Application Security Specialist conducting SAST and DAST analyses at TEHORA to enhance digital healthcare security. Responsible for code reviews, OWASP recommendations, and participation in intrusion tests.
About the role
- As a Staff Security Engineer, build hx's security function while integrating security into engineering workflows. Collaborate across teams to ensure secure architecture and compliance.
Responsibilities
- Build hx's security programme from the ground up, setting direction for security architecture, compliance, and incident response as we scale globally.
- Design and implement security controls across AWS cloud infrastructure, Kubernetes workloads, and our multi-product platform, ensuring systems are secure by design.
- Integrate security into engineering workflows by embedding automated security testing, vulnerability management, and threat detection into CI/CD pipelines without slowing teams down.
- Lead or contribute to compliance initiatives (SOC2, ISO27001) by implementing technical controls and working cross-functionally with legal, engineering, and business teams to enable enterprise sales.
- Build security automation and tooling by writing code and scripts that scale security practices, detect vulnerabilities, and enforce policies efficiently.
- Partner with Engineering Managers, Principal Engineers, and Product Managers to embed security thinking early in design and architecture decisions.
- Act as a trusted voice in critical moments: responding to incidents, unblocking teams on security questions, and keeping high-stakes initiatives secure and on track.
- Assess and secure AI-powered systems across hx's platform, implementing controls that enable safe adoption of AI while mitigating risks like prompt injection, data leakage, and model vulnerabilities.
Requirements
- Built or significantly contributed to security programmes from the ground up, establishing foundational security controls, compliance readiness, and incident response capabilities.
- Designed and implemented security architecture for cloud-based distributed systems (AWS or equivalent), including multi-account strategies, identity and access management, network security, and data protection.
- Driven technical security improvements by writing code, building tools, and implementing controls that scaled with company growth.
- Integrated security into development workflows through DevSecOps practices including automated testing, secrets management, container security, and infrastructure-as-code security.
- Led or supported compliance initiatives (SOC2, ISO27001, GDPR, or similar), mapping technical controls to compliance requirements and guiding teams through audit cycles.
- Built trust with engineering teams by contributing technically and making security collaborative and frictionless.
- Balanced security rigor with business goals, making risk-based trade-offs that enabled growth while protecting customers and the business.
- Evaluated security implications of AI/ML systems, including understanding AI-specific risks and implementing controls to secure them.
Benefits
- £5,000 training and conference budget for individual and group development.
- 25 days of holiday plus 8 bank holidays (33 days total).
- Company pension scheme via Penfold.
- Mental health support and therapy via Spectrum.life.
- Individual wellbeing allowance via Juno.
- Private healthcare insurance through AXA.
- Income protection and Life Insurance.
- Cycle to Work Scheme
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
No Education Requirement
Tech skills
Location requirements
Facilities and Security Coordinator providing operational support for facility operations at Westinghouse. Coordinating administrative tasks, reporting, and ensuring compliance in facility management.
Information Security Specialist ensuring digital security and compliance at cyberunity AG in Zürich. Collaborating with IT teams to implement security measures and address vulnerabilities.
Data & Cloud Security Manager overseeing security programs for protecting sensitive data at Digital Realty. Leading initiatives in data protection and cloud security across various environments.
Cybersecurity GRC Lead responsible for governance, risk, and compliance at Emerson's Industrial IoT division. Shaping the cybersecurity agenda within a fast - evolving environment.
Security Personnel responsible for access and entry controls, ensuring safety standards at proSicherheit. Collaborating on reports and preventing criminal activities in various settings.
Security staff conducting access and entry controls and ensuring safety standards in Hamburg, Germany. Team collaboration and reporting tasks required for effective security measures.
Event Security role for Milwaukee Bucks, ensuring the safety of guests and employees at events. Interacting with various stakeholders and handling security - related issues effectively.
PP
Wachleitung / Fachkraft für Schutz und Sicherheit managing security operations at PTB. Overseeing personnel and ensuring compliance with safety protocols in Braunschweig.
Senior Cyber Security Consultant leading AppSec strategies and hands - on execution for software platforms. Focused on security engineering, vulnerability management, and compliance in the construction software industry.