Role Summary
The Security Champion for the G3 HIS product is responsible for embedding security best practices into the software development lifecycle and continuously improving the security posture of the solution. The role collaborates with G3 HIS development, QA, DevOps, and architecture teams to identify security gaps, drive remediation activities, and promote a security‑first culture across the project.
Key Responsibilities
Act as the primary application security point of contact for G3 HIS teams.
Collaborate with developers, architects, QA, and DevOps to integrate security into design, implementation, testing, and deployment.
Conduct security design reviews, threat modeling, and security‑focused code reviews for new and existing features.
Define and refine security requirements and controls for G3 HIS components and services.
Support the selection, configuration, and effective use of security tooling (e.g., SAST, DAST, SCA, secret scanning).
Analyze, prioritize, and track remediation of findings from security tools and external assessments.
Monitor security trends, emerging threats, and vulnerabilities relevant to the stack and domain, and translate them into concrete improvements.
Coordinate with central Security / InfoSec and Compliance teams to ensure alignment with corporate security policies and regulatory requirements.
Candidate Profile
Background
Former or current Java developer with a focus on application security.
Solid experience with enterprise Java applications (e.g., Spring ecosystem, REST APIs, relational databases).
Experience working on data‑sensitive or mission‑critical systems; healthcare domain experience is an advantage.
Required Skills (Technical & Soft)
Strong understanding of application security principles and common vulnerabilities (e.g., OWASP Top 10).
Proven experience applying secure coding practices in Java and related frameworks.
Familiarity with security frameworks and standards (e.g., OWASP ASVS, NIST, ISO 27001).
Ability to perform and document threat modeling and risk assessments.
Hands‑on experience with vulnerability assessment and verification (automated tools and manual analysis).
Knowledge of DevSecOps practices and integrating security controls into CI/CD pipelines.
Awareness of data protection and compliance requirements (e.g., GDPR; healthcare‑related regulations are a plus).
Clear, concise communication skills, able to explain security risks and trade‑offs to both technical and non‑technical stakeholders.
Strong collaboration and influencing capabilities; able to drive security improvements while remaining pragmatic.
High level of integrity, proactive mindset, and strong attention to detail.
Preferred Qualifications
Security‑related certifications (e.g., CSSLP, CEH, Security+, GWAPT) are an advantage but not mandatory.