Security Engineer, Application Security

Mission

At Neko Health, our mission is to deliver proactive healthcare for all—empowering members to take control of their health through cutting-edge technology and compassionate care. Our mission is to shift healthcare from reactive treatment toward preventative health and early detection. By combining advanced sensors, AI, and a reimagined patient experience, we enable broad, non-invasive, and affordable health data collection for the public. Founded in 2018 and headquartered in Stockholm, Neko Health operates across Stockholm, London, and Manchester with over 500 employees.

Role Purpose

As a Security Engineer, Application Security, you will strengthen Neko Health’s software security posture within a regulated healthcare environment. You will lead secure development practices, embed security into engineering workflows, and partner with development teams to reduce vulnerabilities while ensuring applications meet the highest security and compliance standards.

What You’ll Deliver in the First 6–12 Months

• Drive adoption of a Secure Software Development Lifecycle (SSDLC) across engineering teams.
• Implement and integrate application security tooling into CI/CD pipelines, improving vulnerability detection and remediation.
• Establish consistent threat modelling and secure design practices across new features and products.
• Improve application security posture through proactive code reviews, vulnerability assessments, and developer enablement.
• Produce audit-ready evidence supporting regulatory and compliance requirements.

Responsibilities

• Drive adoption and continuous improvement of Secure Software Development Lifecycle (SSDLC) practices.
• Perform code reviews and vulnerability assessments for critical applications.
• Integrate and manage SAST, DAST, and SCA tools within CI/CD pipelines.
• Conduct threat modelling for new features, services, and products.
• Collaborate with developers to remediate vulnerabilities and promote secure coding practices.
• Maintain audit-ready security and compliance documentation.

Minimum Qualifications

• Strong understanding of application security principles and OWASP Top 10.
• Experience implementing secure coding practices and enabling developer security adoption.
• Hands-on experience with SAST, DAST, and SCA tools.
• Experience integrating security into CI/CD pipelines.
• Familiarity with compliance frameworks such as ISO 27001, NIST CSF, and HIPAA.

About The Engineering Team

Neko Health has nearly 100 full-time engineers working across Berlin, Chamonix, Hamburg, Lisbon, Marseille, Vilnius, and Stockholm, spanning disciplines such as Hardware Engineering, Firmware Development, Electrical Design, Algorithm Development, Machine Learning, Optronics Research, and Software Engineering. Our technology stack includes React, TypeScript, C++, Python, and C# with ASP.NET Core. We use Azure Cosmos DB and Azure Active Directory for authentication.

Organization and Way of Working

We are a Remote-First company, though some hardware and firmware roles require occasional access to physical devices. Software engineers in Stockholm typically work from the office once every one to two weeks. Teams meet in person several times per year for collaboration and team connection. Engineering teams are structured into small, cross-functional groups aligned to specific goals. Some teams are long-lived while others are formed for targeted initiatives. Teams aim to operate autonomously while collaborating across the organization when necessary. Goals are tracked quarterly and annually, with bi-weekly organization-wide progress reviews. Most teams operate on a bi-weekly planning cadence, though each group has flexibility in how they work. All teams present progress, learnings, and experiments during bi-weekly engineering demos, covering topics ranging from hardware and calibration challenges to infrastructure improvements, backend capabilities, and data innovations that enhance clinical productivity. Neko Health supports a flexible workplace that prioritizes work-life balance. We are deeply committed to our mission while believing meaningful impact should not require sacrificing personal wellbeing.

Hiring Process

Candidates begin with an initial recruiter screen focused on experience, motivations, and role alignment. Successful candidates then meet with the Hiring Leader for a deeper discussion on technical background and impact. Next, candidates complete technical assessments alongside existing team members, designed to reflect real-world challenges and collaboration. The process concludes with a final stage involving Engineering Leadership, focusing on long-term impact and alignment before moving to offer and pre-employment checks.

Equal Opportunity & Inclusion Statement

Neko Health is committed to inclusive hiring and equitable healthcare. We welcome candidates from all backgrounds and encourage requests for reasonable adjustments to support the application process.

Key skills/competency

• Application Security
• OWASP Top 10
• Secure Development Lifecycle (SSDLC)
• SAST, DAST, SCA
• CI/CD Integration
• Threat Modeling
• Vulnerability Management
• Secure Coding Practices
• ISO 27001, NIST CSF, HIPAA
• Azure Security