Security Engineer. Forlais Careers. Remote, UK hours.

Forlais. Security Engineer. Own application security, identity, secrets, and infrastructure security across the Forlais estate, including the research.

Own application security, identity, secrets, and infrastructure security across the Forlais estate, including the research and EvaEsi stacks.

A senior security engineering role spanning AppSec, infrastructure, identity, and supply chain. The work is consequential: results are reviewed against the cyber security policy (FOR-POL-307) and the access-control policy (FOR-POL-308).

Responsibilities

Run AppSec review across product, research-platform, and institutional sites.

Own identity, secrets, and access controls across the estate.

Coordinate vulnerability disclosure handling under FOR-STM-105.

Maintain the security side of release review (FOR-POL-204) and AI red-teaming (FOR-POL-206).

What we look for

Five or more years in security engineering, including production AppSec.

Strong working knowledge of identity systems and credential and key management practice.

Comfort working in a release-controlled environment and writing for non-security staff.