, MongoDB Atlas, and proprietary services. - Drive automation of security reviews within CI/CD pipelines and promote repeatable, scalable security practices. **Key Responsibilities** - Advise on secure adoption of cloud services and first‑party platforms, ensuring least‑privilege, zero‑trust, and proper authentication/authorization. - Identify and remediate platform misconfigurations and vulnerabilities, conducting workshops and creating risk documentation. - Review and configure access controls for databases, API gateways, code repositories, and integration services. - Develop and maintain Terraform modules and Python/Bash scripts for automated security scans and configuration enforcement. - Integrate security checks into CI/CD pipelines (e.g., GitHub Actions) to detect misconfigurations, vulnerabilities, and policy violations. - Monitor platform health, respond to security events, and maintain governance baselines. **Required Skills** - 3+ years platform/infrastructure security experience. - Expertise in identity and access management: least privilege, zero trust, SSO, JWT, RBAC/ABAC/PBAC. - Strong understanding of database and API security principles. - Proficiency in Terraform, Python, Bash. - Knowledge of security threats (DDoS, brute force, exfiltration, spoofing). - Experience with CI/CD security integration and automated compliance checks. **Required Education & Certifications** - Bachelor’s degree in Computer Science, Information Security, or related field (equivalent experience acceptable). - Relevant certifications preferred: CISSP, CISM, CISA, or equivalent cloud security certifications (e.g., Azure CISSP, CompTIA Security+).

London, United kingdom

Hybrid

Junior

25-11-2025

Company Name

Marks and Spencer

Job Title

Threat Intelligence Associate

Job Description

Job Title: Threat Intelligence Associate Role Summary: Support the Threat Intelligence team by triaging security alerts, monitoring global threat feeds, and analysing emerging cyber threats. Translate technical findings into actionable intelligence for technical and non‑technical stakeholders, and aid in integrating threat insights into security controls and incident response. Expectations: * Junior analyst role with direct oversight of threat intelligence processes and tooling. * Demonstrate ability to learn and apply advanced threat‑intel methodologies and tools. * Collaborate across information security functions to deliver timely, relevant intelligence. Key Responsibilities: * Operate threat intelligence tools and maintain standard processes. * Monitor global cybersecurity incidents and trends; assess potential impacts on the organization. * Analyse threat data, develop insights on adversary TTPs, and produce concise intelligence briefings. * Convert technical threat findings into actionable guidance for incident response and security teams. * Update and maintain threat landscape knowledge, focusing on tactics, techniques, and procedures (TTPs). * Assist in integrating threat intelligence into controls, detection rules, and response playbooks. Required Skills: * Experience in a cyber threat intelligence, SOC analyst, or related cybersecurity role. * Knowledge of threat actors, TTPs, and threat‑intelligence lifecycle. * Familiarity with TIPs and SIEM platforms; ability to develop custom detection rules. * Strong analytical and problem‑solving abilities. * Effective written and verbal communication; able to present findings to diverse audiences. * Ability to work collaboratively in a cross‑functional security environment. Required Education & Certifications: * Bachelor’s degree in Cybersecurity, Computer Science, Information Security, or related field (or equivalent experience). * Relevant certifications such as CompTIA Security+, GCIH, or related threat‑intelligence credentials are a plus.

London, United kingdom

Hybrid

03-12-2025

Company Name

Marks and Spencer

Job Title

Culture, Training and Awareness Principal - Information Security

Job Description

**Job Title:** Culture, Training and Awareness Principal – Information Security **Role Summary:** Design, implement and evolve a global cybersecurity culture, training, and awareness program that fosters a secure mindset across all business units. Lead the creation of a Cyber Security brand, launch targeted training initiatives, and cultivate a Security Champion network to embed best practices company‑wide. **Expectations:** - Deliver measurable improvements in security awareness and engagement. - Translate Information Security objectives into concrete, result‑driven deliverables. - Build and maintain a peer‑to‑peer Security Champion network, particularly within Digital & Technology teams. - Strengthen the organization’s Cyber Security brand through coordinated communication campaigns. **Key Responsibilities:** 1. Develop and execute a comprehensive security culture strategy that aligns with InfoSec goals. 2. Design, roll out, and continuously improve tailored training modules for different departments and roles. 3. Establish and sustain a Security Champion network across all units, with a dedicated sub‑network in D&T. 4. Create and manage branding materials, communication plans, and campaigns that promote cybersecurity awareness. 5. Measure and report on training effectiveness and awareness levels using established metrics. 6. Collaborate with technical teams to ensure secure‑by‑design principles are communicated and adopted. 7. Advise colleagues on security responsibilities and best practices, acting as a bridge between InfoSec and the broader organization. **Required Skills:** - 3+ years of experience in cybersecurity training, awareness, or culture roles. - Proven track record of developing and delivering security training programs. - Strong understanding of secure‑by‑design, SDLC requirements, and secure development practices. - Ability to measure and assess employee awareness and translate insights into actionable plans. - Excellent written and verbal communication, with the skill to craft engaging messaging and influence stakeholders. - Experience managing or contributing to a Security Champion or similar peer‑leadership network. - Familiarity with marketing or public relations principles for brand building in a security context. - Ability to work cross‑functionally with technical, operational, and senior executive teams. **Required Education & Certifications:** - Bachelor’s degree (preferred in Marketing, Public Relations, Cyber Security, Information Technology, or related field). - Relevant security certifications (e.g., CISSP, CISM, CRISC, or equivalent) are advantageous but not mandatory.

London, United kingdom

Hybrid

Senior

03-12-2025

Company Name

Marks and Spencer

Job Title

SOC Engineer

Job Description

Job title: SOC Engineer Role Summary: Responsible for designing, deploying, and optimizing the organization’s SIEM platform (Microsoft Sentinel/ Azure) and associated SOC tools. Translates threat intelligence, hunt findings, and red‑team results into actionable detection logic and advanced correlation rules to enhance detection and response capabilities. Expactations: - Achieve and maintain high detection coverage for enterprise threats. - Deliver continuous improvement of SIEM rule sets and data parsing. - Provide subject‑matter expertise on SIEM content and detection strategy. - Collaborate with threat intelligence, incident response, and security operations teams. Key Responsibilities: - Design, implement, and tune advanced correlation rules, behavioural analytics, and custom threat detection content within SIEM. - Translate threat intelligence, threat hunt findings, and red‑team results into actionable detection logic aligned with MITRE ATT&CK. - Develop and manage detection use cases to protect against evolving adversary tactics. - Serve as SIEM content and detection strategy subject‑matter expert, mentoring the SOC team. - Coordinate with fellow SOC engineers to align on best practices for rule development, data parsing, and SIEM optimization. Required Skills: - Minimum 1 year experience as a Security Engineer or SIEM/Detection Engineer. - Proficiency with Microsoft Sentinel/ Azure SIEM platform. - Strong knowledge of MITRE ATT&CK framework and ATT&CK-based detection development. - Ability to create logic apps, write parsers, and onboard logs for SIEM. - Understanding of security principles, network protocols, and common operating systems. - Excellent documentation and communication skills. Required Education & Certifications: - Bachelor’s degree in Computer Science, Information Security, or a related technical field (preferred). - Relevant certifications such as Microsoft Certified: Azure Security Engineer Associate, Sios Certified SOC Analyst, or equivalent.

London, United kingdom

Hybrid

03-12-2025