Senior Application Security Engineer

We're looking for a Senior Application Security Engineer to join our expanding Information Security team. If you are a hands‑on AppSec expert who enjoys working deep in the SDLC, partnering with talented engineers and building security into fast‑moving delivery pipelines, this role gives you the space to make a real impact. You will join a modern, cloud‑native environment where squads genuinely care about secure engineering, and you will have the autonomy, tooling and influence to help them excel. You will work alongside our existing Senior AppSec Engineer and Security Architect, strengthening our capacity and resilience as we continue to mature our security services. This is not a vulnerability management position. It is true engineering‑led AppSec, shaping secure design, embedding controls into CI/CD, operating core security services and getting into the technical detail of how our systems are built. If you come from a startup or scale‑up background, thrive in cloud‑native environments and enjoy being the trusted expert for squads who want to do the right thing, you will feel at home here. You will help define how we secure applications across Azure, AKS, Databricks, Snowflake and more, with the freedom to influence processes, tooling and engineering culture.

At Our Future Health, our mission is to transform the prevention, detection and treatment of conditions such as dementia, cancer, diabetes, heart disease and stroke. We're looking for people to join us on our journey. If you're looking for a new challenge where you can contribute to helping future generations live in good health for longer, then we're keen to speak with you.

What you'll be doing:

• Partnering with development teams across architecture, engineering and cloud to embed security into code, applications, Kubernetes and containerised workloads
• Encouraging a shift‑left approach and promoting secure engineering practices
• Implementing and operating code scanning to help developers identify and remediate vulnerabilities
• Maturing our Secure Development Lifecycle, embedding security into CI/CD in GitHub Actions and strengthening development tooling
• Advising on securing APIs and other high‑risk system components
• Assisting with securing our Data Platforms including Databricks, Dagster, Snowflake and the wider cloud environment
• Developing security policy as code using OPA or similar and gaining adoption across teams
• Documenting security processes and low‑level designs for security tools and services
• Contributing to security service documentation to support consistent delivery and operations
• Assisting teams integrating with security tooling and ensuring smooth onboarding to security services
• Supporting wider security initiatives including ISO 27001 activities and threat modelling

What you won't be doing:

• Working in a siloed environment with no freedom to make decisions.
• Working in a place where you can't see the impact your expertise makes.

Requirements:

• Proficient in writing Terraform, Python and ideally KQL
• Significant hands‑on experience with implementing and operating code scanners including SAST, DAST, IAST and SCA
• Experience of automating security capabilities and delivering security or policy as code using tools such as OPA or Azure Policy
• Experience of securing GitHub and GitHub Actions, or similar CI/CD platforms
• Experience of securing Kubernetes ideally AKS, along with broader container security
• Experience of securing APIs and other exposed components
• Ideally experience in securing data platforms such as Databricks, Dagster or Snowflake
• Experience working directly with software engineering best practices including source control, unit testing, code reviews, design documentation and strong debugging and troubleshooting
• Experience in threat modelling within engineering teams
• Exposure to Agile working and DevSecOps
• Knowledge of ISO 27001 and its relevance to secure engineering
• Desire to be part of a small fast‑paced team with a collaborative mindset
• Relevant certifications such as Microsoft MS‑500, AZ‑500, AZ‑700, SC‑200, CompTIA Security+ or Cloud+, CSA CCSK, ISC2 CSSLP, GIAC GWAPT or EC‑Council CASE

Benefits:

• Salary from £70,000 per annum
• Generous Pension Scheme – We invest in your future with employer contributions of up to 12%
• 30 Days Holiday + Bank Holidays – Enjoy a generous holiday allowance with the flexibility to take bank holidays when it suits you
• Enhanced Parental Leave – Supporting you during life's biggest moments
• Cycle to Work Scheme – Save 25–39% on a new bike and accessories through salary sacrifice
• Home & Tech Savings – Get up to 8% off on IKEA and Currys products, spreading the cost over 12 months through salary sacrifice
• £1,000 Employee Referral Bonus – Know someone amazing? Get rewarded for bringing them on board!
• Wellbeing Support – Access to Mental Health First Aiders, plus 24/7 online GP services and an Employee Assistance Programme for you and your family
• A Great Place to Work – We have a lovely Central London office in Holborn, and offer flexible and remote working arrangements

Join us – let's prevent disease together. At Our Future Health, we recognise the importance of having a diverse workforce and ensuring that all candidates, regardless of their background, have equitable access to our application process. We proactively encourage applicants who identify as having a disability, neurodiversity, or long‑term health conditions to let us know if they require any reasonable adjustments as part of their application process. If you do require any reasonable adjustments, please email us at talent@ourfuturehealth.org.uk