Job Details

Application Security Engineer (London or Bristol)We are HealthHero, Europe's largest digital clinic. Join us at a pivotal moment as we scale our digital healthcare platform across Europe — giving you the chance to shape security at the heart of a fast‑growing, AI‑driven business. We are recruiting an exciting Application Security Engineer on an initial 12 month fixed‑term contract, with a view to becoming permanent – based in either our London or Bristol office two days per week.About the roleYou will own security across the software development lifecycle, embedding automated security testing into CI/CD pipelines and enabling development teams to ship secure code quickly. This role works closely with UK and France engineering teams.As an experienced Application Security Engineer, your working day will include but not be limited to:DevSecOps & Pipeline SecurityImplement and maintain security testing in GitLab CI pipelinesConfigure and tune SAST, DAST, dependency scanning, and secrets detectionBuild automated security gates that balance rigour with delivery velocityEnable self‑serve security tooling for development teamsContribute code and patches to security tooling and configurationsSecure DevelopmentDefine and enforce secure coding standardsConduct security‑focused code reviews and threat modelling for new featuresProvide remediation guidance for application vulnerabilitiesTrain and support developers on secure coding practicesVulnerability ManagementTriage, patch and track application vulnerabilities through to remediationManage dependency vulnerabilities and upgrade cyclesReport on application security posture to senior leadershipRisk & ComplianceEmbed GDPR and healthcare regulatory requirements into development processesSupport DCB0129 clinical safety compliance for software changesSupport customer security due diligence and auditsSupport ISO27001:2022 ISMS controls and audit processKey Skills and ExperienceEssential3+ years in application security, DevSecOps, and secure software developmentHands‑on experience with CI/CD security integration (GitLab CI or similar)Familiarity with SAST/DAST tooling and dependency scanningUnderstanding of common vulnerabilities (OWASP Top 10) and remediationPrevious experience working as a back end or full stack developerKnowledge of GDPR and data protection legislationStrong communicator; able to translate security requirements for developersDesirableDevelopment background with security focusFamiliarity with SIEM platforms (Snowbit, Splunk, Sentinel)Experience with CSPM tooling (Wiz, Prisma Cloud, or similar)Penetration testing or bug bounty experienceExperience in regulated environments (healthcare, financial services)Familiarity with threat modelling frameworks (STRIDE, PASTA)HybridLondon or Bristol (require two days per week)BenefitsA full induction training programme, which will be undertaken via Microsoft Teams.Opportunity to work as part of an experienced team who are passionate, supportive, diverse and dynamic.25 days leave.Bank holidays and your birthday off as leave.Regular 1‑2‑1s with your line manager.24/7 on‑call staff support.Auto‑enrolment pension scheme.Health scheme and access to our employee assistance programme.Life insurance scheme.In line with our commitment to Equality, Inclusivity and Diversity, we welcome and encourage applications from all suitably qualified candidates from all backgrounds. We are committed to supporting and promoting equality and diversity and aim to establish an inclusive working environment. We welcome diverse applications from candidates irrespective of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race (including colour, nationality, ethnic and national origin), religion or belief, sex, or sexual orientation. We are a certified Disability Confident Employer and are committed to affording equal opportunities for candidates with disabilities or special needs. Should you require any reasonable adjustments to be made at any part of your application process, please let us know by contacting us at recruitment‑team@healthhero.com.#J-18808-Ljbffr