HealthHero
Digital Healthcare
ApplicationSecurityEngineer
“Application Security Engineer at HealthHero. Skills: Application Security, DevSecOps, Secure Software Development, CI/CD Security Integration, Vulnerability Management. Own security across the software development lifecycle. Embed automated security testing into CI/CD pipelines”
Industry & Context.
Provide remediation guidance for application vulnerabilities; Triage, patch and track application vulnerabilities through to remediation; Manage dependency vulnerabilities and upgrade cycles
12 month fixed term contract, with a view to becoming permanent, requirement to work in the office for a minimum of two days per week, unable to offer a sponsor licence to candidates who require sponsorship
What They're Looking For.
Must Have
3+ years in application security, DevSecOps, and secure software development, Hands-on experience with CI/CD security integration (GitLab CI or similar), Familiarity with SAST/DAST tooling and dependency scanning, Understanding of common vulnerabilities (OWASP Top 10) and remediation, Previous experience working as a back end or full stack developer, Knowledge of GDPR and data protection legislation, able to translate security requirements for developers
Nice to Have
Development background with security focus, Familiarity with SIEM platforms (Snowbit, Splunk, Sentinel), Experience with CSPM tooling (Wiz, Prisma Cloud, or similar), Penetration testing or bug bounty experience, Experience in regulated environments (healthcare, financial services), Familiarity with threat modelling frameworks (STRIDE, PASTA)
What You'll Do.
Own security across the software development lifecycle
Embed automated security testing into CI/CD pipelines
Enable development teams to ship secure code quickly
Implement and maintain security testing in GitLab CI pipelines
Configure and tune SAST
and secrets detection
Build automated security gates that balance rigour with delivery velocity
Enable self-serve security tooling for development teams
Contribute code and patches to security tooling and configurations
Define and enforce secure coding standards
Conduct security-focused code reviews and threat modelling for new features
Provide remediation guidance for application vulnerabilities
Train and support developers on secure coding practices
patch and track application vulnerabilities through to remediation
Manage dependency vulnerabilities and upgrade cycles
Report on application security posture to senior leadership
Embed GDPR and healthcare regulatory requirements into development processes
Support DCB0129 clinical safety compliance for software changes
Support customer security due diligence and audits
Support ISO27001: 2022 ISMS controls and audit process
How You'll Work.
Team & Collaboration
Works closely with UK and France engineering teams; Enable development teams to ship secure code quickly; Provide remediation guidance for application vulnerabilities; Train and support developers on secure coding practices
Communication Scope
able to translate security requirements for developers; Report on application security posture to senior leadership
Process & Methodology
Triage, patch and track application vulnerabilities through to remediation, Manage dependency vulnerabilities and upgrade cycles
Applying for this Application Security Engineer role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
ANONYMOUS · UNFILTERED
What do employees actually say about HealthHero?
Real rants from real employees. Read before you apply.