Job description

Job description

  • Division:
  • City:
  • Country:
  • Job Type:
    Full Time
  • Number of Hours:
  • Contract Type:
Share this page
Share with linkedin
Share with facebook
Share with twitter
Share with email

Senior Application Security Engineer (20242)

The Role

The Senior Application Security Engineer (AppSec) is a senior engineering position at the H&B Security team, reporting to the Head of AppSec, who is responsible for proactively working with engineering teams across H&B in securing and protecting internally developed mission-critical customer-focused applications.

H&B landscape is split across 3 domains (Legacy, Enterprise and Startup) which require different types of security integrations and touchpoints. This role is focused on providing engineering capabilities to existing Application Security's processes and technologies in H&B's Engineering and Data teams, in order to develop secure, roughed, resilient, observable and highly scalable applications, while ensuring that the data and assets entrusted by customers, partners and employees are kept safe at all times.

This is a very hands on role, with the expectation of covering the full life-cycle of a vulnerability:

  • proactively working with development teams in addressing vulnerabilities, by creating pull requests with the proposed fixes (key objective is to avoid overloading engineers with security-focused changes)
  • pro-actively discovering vulnerabilities in existing/new systems
  • creating PoCs that confirm its impact
  • providing deep technical guidance on how to eradicate similar vulnerabilities from the code-base
  • Leverage existing technology and products to embed security checks for vulnerabilities in the CI/CD pipelines
  • ultimately making sure that development/engineering teams write secure code by design, by default and in deployment.

Areas of responsibility:

Supported by an experienced team, best in class technology and highly qualified 3rd parties, here are the areas of responsibility for this role:

  • Secure code review (with PoC development where relevant)
  • Writing security-focused unit/integration tests
  • AppSec activities (Dast, SAST, IAST)
  • Application Security standards and detailed secure coding guidelines
  • CI/CD pipeline integrations and automations
  • Threat Modeling
  • Security Training for developers and engineers
  • Attack Surface Reduction
  • Application security reviews (aka pentesting)
  • Real-time dashboards



💸 Technology Incentive Scheme - we offer different bonus schemes for all grades in Technology, starting at 10%.

📚 Learning and Development opportunity with Holland & Barrett is a great base for career development long term.

🤝 Career progression

🔝 Pension company contribution 

✈️ Your wellbeing is paramount so you can get away and take 28 or 33 Days Holiday per year. 

💷 Refer and Earn Scheme - as we're growing you can earn money by referring people to join us from your network.

👜 Epic Extras gives you access to exclusive benefits, free advice and savings from a range of retailers and providers.

💰 Stay healthy with Discounted Products - from day one you'll get a 25% discount (on top of other promotions) when you shop at H&B on anything that you buy. 

🙋🏽 We all need a little help sometimes, so we offer Free 24/7 Confidential Advice & Colleague Welfare.

🧠 Mental Health First Aiders - we have lots of qualified Mental Health First Aiders because its all about your health & wellbeing.

👑 We have colleague Reward and Recognition Schemes, so your hard work and loyalty won't go unnoticed.

👏 And many more!

The Company
  • Holland & Barrett is one of the nation's most loved and trusted brands, known for offering quality health food, vitamins and supplements all sold by highly trained and qualified advisors.
  • Bucking the current trend of high street retailers, we forecast significant growth and expansion plans in the coming years, with considerable investment going into all areas of the business. We certainly embrace change and drive speed in everything we do. Every day presents a different challenge, but every day is also filled with fun, teamwork and passion to succeed and surpass every expectation.
  • Join us and see how far you can go…

Close map
Head office - London
33 Cavendish Square, London, United Kingdom, W1G 0PW
Vacancy Alerts
Create an alert subscription based on this vacancy