Offensive Security Specialist

All the details

As an Offensive Security Specialist, you will take a leading role in proactively uncovering and exploiting weaknesses across Marks & Spencer's technology estate to materially improve our security posture. As a senior member of the Purple Team, you will design and own complex red team operations, adversary emulation campaigns and targeted offensive security assessments end-to-end, leveraging threat intelligence to ensure our testing reflects real-world attacker behaviours.

• Lead continuous monitoring and analysis of global cybersecurity incidents, campaigns and trends, translating them into clear, prioritised offensive testing themes and hypotheses for M&S.
• Design, own and run complex, threat‑informed attack simulations with the Blue Team, validating detection, response and recovery capabilities end-to-end across critical business journeys and platforms.
• Act as a key escalation point for detection engineering, using offensive findings to drive the creation, tuning and retirement of SIEM use cases, response playbooks and wider defensive controls.
• Chair or co‑lead joint purple‑team/post‑incident review sessions, ensuring lessons learned are converted into actionable improvements, tracked through to completion and fed back into future test planning.
• Maintain and champion an expert understanding of the evolving threat landscape, mapping adversary TTPs (e.g. MITRE ATT&CK) to M&S’s environment and using this to prioritise red team and testing roadmaps.

• 4-6 years’ hands‑on experience in offensive security, penetration testing, or red teaming in a complex enterprise environment (ideally retail, e‑commerce or financial services).
• Proven track record of designing and delivering end‑to‑end red team operations, adversary emulation exercises, and targeted security assessments (e.g. crown‑jewel apps, critical infrastructure).
• Deep knowledge of cyber threat actors and TTPs, with demonstrable experience mapping real‑world techniques (e.g. MITRE ATT&CK) to an organisation’s environment and using this to drive testing scope.
• Extensive experience with penetration testing methodologies and tooling, e.g. Burp Suite, Cobalt Strike/Brute Ratel or similar C2 frameworks, Metasploit, Nmap, Nessus/Qualys, and custom tooling.
• Demonstrable experience conducting and leading web application, API, cloud, and internal / external infrastructure assessments, including risk prioritisation and influencing remediation outcomes.

Being a part of M&S is exactly that - playing your part to bring the magic of M&S to our customers every day. We're an inclusive, dynamic, exciting, and ever evolving business built on doing the right thing and bringing exceptional quality, value, service to every customer, whenever, wherever and however they want to shop with us.

Here are some of the benefits we offer that make working for M&S just that little bit more special:

• After completing your probationary period, you’ll receive 20% colleague discount across all M&S products and many of our third‑party brands for you and a member of your household.
• Competitive holiday entitlement with the potential to buy extra holiday days!
• Discretionary bonus schemes awarded based on how you achieve your personal objectives and our performance as a business.
• A generous Defined Contribution Pension Scheme and Life Assurance.
• A dedicated welcome to our teams with a tailored induction and a wide range of training programmes to develop your skills.
• Amazing perks and discounts via our M&S Choices portal to maximise your financial and personal wellbeing.
• Industry‑leading parental, adoption and neonatal policies, providing support and flexibility for your family.
• Access to a fantastic range of wellbeing support for all colleagues including access to our 24/7 Virtual GP and PAM Assist to support you and your family.
• A charity volunteer day to support a charity or cause you’re passionate about through a dedicated day away from work.

We’re ambitious about the future of retail. We’re innovating, disrupting, and leading the way into a more inspiring, digital era. It’s an exciting time to be part of M&S.

To support us on our journey, we’re building inclusive, diverse teams where everyone can be themselves, do their best work, and make change happen. We support each other and succeed together.

Don’t worry if you don’t meet every single requirement of the job description. It’s more of a guide to what’s possible within the role. If you’re passionate, ready to work hard, and think the role feels right for you, we’d love to hear from you. #hybridrole #LI-Hybrid #LI-OT1