Security Engineer, Application Security

Security Engineer, Application Security

At Neko Health, our mission is to shift healthcare from reactive treatment toward preventative health and early detection. We combine advanced sensors, AI, and a reimagined patient experience to enable broad, non-invasive, and affordable health data collection. Founded in 2018 and headquartered in Stockholm, Neko Health operates across Stockholm, London, and Manchester.

As a Security Engineer, Application Security, you will strengthen Neko Health’s software security posture within a regulated healthcare environment. This role involves leading secure development practices, embedding security into engineering workflows, and partnering with development teams to reduce vulnerabilities while ensuring applications meet the highest security and compliance standards.

What You’ll Deliver in the First 6–12 Months

• Drive adoption of a Secure Software Development Lifecycle (SSDLC) across engineering teams.
• Implement and integrate application security tooling into CI/CD pipelines, improving vulnerability detection and remediation.
• Establish consistent threat modelling and secure design practices across new features and products.
• Improve application security posture through proactive code reviews, vulnerability assessments, and developer enablement.
• Produce audit-ready evidence supporting regulatory and compliance requirements.

Responsibilities

• Drive adoption and continuous improvement of Secure Software Development Lifecycle (SSDLC) practices.
• Perform code reviews and vulnerability assessments for critical applications.
• Integrate and manage SAST, DAST, and SCA tools within CI/CD pipelines.
• Conduct threat modelling for new features, services, and products.
• Collaborate with developers to remediate vulnerabilities and promote secure coding practices.
• Maintain audit-ready security and compliance documentation.

Minimum Qualifications

• Strong understanding of application security principles and OWASP Top 10.
• Experience implementing secure coding practices and enabling developer security adoption.
• Hands-on experience with SAST, DAST, and SCA tools.
• Experience integrating security into CI/CD pipelines.
• Familiarity with compliance frameworks such as ISO 27001, NIST CSF, and HIPAA.

About The Engineering Team

Neko Health is a Remote-First company with nearly 100 full-time engineers distributed across Berlin, Chamonix, Hamburg, Lisbon, Marseille, Vilnius, and Stockholm. Our technology stack includes React, TypeScript, C++, Python, and C# with ASP.NET Core. We use Azure Cosmos DB and Azure Active Directory for authentication.

Engineering teams are structured into small, cross-functional groups, operating autonomously with quarterly and annual goals. We support a flexible workplace that prioritizes work-life balance and are committed to our mission while believing meaningful impact should not require sacrificing personal wellbeing.

Hiring Process

The hiring process begins with an initial recruiter screen, followed by a deeper discussion with the Hiring Leader. Successful candidates complete technical assessments reflecting real-world challenges, concluding with a final stage involving Engineering Leadership.

Key skills/competency

• Application Security
• Secure Development Lifecycle (SSDLC)
• OWASP Top 10
• SAST, DAST, SCA Tools
• CI/CD Security Integration
• Threat Modelling
• Code Review
• Vulnerability Management
• Compliance (ISO 27001, NIST CSF, HIPAA)
• Secure Coding Practices