We are looking for an experienced, hands-on Senior Cyber Security Engineer to take
technical ownership of our security tooling and controls the first dedicated cyber
security hire in a growing in house IT and Security function.
Reporting directly to the Head of IT & Security, this is a high autonomy role with a genuine voice in shaping our security
strategy: not executing someone else’s playbook, but helping to write it.
You will own the configuration, hardening and continuous improvement of our defensive
stack across a modern Microsoft and Google estate, working hands on day to day while
partnering with the wider business to keep a fast-growing, global organisation secure and
resilient. As the function matures, there is a clear path for the right person to grow the role and, in time, a team around them.
What you’ll be doing
Security Operations & Tooling Ownership
-
Endpoint & Device Strategy: Own the technical configuration, lifecycle management
-
and policy optimisation of endpoint security tooling and enterprise mobile device
-
management (MDM/MAM), namely Microsoft Intune and Defender.
-
Identity & Access Management: Harden and manage Identity & Access Management
-
(IAM) baselines across our core collaboration ecosystems (including Microsoft 365 and
-
Google Workspace), ensuring strict adherence to the Principle of Least Privilege.
-
Authentication & Email Hardening: Optimise modern authentication types (Windows
-
Hello, macOS Platform SSO), secure application API permissions and Entra Enterprise
-
App Registrations, and advance our email filtering policies ensuring our SPF, DKIM
-
and DMARC records are correctly provisioned and optimal.
-
Network Foundations: Support network security objectives, contributing technical
-
oversight to core networking principles, network segmentation, wireless
-
authentication and secure access pathways.
Incident Response & Vulnerability Execution
-
Threat Mitigation: Act as the primary internal technical interface for our Managed
-
Detection and Response (MDR) platform, coordinating rapid threat isolation, host
-
containment and system tuning.
-
Vulnerability Lifecycle: Deploy and manage vulnerability management tooling, taking
-
ownership of patch remediation, configuration audits and threat tracking across the
-
estate to systematically close technical blind spots.
-
Resilience Planning: Assist in the design, technical testing and documentation of
-
operational incident response playbooks and isolated system backup verification
-
procedures.
-
Continuous Tuning: Maintain and optimise anti-malware and filtering controls so that
-
security standards balance effectively against user productivity.
Governance, Continuity & Collaboration
-
Change Control: Adhere to and champion strict internal change control processes so
-
that security enhancements and maintenance do not disrupt operational continuity.
-
Security by Design: Partner with wider business units to conduct lightweight security
-
and technical risk assessments on new third-party SaaS vendors and systems prior to
-
onboarding.
-
Compliance Telemetry: Support the Head of IT & Security with evidence gathering,
-
audit tracking and data telemetry to validate our ongoing cyber resilience and
-
company disclosure obligations.
-
Security Culture: Promote a culture of accountability and security awareness,
-
including the coordination and technical execution of data driven internal phishing
-
simulation exercises.
Skills, knowledge & expertise
Essential
-
Hands on experience administering and hardening the Microsoft stack Intune,
-
Defender for Endpoint and Entra ID as the core of a live endpoint and identity estate.
-
Strong working knowledge of modern identity and access management: authentication
-
protocols, conditional access, Entra app registrations and the Principle of Least
-
Privilege.
-
A track record of operating independently in a security or senior infrastructure role,
-
comfortable owning and driving work with minimal oversight.
-
A clear communicator who can explain technical reasoning to non-technical colleagues
-
and constructively challenge decisions, including upward.
Desirable
-
Experience administering and hardening Google Workspace alongside Microsoft 365.
-
Familiarity with federated identity and modern authentication methods AML/OIDC,
-
Windows Hello for Business and macOS Platform SSO.
-
Working knowledge of email authentication SPF, DKIM and DMARC.
-
Experience working alongside an external MDR/SOC partner for detection and incident
-
response.
-
A grounding in network security fundamentals, segmentation, wireless
-
authentication and secure access ideally on Cisco Meraki.
-
Hands on experience with vulnerability management tooling and patch/remediation
-
workflows.
-
Awareness of security governance and compliance evidence work, such as supporting
-
audit and disclosure obligations.
-
Relevant certifications (e.g. Microsoft SC-200, SC-300 or AZ-500, or equivalent)
Why work at The Beauty Tech Group
At The Beauty Tech Group, we’re redefining the future of beauty by bringing cutting-edge
technology into homes around the world. Born from CurrentBody and now home to
category-leading brands including CurrentBody Skin, ZIIP Beauty, Tria Laser, and
CurrentBody Skin: The Clinic, we innovate at pace to create transformative devices and
skincare solutions used globally.
Our brands combine clinical credibility with consumer-focused design, spanning LED, radio
frequency, microcurrent, and laser technologies, and are trusted by customers in over 80
countries
Working here means building your career in an environment where you’re empowered to
develop deep expertise, take ownership of your impact and think big as part of a fast-
growing, ambitious business. We’re looking for exceptional people to join us at an exciting
stage and help shape the next generation of beauty technology brands.
What’s in it for you
-
25 days holiday (increasing with service) + Holiday Buy scheme
-
Auto-enrolment pension scheme
-
Work from home every Wednesday
-
Onsite café, gym and free parking
-
Staff discounts across CurrentBody Skin, ZIIP Beauty, and Tria Laser
-
Subsidised travel, Cycle to Work, and EV/tech schemes
-
Supported studies, Employee Assistance Programme and enhanced family leave
-
Social events, office brunches and career development opportunities
Recruitment process
-
Application reviewed by the Talent Acquisition team
-
Initial call with the Talent Acquisition team
-
Video interview with the hiring manager
-
In person interview at the office (including a short task)
-
Feedback
At The Beauty Tech Group, we are committed to creating a diverse and inclusive workplace where everyone feels valued and empowered to succeed. We welcome applications from all backgrounds and experiences.