The Security Champion for the G3 HIS product is responsible for embedding security best practices into the software development lifecycle and continuously improving the security posture of the solution. The role collaborates with G3 HIS development, QA, DevOps, and architecture teams to identify security gaps, drive remediation activities, and promote a security‑first culture across the project.
Key Responsibilities
Act as the primary application security point of contact for G3 HIS teams.
Collaborate with developers, architects, QA, and DevOps to integrate security into design, implementation, testing, and deployment.
Conduct security design reviews, threat modeling, and security‑focused code reviews for new and existing features.
Define and refine security requirements and controls for G3 HIS components and services.
Support the selection, configuration, and effective use of security tooling (e.g., SAST, DAST, SCA, secret scanning).
Analyze, prioritize, and track remediation of findings from security tools and external assessments.
Monitor security trends, emerging threats, and vulnerabilities relevant to the stack and domain, and translate them into concrete improvements.
Coordinate with central Security / InfoSec and Compliance teams to ensure alignment with corporate security policies and regulatory requirements.
Candidate Profile
Background
Former or current Java developerwith a focus on application security
Solid experience with enterprise Java applications (e.g., Spring ecosystem, REST APIs, relational databases).
Experience working on data‑sensitive or mission‑critical systems; healthcare domain experience is an advantage.
Required Skills (Technical & Soft)
Strong understanding of application security principles and common vulnerabilities (e.g., OWASP Top 10).
Proven experience applying secure coding practices in Java and related frameworks.
Familiarity with security frameworks and standards (e.g., OWASP ASVS, NIST, ISO 27001).
Ability to perform and document threat modeling and risk assessments.
Hands‑on experience with vulnerability assessment and verification (automated tools and manual analysis).
Knowledge of DevSecOps practices and integrating security controls into CI/CD pipelines.
Awareness of data protection and compliance requirements (e.g., GDPR; healthcare‑related regulations are a plus).
Clear, concise communication skills, able to explain security risks and trade‑offs to both technical and non‑technical stakeholders.
Strong collaboration and influencing capabilities; able to drive security improvements while remaining pragmatic.
High level of integrity, proactive mindset, and strong attention to detail.
Preferred Qualifications
Security‑related certifications (e.g., CSSLP, CEH, Security+, GWAPT) are an advantage but not mandatory.
CompuGroup Medical is one of the leading e-health companies in the world. With a revenue base of EUR 1.19 billion in 2023, its software products are designed to support all medical and organizational activities in doctors’ offices, pharmacies, laboratories, hospitals, and social welfare institutions. Its information services for all parties involved in the healthcare system and its web-based personal health records contribute towards safer and more efficient healthcare.
CompuGroup Medical’s services are based on a unique customer base, including doctors, dentists, pharmacists and other healthcare professionals in inpatient and outpatient facilities. With locations in 19 countries and products in 60 countries worldwide, CompuGroup Medical is the e-health company with one of the highest coverages among healthcare professionals. More than 9,000 highly qualified employees support customers with innovative solutions for the steadily growing demands of the healthcare system.
