Responsibilities
- This role will form a fundamental part of a growing Platform Security function, where the team covers application security, cloud security, security operations, culture and risk management.
- As a tech‑centric organisation the Information Security team will play a critical part in embedding a security‑first mindset into application development and continuous application monitoring.
- This role will co‑own the cloud security posture and tooling across HealthHero’s AWS and Azure estates and have the opportunity to tackle cloud security with an international scope.
- The role will be supported by a multidisciplinary force of Infrastructure, Data Governance and Engineering team leads with a security focus as part of their remit.
- The role has a focus on infrastructure and cloud networking when it comes to security posture.
DevSecOps & SDLC
- Champion integration of security testing into CI/CD pipelines across all development teams and usage of automated security gates: SAST, DAST, dependency scanning, secrets detection.
- Enable self‑serve security tooling for development teams.
- Ability to set up development environment.
Cloud Security
- Own cloud security posture management using Wiz (or similar CSPM). Define and enforce cloud security baselines, guardrails, and policies in AWS.
- Implement and maintain IaC security scanning for Terraform.
- Manage IAM policies, network segmentation, and secrets management.
- Configure and tune SIEM (or similar) for cloud‑focused detection.
- Establish logging, monitoring, and alerting requirements based on threat modelling.
- Investigate and respond to cloud security events.
Risk & Compliance
- Identify, articulate, and elevate security risks to senior leadership with mitigation plans.
- Track and remediate vulnerabilities across infrastructure.
- Manage customer initiatives related to due diligence when required.
- Support and develop an annual programme of penetration testing and associated remediations.
Stakeholder Engagement
- Partner with internal stakeholders to support any requirements from the security function – particularly governance and accreditation requirements across different countries.
- Provide expertise on emerging threats and vulnerabilities.
- Support response to customer/client due diligence requests with timely and accurate information regarding vulnerability exposure.
Qualifications
- Understanding of secure coding, penetration testing techniques, SIEM, and vulnerability management.
- Proven experience in application security, DevSecOps, or cloud security.
- Experience securing cloud environments (AWS, Azure).
- Understanding and practical experience of ISO27001:2022 controls and audit processes.
- Ability to read and write IAC (Terraform) code, comfortable with IAC lifecycles.
- Strong understanding of cloud networking.
- Understanding of managing Secure Development Lifecycle and Vulnerability Management.
- Strong technical skills relevant to Information Security such as secure coding standards, ethical hacking techniques, network security and risk analysis.
- Familiarity with container security and Kubernetes.
- Experience in regulated environments (healthcare, financial services).
- AWS Security Specialty or similar certification.
- Familiarity with NHS DSPT.
- Technical knowledge of GDPR and data protection requirements.
- Hands‑on with CI/CD security tooling and pipeline integration.
- Interest in learning other countries’ health and security regulations (France, UK, IR, DE).
#J-18808-Ljbffr…
