Job Description
At Holland & Barrett, we’re over a century old - and building like a startup. We’ve transformed into a fully cloud-native organisation, using Kubernetes, containers, serverless, and event-driven architectures. Now we’re embedding security directly into how we build software, and we’re looking for an Application Security Engineer to help lead that journey.
About the role
This is a role for someone who loves working with developers, not around them. Our ambition is simple: make the secure path the easy path. You’ll help build an AppSec model that’s automated, developer-friendly, and built into every stage of the SDLC.
The Role
As an Application Security Engineer, you’ll be a trusted partner to our engineering teams. You’ll work hands‑on to integrate security into CI/CD pipelines, identify and fix vulnerabilities early, and help teams design and ship secure applications by default.
What You’ll Do
* Embed SAST, DAST, and SCA tooling into CI/CD pipelines
* Perform code reviews, threat modelling, and application security testing
* Work directly with engineers to remediate vulnerabilities and improve designs
* Develop and promote secure coding standards and best practices
* Deliver security training and workshops to engineering teams
* Champion a culture of shared responsibility for application security
Key Requirements
* Experience as an Application Security Engineer or similar role
* Strong understanding of OWASP Top 10 and modern application threats
* Hands‑on experience with tools like Snyk, Checkmarx, Veracode, Burp Suite
* Proficiency in at least one modern programming language (e.g., Python, Java, JavaScript)
* Experience integrating security into CI/CD pipelines
* Great communication skills and a collaborative, developer‑first mindset
Why Holland & Barrett?
* Help shape AppSec from the ground up in a modern engineering organisation
* Work with cloud-native technologies and forward‑thinking teams
* A purpose‑led business focused on helping people live healthier lives
If you’re passionate about building secure software and making security a natural part of development, we’d love to hear from you.
Seniority level
Mid‑Senior level
Employment type
Full-time
Job function
Information Technology
Industries
Online Media
#J-18808-Ljbffr