Application Security Engineer

• Serve as an authority on security best practices related to software development, platform infrastructure, and operational processes, ensuring that security considerations are prioritized at every stage of project development.
• Work closely with developers, architects, and testers to seamlessly embed security measures within the Software Development Life Cycle (SDLC), fostering a culture of security awareness and proactive risk management.
• Lead security reviews and threat modeling sessions aimed at uncovering potential security risks inherent in software designs, codebases, and cloud infrastructure. This involves analyzing the architecture and implementation for vulnerabilities.
• Engage in code reviews to evaluate security-related aspects of the code. Provide constructive feedback and actionable recommendations to enhance the security posture of the codebase.
• Support the definition and implementation of security requirements and controls throughout product development and infrastructure design. Additionally, aid in choosing and deploying the appropriate security tools and technologies to fortify product security while keeping abreast of the latest threats and vulnerabilities for informed decision-making., * Feel Good Management: We offer you fresh food daily with a diverse selection of dishes. You can also shape your workday in a hybrid manner, working remotely two days a week.
• Health: Take advantage of the gym and attend our free sports classes.
• Childcare: Our on-site kindergarten allows for a more flexible working arrangement.
• Events: Participate in internal events and activities, which take place regularly both on-site and remotely.
• Ergonomics: Design your workspace to meet your ergonomic needs, allowing you to work comfortably and healthily on-site.

• Deep understanding of security principles, best practices, and frameworks (e.g., OWASP, NIST, ISO 27001) or willingness to train to acquire expertise.
• Proficiency in threat modeling to identify potential threats and vulnerabilities in systems and applications.
• Strong foundation in secure coding practices to guide developers in writing resilient and secure code.
• Skills in risk management to effectively assess and prioritize security risks while recommending appropriate mitigation strategies.
• Familiarity with DevSecOps practices, integrating security into the DevOps pipeline, and understanding compliance and regulatory requirements (e.g., GDPR, HIPAA); background in computer science or related fields, relevant experience and certifications, and strong analytical, problem-solving, and communication skills.

Your role at CGM:As a leading provider of software solutions for the healthcare sector, we operate in 19 countries and employ almost 9,000 dedicated colleagues. You will be working in a dynamic, innovative environment full of opportunity. With your commitment and passion, you will have the chance to make a lasting impact. CGM leverages AI: We are looking for people who feel the power of AI in the eHealth space, who want to help shape this transformation, and who, with curious passion, recognise how technology can make healthcare smarter, simpler and better. Together, we are shaping the healthcare system of the future. Join our mission and make a difference - for a world in which knowledge saves lives! Are you passionate about pioneering products? Do you have the talent to turn ideas into concrete, value-creating solutions while always keeping the bigger picture in mind? Then you are exactly who we are looking for., * CGM is one of the leading e-health companies in the world with more than 8.700 highly qualified employees * Sustainable solutions for constantly growing demands in healthcare * Locations in 19 countries and products in 60 countries worldwide CompuGroup Medical SE Software 5,001-10,000 employees Koblenz, Germany