Cyber Security Consultant

We’re working with a major UK retailer that’s continuing to invest heavily in cyber security advisory capability across its digital and platform estate. This is a consultative role focused on guiding, influencing and enabling teams to design and operate secure SaaS and PaaS platforms at scale.

Rather than hands‑on operational delivery, you’ll act as a trusted security advisor, partnering with engineering, platform and product teams to reduce risk, improve configuration hygiene and embed secure‑by‑design practices.

• Acting as a Cyber Security Consultant to platform and engineering teams across SaaS / PaaS services (Microsoft, Google, Atlassian, MongoDB Atlas)
• Leading security reviews and advisory assessments focused on configuration, access, identity and platform risk
• Providing clear, pragmatic guidance on IAM, least privilege, Zero Trust and secure platform patterns
• Advising on API and database security design, controls and threat mitigation
• Supporting teams to embed security into CI / CD pipelines and IaC workflows, advising on guardrails rather than owning build
• Translating security risk into practical recommendations that delivery teams can implement quickly
• Producing guidance, standards and documentation, and running workshops and knowledge‑sharing sessions
• Acting as a bridge between security, engineering, vendors and third parties

• Experience in a cyber security advisory, consulting or internal consulting‑style role
• Strong grounding in Identity & Access Management (SSO, JWT, OAuth / OIDC, RBAC / ABAC, least privilege)
• Solid understanding of API security and database security fundamentals
• Working knowledge of Terraform, CI / CD and automation concepts (hands‑on coding not required)
• Ability to assess risk, challenge designs constructively and influence without authority
• Comfortable engaging senior engineers, architects and product stakeholders
• A pragmatic mindset — focused on enabling delivery, not blocking it