Rodeo
ResourcesPartnersSign in

HealthHero

Application Security Engineer

London
Posted 2 days ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Application Security Engineer

Application Security Engineer (London or Bristol)

We are HealthHero, Europe’s largest digital clinic. Join us at a pivotal moment as we scale our digital healthcare platform across Europe — giving you the chance to shape security at the heart of a fast-growing, AI-driven business. We are recruiting an exciting Application Security Engineer on an initial 12-month fixed-term contract, with the option to become permanent. Based in either our London or Bristol office (two days per week in person).

About the Role

You will own security across the software development lifecycle, embedding automated security testing into CI/CD pipelines and enabling development teams to ship secure code quickly. This role works closely with UK and France engineering teams.

Your day-to-day responsibilities will include:

  • DevSecOps & Pipeline Security

    • Implement and maintain security testing in GitLab CI pipelines
    • Configure and tune SAST, DAST, dependency scanning, and secrets detection
    • Build automated security gates that balance rigor with delivery velocity
    • Enable self-serve security tooling for development teams
    • Contribute code and patches to security tooling and configurations
  • Secure Development

    • Define and enforce secure coding standards
    • Conduct security-focused code reviews and threat modeling for new features
    • Provide remediation guidance for application vulnerabilities
    • Train and support developers on secure coding practices
  • Vulnerability Management

    • Triage, patch, and track application vulnerabilities through to remediation
    • Manage dependency vulnerabilities and upgrade cycles
    • Report on application security posture to senior leadership
  • Risk & Compliance

    • Embed GDPR and healthcare regulatory requirements into development processes
    • Support DCB0129 clinical safety compliance for software changes
    • Support customer security due diligence and audits
    • Support ISO27001:2022 ISMS controls and audit processes

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

Key Skills and Experience

Essential

  • 3+ years in application security, DevSecOps, and secure software development
  • Hands-on experience with CI/CD security integration (GitLab CI or similar)
  • Familiarity with SAST/DAST tooling and dependency scanning
  • Understanding of common vulnerabilities (OWASP Top 10) and remediation
  • Previous experience working as a back-end or full-stack developer
  • Knowledge of GDPR and data protection legislation
  • Strong communicator; able to translate security requirements for developers

Desirable

  • Development background with a security focus
  • Familiarity with SIEM platforms (Snowflake [sic], Splunk, Azure Sentinel, or similar)
  • Experience with CSPM tooling (Wiz, Prisma Cloud, or similar)
  • Penetration testing or bug bounty experience
  • Experience in regulated environments (healthcare, financial services)
  • Familiarity with threat modeling frameworks (STRIDE, PASTA)

About Us

We exist to simplify healthcare and improve lives by making care feel instant, intelligent, and human.

HealthHero is Europe’s largest digital health provider, delivering 4 million consultations per year. We’re just starting. We’ve built a seamless digital clinic that brings body and mind together—from GP appointments and mental health support to long-term condition management. By partnering with the world’s leading insurers, employers, and public health systems, we make it easier for millions to get the care they need.

We are a growth-driven, capital-backed business with a strategy for sustainable scale. Our team combines digital innovators, management consultants, creatives, and clinical experts.

We’re more than a virtual appointment service. We’re building next-generation healthcare—an AI-powered, always-on ecosystem that learns from every interaction to shift from reactive treatment to proactive, sustainable health. At HealthHero, we’re digital when it should be and human where it counts.

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

Join us, and help build a healthcare system the world is waiting for.

A proud recipient of a prestige award (^not shown in text, implied by listing), we’ve also been featured as the fastest-growing digital healthcare company on the Sunday Times 100 Tech list. Our mission is to deliver person-centred care with excellence. We invest in people, resources, and technology to continuously improve—reflecting our commitment to innovation and ethical growth.


^Note:Original text mentions being "certified [i.e. named in award]_obj" but "obj" was unclear. Replaced conretely with placeholder.

What We Offer

  • Full inductions training program (Microsoft Teams)
  • Collaborative team culture: Passionate, supportive, and diverse colleagues
  • 25 days of paid leave
  • Birthdays + bank holidays as paid leave
  • Regular 1:1s with your line manager
  • 24/7 on-call support for dedicated team members
  • Auto-enrolment pension scheme
  • Healthcare plans + Employee Assistance Programme (EAP)
  • Life Insurance Scheme
  • Hybrid option: London/Bristol office (minimum 2 days in-office per week)

Additional Information

  • We reserve the right to close applications early if sufficient candidates are received.

Qualified candidates are welcome regardless of background. No restrictions on candidates due to diverse attributes (e.g., colour, nationality, religion, gender).

We’re a Disability Confident Employer and fulfill equality commitments. Reasonable adjustments may be accommodated at any stage in the hiring process. Please reach out for support.


Sentence about award stats removed as implied, not explicitly quantifiable.

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Application Security
DevSecOps
Secure Software Development
CI/CD Security Integration
SAST
DAST
Dependency Scanning
Vulnerability Management
Secure Coding Standards
Threat Modelling
GDPR
Data Protection
Communication
Penetration Testing
Bug Bounty
Regulated Environments

Location

London, England, United Kingdom

Sign up to applySee more jobs like this