Job description

Job description

  • Division:
  • City:
  • Country:
  • Job Type:
    Full Time
  • Number of Hours:
  • Contract Type:
Share this page
Share with linkedin
Share with facebook
Share with twitter
Share with email

Head of Application Security (19505)

About Cyber Security at Holland & Barrett

Head of Application Security

The Head of AppSec (Application Security) is a senior level executive, reporting to the CISO, who is responsible for balancing the need to secure and protect all applications, with the speed and innovation that is occurring at all levels across H&B.

H&B landscape is split across 3 domains (Legacy, Enterprise and Startup) which require different types of security integrations and touchpoints. This role is focused on the effective embedding of Application Security's processes and technologies in H&B's Engineering and Data teams, in order to develop secure, roughed, resilient, observable and highly scalable applications, while ensuring that the data and assets entrusted by customers, partners and employees are kept safe at all times.

This role is also expected to deliver real-business value by leveraging the ability of cyber and application security activities (for example Threat Modelling, Security Architecture and the network of Security Ambassadors) to improve the understanding, visibility and security automation and integration of the targeted applications and hosting environments.

This is a very hands on role, with the expectation of covering the full life-cycle of a vulnerability:

  • pro-actively discovering vulnerabilities in existing/new systems
  • creating PoCs that confirm its impact
  • proactively working with development teams in addressing vulnerabilities, by creating pull requests with the proposed fixes (key objective is to avoid overloading engineers with security-focused changes)
  • providing deep technical guidance on how to eradicate similar vulnerabilities from the code-base
  • Leverage existing technology and products to embed security checks for vulnerabilities in the CI/CD pipelines
  • ultimately making sure that development (and DevOps) teams write secure code by design, by default and in deployment.

Here are the key attitudes and experience that are relevant to this role (not all are needed):

  • leadership experience
  • effective communication and presentation skills
  • passion for creating teams that are highly motivated, focused, productive, with a strong work-life balance and aligned on common OKRs (objectives and key results)
  • senior stakeholder management
  • ability to translate highly complex concepts into audience-specific and targeted materials (i.e. easy to understand by that audience)
  • engineering experience, namely on how to effectively use technology to scale and automate processes
  • passion for cyber security, diagrams and data visualisation
  • being a β€˜Pioneer' and β€˜Settler', by driving innovation and also knowing how to take innovation and productize it (Pioneer and Settler as defined by Wardley Mapping)


Areas of responsibility:

Supported by an experienced team, best in class technology and highly qualified 3rd parties, here are the areas of responsibility for this role:

  • SSDL (Secure Software Development Lifecycle)
  • AppSec maturity models
  • AppSec activities (Dast, SAST, IAST)
  • Application security reviews
  • CI/CD pipeline integrations and automations
  • Threat Modeling
  • Security Champions/Ambassadors network
  • Compliance as code
  • Infrastructure as code
  • Security Training
  • Security architecture
  • Incident Response (for Application based attacks)
  • Attack Surface Reduction
  • Real-time dashboards
  • Stakeholder ownership of vulnerabilities and risks


Who are you?

We are looking for individuals that want to work for:

  • a company that is making a positive impact in the world (H&B is making the world healthier),
  • a company where you will make a real difference (H&B is going through an amazing digital transformation programme)
  • a security team that is growing and innovating (H&B Security has an amazing vision and objectives)

Here are some more attributes we are looking for:

  • Looking for next challenge
  • Curious
  • Highly Motivated
  • Effective Manager of highly pressured teams (with solid work life balance)
  • Want to make the difference
  • Want to build something worthwhile
  • Want to make the world safer


How to Apply

To make the selection process fairer and more objective, we don't use CVs as the sole data point in making the initial selection decision.

In addition to the CV we ask all candidates to send a presentation about themselves and their career.

Please take a look at this video which provides more details about what we are looking for in these presentations : Using a presentation in addition to a CV (when applying for H&B Security roles)

 Here are other important videos to view for inspiration and guidance:


πŸ’Έ Technology Incentive Scheme - we offer different bonus schemes for all grades in Technology, starting at 10%.

πŸ“š Learning and Development opportunity with Holland & Barrett is a great base for career development long term.

🀝 Career progression

πŸ” Pension company contribution 

✈️ Your wellbeing is paramount so you can get away and take 28 or 33 Days Holiday per year. 

πŸ’· Refer and Earn Scheme - as we're growing you can earn money by referring people to join us from your network.

πŸ‘œ Epic Extras gives you access to exclusive benefits, free advice and savings from a range of retailers and providers.

πŸ’° Stay healthy with Discounted Products - from day one you'll get a 25% discount (on top of other promotions) when you shop at H&B on anything that you buy. 

πŸ™‹πŸ½ We all need a little help sometimes, so we offer Free 24/7 Confidential Advice & Colleague Welfare.

🧠 Mental Health First Aiders - we have lots of qualified Mental Health First Aiders because its all about your health & wellbeing.

πŸ‘‘ We have colleague Reward and Recognition Schemes, so your hard work and loyalty won't go unnoticed.

πŸ‘ And many more!

The Company
  • Holland & Barrett is one of the nation's most loved and trusted brands, known for offering quality health food, vitamins and supplements all sold by highly trained and qualified advisors.
  • Bucking the current trend of high street retailers, we forecast significant growth and expansion plans in the coming years, with considerable investment going into all areas of the business. We certainly embrace change and drive speed in everything we do. Every day presents a different challenge, but every day is also filled with fun, teamwork and passion to succeed and surpass every expectation.
  • Join us and see how far you can go…

Close map
Head office - London
33 Cavendish Square, London, United Kingdom, W1G 0PW
Vacancy Alerts
Create an alert subscription based on this vacancy