Application Security Engineer
Listed on 2026-06-19
-
Security
Cybersecurity
Application Security Engineer (London or Bristol)
We are Health Hero, Europe's largest digital clinic. Join us at a pivotal moment as we scale our digital healthcare platform across Europe - giving you the chance to shape security at the heart of a fast-growing, AI-driven business. We are recruiting an exciting Application Security Engineer on an initial 12-month fixed-term contract, with a view to becoming permanent - based in either our London or Bristol office two days per week.
Aboutthe role
You will own security across the software development lifecycle, embedding automated security testing into CI/CD pipelines and enabling development teams to ship secure code quickly. This role works closely with UK and France engineering teams.
Dev Sec Ops & Pipeline Security- Implement and maintain security testing in Git Lab CI pipelines
- Configure and tune SAST, DAST, dependency scanning, and secrets detection
- Build automated security gates that balance rigour with delivery velocity
- Enable self-serve security tooling for development teams
- Contribute code and patches to security tooling and configurations
- Define and enforce secure coding standards
- Conduct security-focused code reviews and threat modelling for new features
- Provide remediation guidance for application vulnerabilities
- Train and support developers on secure coding practices
- Triage, patch and track application vulnerabilities through to remediation
- Manage dependency vulnerabilities and upgrade cycles
- Report on application security posture to senior leadership
- Embed GDPR and healthcare regulatory requirements into development processes
- Support DCB
0129 clinical safety compliance for software changes - Support customer security due diligence and audits
- Support ISO
27001:2022 ISMS controls and audit process
- 3+ years in application security, Dev Sec Ops , and secure software development
- Hands‑on experience with CI/CD security integration (Git Lab CI or similar)
- Familiarity with SAST/DAST tooling and dependency scanning
- Understanding of common vulnerabilities (OWASP Top 10) and remediation
- Previous experience working as a back-end or full stack developer
- Knowledge of GDPR and data protection legislation
- Strong communicator; able to translate security requirements for developers
- Development background with security focus
- Familiarity with SIEM platforms (Snowbit, Splunk, Sentinel)
- Experience with CSPM tooling (Wiz, Prisma Cloud, or similar)
- Penetration testing or bug bounty experience
- Experience in regulated environments (healthcare, financial services)
- Familiarity with threat modelling frameworks (STRIDE, PASTA)
- A full induction training programme, which will be undertaken via Microsoft Teams.
- An opportunity to work as part of an experienced team who are passionate in their field, supportive, diverse and dynamic.
- 25 days leave.
- Bank Holidays and your birthday off as leave.
- Regular 1-2-1s with your line Manager.
- 24/7 on-call staff support.
- Auto-enrolment pension scheme.
- Health Scheme and access to our Employee Assistance Programme.
- Life Insurance Scheme.
If you are interested in making a difference and believe this role is a good fit for you, we would love to hear from you.
Hybrid: London or Bristol (There is a requirement to work in the office for a minimum of two days per week)
Closing date for applications: Friday 29 May (5pm)
Additional information: We reserve the right to close this job in the event we receive a sufficient number of applications. Please note that we are unfortunately unable to offer a sponsor licence to candidates who require sponsorship from their employer.
#J-18808-LjbffrTo Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search: