A common pattern is to use a single machine as an SSH proxy or "bastion" to connect to another machine in your environment.
On your local machine, add the following configuration to ~/.ssh/config (you might need to create the file if it does not exist):
Host <tunnel_name> HostName <hostname_app_server> ProxyCommand ssh <username_on_bastion>@<hostname_of_bastion> -W %h:%p User <username_on_app_server>
Tunnel_name is an arbitrary label.
Hostname_app_server is the destination server.
Hostname_of_bastion is the direct machine you will be connecting to (and username_on_bastion is your HCB SSH username).
Username_on_app_server is typically the same value as username_on_bastion.
Now, to connect to your destination machine through your bastion, just do:
...replacing tunnel_name with the actual name you used above.