About Phorest
Phorest powers over 11,000 hair, beauty, and medi‑spa businesses using our software across the globe. Our aim is to capture 25% of the market globally — that’s one million businesses and a billion‑dollar company.
We’re continuing to grow and are excited to add a new member to the team. You’ll join a group of highly motivated individuals working together to help Phorest grow even faster.
The Opportunity
As a Senior Security Engineer, you’ll play a key role in protecting our platform, our customers, and our growing global business. This is a high‑impact individual contributor role where you’ll take ownership of multiple areas of security, working across our cloud infrastructure, applications, and internal systems.
You’ll combine deep technical expertise with a pragmatic, collaborative approach, helping us identify and reduce risk while enabling teams to move quickly and build with confidence. This isn’t about being a gatekeeper; it’s about being a partner to the business and embedding security into everything we do.
As Phorest continues to scale, including our payments offering, PhorestPay — you’ll have the opportunity to shape how security evolves across the organisation.
What You’ll Do
Own & Evolve Security Standards – Take ownership of security standards across Phorest, ensuring they are practical, up‑to‑date, and consistently applied. Continuously improve them in line with evolving threats, business needs, and industry best practice.
Protect Our Cloud & Infrastructure – Configure, maintain, and optimise security tooling across our AWS environment. Lead threat monitoring, improve alert quality, and proactively identify gaps in our security coverage.
Drive Risk Reduction – Lead security assessments across infrastructure and applications. Prioritise vulnerabilities based on risk and work closely with teams to ensure effective remediation. Facilitate threat modelling to catch risks early in the development lifecycle.
Embed Security into Engineering (Shift‑Left) – Partner with engineering teams to integrate security into CI/CD pipelines and development workflows – enabling secure‑by‑default practices without slowing delivery.
Incident Response & Triage – Lead the triage and analysis of security alerts and incidents. Provide clear guidance on remediation and identify patterns to reduce recurring risks.
Be a Trusted Security Partner – Act as a go‑to security point of contact across the business. Support teams in making secure decisions, balancing risk with practicality and speed.
Build Security Awareness & Culture – Contribute to internal security education and secure coding initiatives, helping teams understand not just the “what” but the “why” behind security.
Continuously Improve Our Security Posture – Identify opportunities to strengthen our tools, processes, and ways of working – and take ownership of driving those improvements forward.
Who You Are
Strong Security Foundations – You have a solid understanding of threat detection, vulnerability management, and secure development practices.
Cloud Security Experience (AWS) – You’ve worked hands‑on securing cloud environments, with experience across areas like IAM, networking, logging/monitoring, and threat detection (e.g., GuardDuty, Security Hub, WAF).
Technical & Tooling Depth – You’re comfortable working with modern engineering tooling and environments (e.g., Git, Terraform, CI/CD pipelines), and understand how security fits into them.
Security Assessments & Threat Modelling – You can independently carry out security reviews, threat modelling, and technical assessments – and translate findings into clear, actionable recommendations.
Coding / Scripting Ability – You have working knowledge of scripting or programming (e.g., Python, Bash, JavaScript) and use it to automate or enhance security workflows.
Pragmatic Problem Solver – You’re able to navigate complex systems, balance trade‑offs, and recommend solutions that are both secure and practical.
Collaborative Mindset – You see security as an enabler, not a blocker. You build strong relationships with engineers and stakeholders, influencing through partnership rather than process.
Benefits