Paris, Ile-de-France, France · Hybrid
$90k–$100k/yr
Are you a hands-on security professional ready to define what application security looks like in the age of agentic AI? Do you want to work somewhere that treats security as a genuine competitive advantage and a core par…
Skills: Application Security, Secure SDLC, AI Security, Threat Modelling, Snyk
United Kingdom · Remote OK
$30k–$36k/yr
Are you looking to impact and be part of something special, such as shaping the future of healthcare? Are you eager to build a well-rounded skill set in a collaborative and forward-thinking environment? Are you keen to b…
Skills: Accounting, Bookkeeping, Double-entry bookkeeping, Accounts Payable, Accounts Receivable
London, England, United Kingdom · Hybrid
$80k–$90k/yr
Are you a hands-on security professional ready to define what application security looks like in the age of agentic AI? Do you want to work somewhere that treats security as a genuine competitive advantage and a core par…
Skills: Application Security, Secure SDLC, Snyk, Threat Modelling, AI Security
London, England, United Kingdom · Hybrid
$57k–$63k/yr
Are you someone who believes the best IT is almost invisible: so seamless, so well-built, that people barely notice it is there? Do you thrive on owning a platform end-to-end, building for the future, and using AI and au…
Skills: MacOS Fleet Management, MDM Administration, SaaS Administration, Identity And Access Management, IT Strategy
City of London, England, United Kingdom · Hybrid
$70k–$90k/yr
Are you ready to drive real change in healthcare? At Semble, we're transforming private healthcare with our SaaS clinical system. Already trusted by thousands of clinicians and used in the care of millions of patients, w…
Skills: Enterprise Account Management, Net Revenue Retention (NRR), Gross Revenue Retention (GRR), Quarterly Business Reviews (QBR), C-Suite Stakeholder Management
London, England, United Kingdom · Remote OK
$75k–$85k/yr
Are you looking to impact and be part of something special, such as shaping the future of healthcare? Are you excited to make healthcare more connected and directly contribute to bringing our vision to life? Sound like y…
Skills: Product Strategy, Product Lifecycle Management, Market Research, User Research, Backlog Prioritization
Paris, Ile-de-France, France · Remote OK
$75k–$85k/yr
Are you looking to impact and be part of something special, such as shaping the future of healthcare? Are you excited to make healthcare more connected and directly contribute to bringing our vision to life? Sound like y…
Skills: Product Strategy, Product Lifecycle Management, Market Research, Backlog Prioritization, Data-Driven Decision Making
United Kingdom · Hybrid
$80k–$100k/yr
Technical Solutions Engineer Are you looking to impact and be part of something special, such as shaping the future of healthcare? Do you love solving complex problems and want your work to make a difference? Sound like …
Skills: API Integration, Solution Design, Technical Discovery, Workflow Automation, Low-code Tooling
Paris, Ile-de-France, France · Remote OK
$60k–$70k/yr
Product Discovery Manager – France Are you looking to have an impact and be part of something special, such as shaping the future of healthcare? Do you want to be the person who truly understands what French healthcare p…
Skills: Product Discovery, User Research, Regulatory Compliance, French Healthcare Market Knowledge, Qualitative Analysis
Sign up with Clera and we'll reach out the moment a role actually fits you — no more spraying applications into the void.
Lead application security and secure SDLC initiatives, focusing on threat modelling and vulnerability management using Snyk. Develop AI security governance and architecture to mitigate risks associated with agentic AI in a healthcare context.
Requires at least 5 years of experience in application security with hands-on expertise in Snyk and modern web security standards. Must have practical experience with AI security risks and compliance frameworks like ISO 27001.
Are you a hands-on security professional ready to define what application security looks like in the age of agentic AI? Do you want to work somewhere that treats security as a genuine competitive advantage and a core part of building trustworthy healthcare software? Excited by the challenge of evolving security practice at pace, in an industry where the stakes are real?
This is not a pure compliance role, and it is not a pure red team role. It is a broad, technical, high-ownership position for someone who is equally comfortable threat modelling a new AI-powered product feature, owning your SAST and SCA pipelines, and contributing to an ISO 27001 audit.
About Semble
At Semble, we are on a mission to enable health professionals to amplify their impact. We improve the way healthcare is delivered to millions of people by providing doctors and their teams with powerful, innovative, intuitive, and secure software. Our cloud-based clinical system is already used by thousands of clinicians, making their lives easier and saving them money, while structuring their health data to help research.
We are a passionate and driven team, proud to unite under strong cultural drivers:
We are also quick to embrace new technologies: we have rapidly adopted AI internally, and we actively look for people who are excited to augment and enhance their work with it.
About the IT Delivery & Security Services team
We believe the best IT is almost invisible. We are dedicated to building secure, intuitive systems that make self-service simple, automating routine work, streamlining complexity, and removing barriers. Many of our tools are already self-serve, and we are always pushing further. Our commitment to high standards has helped Semble achieve key security certifications and set the benchmark for best practice across the business. We champion clarity, transparency, and processes that are easy to understand and straightforward to follow.
We hold ourselves to a high standard every day. Our estate is always patched, always correctly provisioned, always documented; not because an audit is coming, but because that is simply how we work.
About the role
You will report directly to the Head of Information Security, working alongside a Senior Technical Support Engineer, and together you will form the senior backbone of the IT Delivery and Security Services team.
Security at Semble has until now been carried by a single person. This hire is about building genuine depth and maturity into the function. You will own a broad portfolio of security responsibilities, from application security and secure SDLC enablement to AI governance and security programmes, with significant autonomy to shape how that work gets done.
The product is evolving fast. AI is no longer a feature at Semble; it is becoming part of the core architecture. That means the attack surface is changing, the threat model is changing, and the skills required to stay ahead of it are changing too. We are looking for someone who is not just keeping up with that shift but is genuinely excited by it.
This is a startup environment: the work is varied, the pace is real, and you will have the opportunity to get your hands on almost everything. There is a meaningful backlog of projects to deliver as we mature the InfoSec function. If you want to define best practice rather than just follow it, this is it.
This role is hybrid within France, with occasional travel to our London and Paris office for collaboration and workshops.
What you will be doing
Application Security and Secure SDLC
- Embed security into Agile development by partnering with engineering squads during planning, refinement, and delivery. Be the security voice in the room, not the person who reviews things after the fact.
- Define, roll out, and continuously improve secure coding standards, secure design patterns, and developer-friendly guidance that scales across the engineering team.
- Run threat modelling for new features and major architectural changes, capturing abuse cases and security requirements early. As Semble builds more AI-powered and agentic capabilities, apply emerging frameworks to ensure new threat surfaces are modelled and mitigated from the outset.
- Own SAST, SCA, DAST, container, and IaC scanning pipelines, with Snyk as our primary platform (Snyk Code, Open Source, Container, and IaC). Integrate with CI/CD, manage policies, and maintain a strong focus on developer experience and false-positive reduction.
- Triage and manage vulnerabilities end-to-end: classification, SLAs, fix validation, and reporting.
- Build frictionless guardrails: pre-commit hooks, secure templates, reference code, and paved paths that make doing the right thing the easy thing.
- Deliver targeted training and just-in-time enablement based on findings and stack specifics.
Security Architecture and Design
- Advise on architecture choices for key product feature developments, including authorisation, secrets and key management, data protection, and zero-trust-aligned designs.
- Guide secure API and microservice patterns, including input validation, rate limiting, secure session handling, and token-based security (OAuth 2.0/OIDC).
- Review designs for cloud-native services and edge components, ensuring sensible security trade-offs aligned to product goals.
- As agentic AI capabilities expand within the product, advise on the security architecture of agent orchestration, tool integrations, memory handling, and MCP (Model Context Protocol) server deployments.
AI Security and Governance
- Apply and evolve Semble's approach to AI-specific threats: prompt injection, excessive agent autonomy, tool and plugin abuse, AI supply chain risks, and context manipulation. The OWASP LLM Top 10 and OWASP Top 10 for Agentic Applications are your starting point, not your ceiling.
- Work closely with the Head of Information Security to develop and maintain Semble's AI governance posture, aligned with ISO 42001 and the evolving regulatory landscape for AI in healthcare.
- Assess risks associated with third-party AI integrations, AI-assisted development tooling, and agentic workflows, and implement appropriate mitigations.
Security Operations and Threat Management
- Monitor, investigate, and respond to security alerts, incidents, and anomalous behaviour across Semble's environment.
- Develop and mature threat intelligence capabilities, including vulnerability management, penetration testing coordination, and incident response processes.
- Maintain and improve security tooling, logging, and detection capabilities, with an automation-first mindset.
- Contribute to incident response runbooks for application-layer and AI-related incidents, and support blameless post-incident reviews to embed learning back into the SDLC.
- Contribute to the ongoing improvement of Semble's overall security posture, identifying and addressing gaps proactively.
Compliance, Certification and Audit Readiness
- Own or co-own the delivery of Semble's compliance programmes, including ISO 27001, Cyber Essentials+, NHS DSPT, and the journey towards SOC 2 readiness.
- Support and contribute to ISO 42001 implementation as Semble's AI governance framework matures.
- Define and track pragmatic security KPIs: time-to-remediate, coverage, percentage of criticals resolved within SLA, threat model coverage, and audit readiness indicators.
- Maintain audit-quality documentation, evidence, and records at all times. Our standard is always audit ready, every day.
Customer and Stakeholder Engagement
- Support the sales process by responding to customer security questionnaires and due diligence requests with accuracy and confidence.
- Occasionally engage directly with customers on security topics, acting as a knowledgeable and credible representative of Semble's security function.
- Work with internal stakeholders to ensure security requirements are understood and embedded across the business.
What we are looking for
Required
- Minimum of 5 years of experience in application security, product security, or a combination of software engineering and security with strong AppSec ownership.
- Hands-on experience with Snyk across SCA, SAST, Container, and IaC, including CI/CD integration and policy management.
- Strong grounding in modern web and application security: OWASP Top 10, API Security Top 10, and an emerging understanding of the OWASP Top 10 for Agentic Applications.
- Practical experience embedding security into Agile workflows and DevSecOps tooling.
- Solid understanding of authn/authz patterns, secrets management, encryption, and cloud-native security controls.
- Experience with compliance frameworks, particularly ISO 27001. Familiarity with Cyber Essentials+, NHS DSPT, or SOC 2 is a strong advantage.
- Practical understanding of AI security risks, including prompt injection, LLM vulnerabilities, and agentic system threats, and how to address them in a product context.
- Experience working in a SaaS environment or similarly regulated industry, with an appreciation of the product, engineering, and commercial context that security decisions sit within.
- Ability to communicate clearly with engineers, leadership, and occasionally customers, translating complex security risk into clear, actionable language.
- Genuine, hands-on AI experience: not curiosity, but practice. We will ask you to speak to specific ways you are already using AI to improve security operations, detection, or engineering workflows.
- A track record of maintaining security programmes to a continuously high standard, with audit readiness as a default rather than a periodic event.
- A proactive, ownership mindset: you identify gaps, propose solutions, and deliver them without waiting to be told.
- Proficiency in the French language (nice-to-have, not mandatory).
Desirable
- CISSP certification (strongly preferred).
- Experience with threat modelling methodologies such as STRIDE or attack trees, and running effective threat model sessions with engineering teams.
- Familiarity with API gateways, container orchestration, and software supply chain security.
- Experience securing AI-enabled features, ML pipelines, agentic workflows, or MCP-based integrations.
- Experience building or maturing a security function within a scaling organisation.
- Exposure to healthcare data regulations and NHS security requirements.
What you’ll get in return:
We welcome applications from people of all backgrounds and walks of life, including those from groups typically underrepresented in the technology industry. We also encourage applications from disabled and neurodiverse candidates. If there are adjustments we can make to support you throughout the recruitment process, please do let us know.
Semble is a healthcare management platform for outpatient providers. Founded to address the deep fragmentation in how care is delivered, Semble connects and orchestrates every stage of the patient journey, helping solo clinicians, growing group practices and complex enterprise organisations deliver faster, safer and more patient-centred care. Open and interoperable by design, Semble integrates seamlessly with over 1,200 tools across diagnostics, billing, labs, CRM and more, making it Europe's most connected healthcare platform. Trusted by over 1,700 healthcare businesses across 80 specialities and used daily by 16,000 professionals, Semble is widely adopted across private healthcare in the UK and France, building the AI care orchestration layer underpinning modern healthcare delivery.
Offices: 18 Finsbury Square, London, England EC2A 1RR, GB
Semble is a healthcare management platform for outpatient providers. Founded to address the deep fragmentation in how care is delivered, Semble connects and orchestrates every stage of the patient journey, helping solo clinicians, growing group practices and complex enterprise organisations deliver faster, safer and more patient-centred care. Open and interoperable by design, Semble integrates seamlessly with over 1,200 tools across diagnostics, billing, labs, CRM and more, making it Europe's most connected healthcare platform. Trusted by over 1,700 healthcare businesses across 80 specialities and used daily by 16,000 professionals, Semble is widely adopted across private healthcare in the UK and France, building the AI care orchestration layer underpinning modern healthcare delivery.
Offices: 18 Finsbury Square, London, England EC2A 1RR, GB
