Security Engineer

Security Engineer

Phillips & Cohen Associates, Ltd.

Pay Range: Base pay range available upon discussion based on skills and experience.

We are seeking a highly skilled and proactive Security Engineer to join our Information Security team. This role is fundamental to maintaining the security posture of our critical financial platforms and infrastructure. The successful candidate will be a hands‑on technical expert responsible for securing our assets across Application, Systems, and Network domains. A strong adherence to UK financial regulations (FCA) and data protection laws (GDPR) is paramount.

This position offers a hybrid working model, providing flexibility while ensuring effective collaboration with the CISO and broader teams.

• Application Security Engineering (App Sec)
• Integrate security tools and processes into CI/CD pipelines (Dev Sec Ops ), ensuring security is "shifted left".
• Manage and execute Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) on proprietary applications.
• Provide technical advice on vulnerability fixes and secure coding practices to development teams.
• Conduct threat modeling exercises for new features and application architectures.
• Define, implement, and audit secure configuration standards for all corporate systems.
• Deploy, manage, and optimize Endpoint Detection and Response (EDR) solutions and host‑based firewalls.
• Engineer and govern secure configuration of IAM services (MFA, SSO, PAM).
• Oversee enterprise vulnerability scanning program and prioritize remediation.
• Design, implement, and maintain firewall rule sets and network segmentation.
• Configure and tune Network Intrusion Prevention and Detection Systems.
• Lead research, deployment, and operationalization of new network and cloud security tooling.
• Conduct security reviews of network diagrams and infrastructure changes.

• 4+ years in a security engineering role across Application, Systems, and Network domains.
• Previous experience in the UK financial services, banking, or highly regulated industry.
• Excellent knowledge of UK and EU regulatory requirements, including Cyber Essentials plus.
• Expertise in managing enterprise‑grade firewalls (e.g., Palo Alto, Fortinet, Cisco ASA).
• Strong familiarity with cloud security frameworks and tools (e.g., AWS Security Hub, Azure Security Center).
• Hands‑on scripting experience (Python, Power Shell, Bash).
• Ability to communicate complex technical security risks and compliance gaps effectively to the CISO.

• Relevant industry certifications (CISSP, CISM, SSCP).
• Cloud‑specific security certification (AWS Certified Security – Specialty, Microsoft Azure Security Engineer Associate).
• Certifications related to specific technologies (PCNSE, CCNP Security, GIAC).
• Experience with Infrastructure as Code security scanning tools (Checkov, Terrascan).

• Hybrid working model with 2‑3 days per week in the Manchester or Liverpool office.
• Flexible remote work for remaining time.

Mid‑Senior level

Full‑time

Information Technology

Banking

Referrals increase your chances of interviewing by 2x.