AppSec Jobs
← Back to all jobs

GHX

Sr Development Security Operations Engineer ( Senior DevSecOps Engineer)

Hyderabad, Telangana, IndiaWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About GHX

GHX (Global Healthcare Exchange) is a prominent SaaS provider specializing in cloud-based supply chain management solutions for the healthcare industry. Founded in 2000 by major medical product manufacturers, the company is headquartered in Louisville, CO, and operates across the United States, Canada, and over 15 European countries. GHX connects tens of thousands of healthcare organizations through its innovative supply chain network, aiming to streamline operations, reduce costs, and enhance patient outcomes. The company offers a wide range of cloud-based solutions, including procure-to-pay automation, inventory management, and clinical integration. Key products include the GHX Platform, which facilitates strategic connections and data analytics, as well as tools for order management and vendor compliance. GHX also provides consulting services tailored to healthcare providers and manufacturers, helping them achieve operational efficiency and financial resiliency. With a mission to simplify healthcare supply chains, GHX empowers organizations to make data-driven decisions that support patient-centered care.

Industry

hospital & health care

Employees

2,000

266 engineers

Revenue

$130M

Website

Visit →

Security at GHX

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • GHX operates a DevSecOps Center of Excellence (CoE) and uses a CoE governance model for DevSecOps and SRE practices.
  • Their DevSecOps roles explicitly require embedding security testing (SAST, SCA, DAST) into CI/CD and emphasize "shift-left"practices and security guardrails.
  • GHX's privacy notice states the company has implemented reasonable technical and organizational safeguards.
  • No public GHX page explicitly labeled an "AppSec Mission"or a standalone Application Security team charter was found.

Security Team

GHX employs a DevSecOps Center of Excellence (CoE) governance model, with DevSecOps engineers embedded within product engineering teams. DevSecOps roles report to a Manager of DevSecOps, while SRE roles report to a Sr. Manager, SRE. Security is a responsibility of the technology leadership, including the CTO, alongside infrastructure, business applications, product engineering and architecture. Information on key public-facing leaders and team size estimates is not publicly available.

Key Initiatives

GHX's initiatives include embedding security testing (SAST, SCA, DAST, container scanning) into CI/CD workflows as part of their "shift-left"strategy. They also focus on establishing global standards, frameworks, reusable automation modules, and governance through their CoE model. Compliance with regulations such as HIPAA, SOC2, and GDPR is a requirement. SRE initiatives involve implementing SLIs, SLOs, SLAs, and error budgets. No public evidence was found describing a Security Champions program.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.