Cyber Security Consultant

We're working with a major UK retailer that's continuing to invest heavily in cyber security advisory capability across its digital and platform estate. This is a consultative role focused on guiding, influencing and enabling teams to design and operate secure SaaS and PaaS platforms at scale.

Rather than hands-on operational delivery, you'll act as a trusted security advisor, partnering with engineering, platform and product teams to reduce risk, improve configuration hygiene and embed secure-by-design practices.

What you'll be doing

• Acting as a Cyber Security Consultant to platform and engineering teams across SaaS/PaaS services (Microsoft, Google, Atlassian, MongoDB Atlas)
• Leading security reviews and advisory assessments focused on configuration, access, identity and platform risk
• Providing clear, pragmatic guidance on IAM, least privilege, Zero Trust and secure platform patterns
• Advising on API and database security design, controls and threat mitigation
• Supporting teams to embed security into CI/CD pipelines and IaC workflows, advising on guardrails rather than owning build
• Translating security risk into practical recommendations that delivery teams can implement quickly
• Producing guidance, standards and documentation, and running workshops and knowledge-sharing sessions
• Acting as a bridge between security, engineering, vendors and third parties

What we're looking for

• Experience in a cyber security advisory, consulting or internal consulting-style role
• Strong grounding in Identity & Access Management (SSO, JWT, OAuth/OIDC, RBAC/ABAC, least privilege)
• Solid understanding of API security and database security fundamentals
• Working knowledge of Terraform, CI/CD and automation concepts (hands-on coding not required)
• Ability to assess risk, challenge designs constructively and influence without authority
• Comfortable engaging senior engineers, architects and product stakeholders
• A pragmatic mindset — focused on enabling delivery, not blocking it