We’re working with a major UK retailer that’s continuing to invest heavily in cyber security advisory capability across its digital and platform estate. This is a consultative role focused on guiding, influencing and enabling teams to design and operate secure SaaS and PaaS platforms at scale.
Rather than hands‑on operational delivery, you’ll act as a trusted security advisor, partnering with engineering, platform and product teams to reduce risk, improve configuration hygiene and embed secure‑by‑design practices.
What you’ll be doing
* Acting as a Cyber Security Consultant to platform and engineering teams across SaaS/PaaS services (Microsoft, Google, Atlassian, MongoDB Atlas)
* Leading security reviews and advisory assessments focused on configuration, access, identity and platform risk
* Providing clear, pragmatic guidance on IAM, least privilege, Zero Trust and secure platform patterns
* Advising on API and database security design, controls and threat mitigation
* Supporting teams to embed security into CI/CD pipelines and IaC workflows, advising on guardrails rather than owning build
* Translating security risk into practical recommendations that delivery teams can implement quickly
* Producing guidance, standards and documentation, and running workshops and knowledge‑sharing sessions
* Acting as a bridge between security, engineering, vendors and third parties
What we’re looking for
* Experience in a cyber security advisory, consulting or internal consulting‑style role
* Strong grounding in Identity & Access Management (SSO, JWT, OAuth/OIDC, RBAC/ABAC, least privilege)
* Solid understanding of API security and database security fundamentals
* Working knowledge of Terraform, CI/CD and automation concepts (hands‑on coding not required)
* Ability to assess risk, challenge designs constructively and influence without authority
* Comfortable engaging senior engineers, architects and product stakeholders
* A pragmatic mindset — focused on enabling delivery, not blocking it
#J-18808-Ljbffr