Application Security Engineer

Your role at CGM: As a leading provider of software solutions for the healthcare sector, we operate in 19 countries and employ almost 9,000 dedicated colleagues. You will be working in a dynamic, innovative environment full of opportunity. With your commitment and passion, you will have the chance to make a lasting impact.

CGM leverages AI: We are looking for people who feel the power of AI in the eHealth space, who want to help shape this transformation, and who, with curious passion, recognise how technology can make healthcare smarter, simpler and better.

Together, we are shaping the healthcare system of the future. Join our mission and make a difference – for a world in which knowledge saves lives

Are you passionate about pioneering products? Do you have the talent to turn ideas into concrete, value-creating solutions while always keeping the bigger picture in mind? Then you are exactly who we are looking for.

Your contribution:

• Serve as an authority on security best practices related to software development, platform infrastructure, and operational processes, ensuring that security considerations are prioritized at every stage of project development.

• Work closely with developers, architects, and testers to seamlessly embed security measures within the Software Development Life Cycle (SDLC), fostering a culture of security awareness and proactive risk management.

• Lead security reviews and threat modeling sessions aimed at uncovering potential security risks inherent in software designs, codebases, and cloud infrastructure. This involves analyzing the architecture and implementation for vulnerabilities.

• Engage in code reviews to evaluate security-related aspects of the code. Provide constructive feedback and actionable recommendations to enhance the security posture of the codebase.

• Support the definition and implementation of security requirements and controls throughout product development and infrastructure design. Additionally, aid in choosing and deploying the appropriate security tools and technologies to fortify product security while keeping abreast of the latest threats and vulnerabilities for informed decision-making.

What you bring along:

• Deep understanding of security principles, best practices, and frameworks (e.g., OWASP, NIST, ISO or willingness to train to acquire expertise.  

• Proficiency in threat modeling to identify potential threats and vulnerabilities in systems and applications.  

• Strong foundation in secure coding practices to guide developers in writing resilient and secure code.  

• Skills in risk management to effectively assess and prioritize security risks while recommending appropriate mitigation strategies.  

• Familiarity with DevSecOps practices, integrating security into the DevOps pipeline, and understanding compliance and regulatory requirements (e.g., GDPR, HIPAA); background in computer science or related fields, relevant experience and certifications, and strong analytical, problem-solving, and communication skills.  

What you can expect from us:

• Feel Good Management: We offer you fresh food daily with a diverse selection of dishes. You can also shape your workday in a hybrid manner, working remotely two days a week.

• Health: Take advantage of the gym and attend our free sports classes.

• Childcare: Our on-site kindergarten allows for a more flexible working arrangement.

• Events: Participate in internal events and activities, which take place regularly both on-site and remotely.

• Ergonomics: Design your workspace to meet your ergonomic needs, allowing you to work comfortably and healthily on-site.

Diversity is part of CGM We look forward to your application regardless of ability, gender, nationality, ethnic and social background, religion, age, as well as sexual orientation and identity.

Convinced? Apply online now with your comprehensive application documents (including salary expectations and your earliest possible start date).