HealthHero
Application Security Engineer

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Application Security Engineer
Application Security Engineer (London or Bristol)
We are HealthHero, Europe’s largest digital clinic. Join us at a pivotal moment as we scale our digital healthcare platform across Europe — giving you the chance to shape security at the heart of a fast-growing, AI-driven business. We are recruiting an exciting Application Security Engineer on an initial 12-month fixed-term contract, with the option to become permanent. Based in either our London or Bristol office (two days per week in person).
About the Role
You will own security across the software development lifecycle, embedding automated security testing into CI/CD pipelines and enabling development teams to ship secure code quickly. This role works closely with UK and France engineering teams.
Your day-to-day responsibilities will include:
-
DevSecOps & Pipeline Security
- Implement and maintain security testing in GitLab CI pipelines
- Configure and tune SAST, DAST, dependency scanning, and secrets detection
- Build automated security gates that balance rigor with delivery velocity
- Enable self-serve security tooling for development teams
- Contribute code and patches to security tooling and configurations
-
Secure Development
- Define and enforce secure coding standards
- Conduct security-focused code reviews and threat modeling for new features
- Provide remediation guidance for application vulnerabilities
- Train and support developers on secure coding practices
-
Vulnerability Management
- Triage, patch, and track application vulnerabilities through to remediation
- Manage dependency vulnerabilities and upgrade cycles
- Report on application security posture to senior leadership
-
Risk & Compliance
- Embed GDPR and healthcare regulatory requirements into development processes
- Support DCB0129 clinical safety compliance for software changes
- Support customer security due diligence and audits
- Support ISO27001:2022 ISMS controls and audit processes
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Key Skills and Experience
Essential
- 3+ years in application security, DevSecOps, and secure software development
- Hands-on experience with CI/CD security integration (GitLab CI or similar)
- Familiarity with SAST/DAST tooling and dependency scanning
- Understanding of common vulnerabilities (OWASP Top 10) and remediation
- Previous experience working as a back-end or full-stack developer
- Knowledge of GDPR and data protection legislation
- Strong communicator; able to translate security requirements for developers
Desirable
- Development background with a security focus
- Familiarity with SIEM platforms (Snowflake [sic], Splunk, Azure Sentinel, or similar)
- Experience with CSPM tooling (Wiz, Prisma Cloud, or similar)
- Penetration testing or bug bounty experience
- Experience in regulated environments (healthcare, financial services)
- Familiarity with threat modeling frameworks (STRIDE, PASTA)
About Us
We exist to simplify healthcare and improve lives by making care feel instant, intelligent, and human.
HealthHero is Europe’s largest digital health provider, delivering 4 million consultations per year. We’re just starting. We’ve built a seamless digital clinic that brings body and mind together—from GP appointments and mental health support to long-term condition management. By partnering with the world’s leading insurers, employers, and public health systems, we make it easier for millions to get the care they need.
We are a growth-driven, capital-backed business with a strategy for sustainable scale. Our team combines digital innovators, management consultants, creatives, and clinical experts.
We’re more than a virtual appointment service. We’re building next-generation healthcare—an AI-powered, always-on ecosystem that learns from every interaction to shift from reactive treatment to proactive, sustainable health. At HealthHero, we’re digital when it should be and human where it counts.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Join us, and help build a healthcare system the world is waiting for.
A proud recipient of a prestige award (^not shown in text, implied by listing), we’ve also been featured as the fastest-growing digital healthcare company on the Sunday Times 100 Tech list. Our mission is to deliver person-centred care with excellence. We invest in people, resources, and technology to continuously improve—reflecting our commitment to innovation and ethical growth.
^Note:Original text mentions being "certified [i.e. named in award]_obj" but "obj" was unclear. Replaced conretely with placeholder.
What We Offer
- Full inductions training program (Microsoft Teams)
- Collaborative team culture: Passionate, supportive, and diverse colleagues
- 25 days of paid leave
- Birthdays + bank holidays as paid leave
- Regular 1:1s with your line manager
- 24/7 on-call support for dedicated team members
- Auto-enrolment pension scheme
- Healthcare plans + Employee Assistance Programme (EAP)
- Life Insurance Scheme
- Hybrid option: London/Bristol office (minimum 2 days in-office per week)
Additional Information
- We reserve the right to close applications early if sufficient candidates are received.
Qualified candidates are welcome regardless of background. No restrictions on candidates due to diverse attributes (e.g., colour, nationality, religion, gender).
We’re a Disability Confident Employer and fulfill equality commitments. Reasonable adjustments may be accommodated at any stage in the hiring process. Please reach out for support.
Sentence about award stats removed as implied, not explicitly quantifiable.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location