Security Engineer in Scotland

About Phorest Phorest powers over 11,000 hair, beauty, and medi‑spa businesses using our software across the globe. Our aim is to capture 25% of the market globally — that’s one million businesses and a billion‑dollar company. We’re continuing to grow and are excited to add a new member to the team. You’ll join a group of highly motivated individuals working together to help Phorest grow even faster.

The Opportunity As a Senior Security Engineer, you’ll play a key role in protecting our platform, our customers, and our growing global business. This is a high‑impact individual contributor role where you’ll take ownership of multiple areas of security, working across our cloud infrastructure, applications, and internal systems. You’ll combine deep technical expertise with a pragmatic, collaborative approach, helping us identify and reduce risk while enabling teams to move quickly and build with confidence. This isn’t about being a gatekeeper; it’s about being a partner to the business and embedding security into everything we do. As Phorest continues to scale, including our payments offering, PhorestPay — you’ll have the opportunity to shape how security evolves across the organisation.

What You’ll Do

• Own & Evolve Security Standards – Take ownership of security standards across Phorest, ensuring they are practical, up‑to‑date, and consistently applied. Continuously improve them in line with evolving threats, business needs, and industry best practice.
• Protect Our Cloud & Infrastructure – Configure, maintain, and optimise security tooling across our AWS environment. Lead threat monitoring, improve alert quality, and proactively identify gaps in our security coverage.
• Drive Risk Reduction – Lead security assessments across infrastructure and applications. Prioritise vulnerabilities based on risk and work closely with teams to ensure effective remediation. Facilitate threat modelling to catch risks early in the development lifecycle.
• Embed Security into Engineering (Shift‑Left) – Partner with engineering teams to integrate security into CI/CD pipelines and development workflows – enabling secure‑by‑default practices without slowing delivery.
• Incident Response & Triage – Lead the triage and analysis of security alerts and incidents. Provide clear guidance on remediation and identify patterns to reduce recurring risks.
• Be a Trusted Security Partner – Act as a go‑to security point of contact across the business. Support teams in making secure decisions, balancing risk with practicality and speed.
• Build Security Awareness & Culture – Contribute to internal security education and secure coding initiatives, helping teams understand not just the “what” but the “why” behind security.
• Continuously Improve Our Security Posture – Identify opportunities to strengthen our tools, processes, and ways of working – and take ownership of driving those improvements forward.

Who You Are

• Strong Security Foundations – You have a solid understanding of threat detection, vulnerability management, and secure development practices.
• Cloud Security Experience (AWS) – You’ve worked hands‑on securing cloud environments, with experience across areas like IAM, networking, logging/monitoring, and threat detection (e.g., GuardDuty, Security Hub, WAF).
• Technical & Tooling Depth – You’re comfortable working with modern engineering tooling and environments (e.g., Git, Terraform, CI/CD pipelines), and understand how security fits into them.
• Security Assessments & Threat Modelling – You can independently carry out security reviews, threat modelling, and technical assessments – and translate findings into clear, actionable recommendations.
• Coding / Scripting Ability – You have working knowledge of scripting or programming (e.g., Python, Bash, JavaScript) and use it to automate or enhance security workflows.
• Pragmatic Problem Solver – You’re able to navigate complex systems, balance trade‑offs, and recommend solutions that are both secure and practical.
• Collaborative Mindset – You see security as an enabler, not a blocker. You build strong relationships with engineers and stakeholders, influencing through partnership rather than process.

Benefits

• Your wellbeing is important to us – we provide private healthcare, 2 Wellness Days, an employee assistance program and a free online GP service.
• As part of our Financial Wellbeing, we provide competitive Compensation, an Employee Share Purchase Scheme, Pension, Life Assurance, and Income Protection.
• We help you travel by providing a bike to work scheme as well as tax‑saver transport tickets.
• We support the women who work in Phorest by offering 2 weeks leave for Fertility Treatment, Pregnancy Loss and Menopause.
• We care for your family and provide Enhanced Maternity and Paternity Benefits.
• We grow our own timber! We provide a great learning environment and extensive development opportunities. We run development programs and provide access to many online resources including LinkedIn Learning.
• Moving house? Phorest employees get 3 moving days.

Want to learn more about Phorest? Check out nothingventured.rocks for our blog and insights on building an evergreen company from the team here at Phorest.

Equal Opportunity & Remote Work Phorest is an equal opportunity employer. For this position, flexi‑time and working from home is possible. We are also open to remote work. Get in touch to ask for more information or to chat about your future with Phorest!

Research shows that while men apply to jobs when they meet an average of 60% of the criteria, women and other marginalised folks tend to only apply when they check every box. So if you think you have what it takes, but don’t necessarily meet every single point on the job description, please still get in touch. We’d love to have a chat and see if you could be a great fit.