Specialist Security Platform Engineer

Summary

The Specialist Application Security Engineer will play a pivotal role in ensuring the integrity and security of our applications across various platforms. You will lead the charge in implementing robust security measures, collaborating closely with cross-functional teams to fortify our defences against cyber threats.

What’s in it for you

Being a part of M&S is exactly that – playing your part to bring the magic of M&S to our customers every day. We’re an inclusive, dynamic, exciting, and ever-evolving business built on doing the right thing and bringing exceptional quality, value, and service to every customer, whenever, wherever, and however they want to shop with us.

Here are some of the benefits we offer that make working for M&S just that little bit more special:

• After completing your probationary period, you’ll receive 20% colleague discount across all M&S products and many of our third-party brands for you and a member of your household.
• Competitive holiday entitlement with the potential to buy extra holiday days!
• Discretionary bonus schemes awarded based on how you achieve your personal objectives and our performance as a business.
• A generous Defined Contribution Pension Scheme and Life Assurance.
• A dedicated welcome to our teams with a tailored induction and a wide range of training programmes to develop your skills.
• Amazing perks and discounts via our M&S Choices portal to maximise your financial and personal wellbeing.
• Industry-leading parental, adoption and neonatal policies, providing support and flexibility for your family.
• Access to a fantastic range of wellbeing support for all colleagues including access to our 24/7 Virtual GP and PAM Assist to support you and your family.
• A charity volunteer day to support a charity or cause you're passionate about through a dedicated day away from work.

What you'll do

• Focus on application security initiatives across cloud and on-premises environments, employing a diverse suite of tools including Semgrep for SAST, Snyk for SCA, GHAS for secret scanning, Burp Suite for DAST, and scripting for automation.
• Forge partnerships with external vendors to optimize and seamlessly integrate security tools into our application security workflow, ensuring comprehensive coverage and operational efficiency.
• Drive the seamless integration of application security processes into development pipelines, leveraging Azure DevOps (ADO), GitHub Actions, and similar tools for streamlined automation.
• Actively contribute to the formulation and enforcement of application security policies and procedures, utilizing advanced tool capabilities to mitigate risks effectively.
• Engage with internal stakeholders to foster awareness and understanding of application security measures, emphasizing the pivotal role of tooling and automation in mitigating vulnerabilities.

Who you are

• A minimum of 3 years of hands-on experience in application security, with a track record of leadership or significant contributions in similar roles.
• Proficiency in Semgrep for SAST, Snyk for SCA, GHAS for secret scanning, Burp Suite for DAST, and automation scripting.
• Understanding of application security principles and best practices.
• Experience integrating and optimizing security tools within development workflows, particularly within Azure DevOps and GitHub Actions environments.
• Strong analytical and problem-solving skills.
• Excellent communication and collaboration abilities.
• Ability to work independently and within teams in a dynamic environment.

Everyone’s welcome

We are ambitious about the future of retail. We’re disrupting, innovating, and leading the industry into a more conscientious, inspiring digital era. We’re transforming how we work together and offering our most exciting opportunities yet. Marks & Spencer strives to be an inclusive organisation, trusted and admired by our colleagues, customers, and suppliers. Join us and make change happen.

We are committed to building diverse and representative teams, where everyone can bring their whole selves to work and be at their best. We support each other and work together to win together.