Product Security Senior Specialist - Sap Ariba Job in Sap

Requisition ID: 279239
Work Area: Software-Design and Development
Expected Travel: 0 - 10%
Career Status: Professional
Employment Type: Regular Full Time

COMPANY DESCRIPTION

SAP started in 1972 as a team of five colleagues with a desire to do something new. Together, they changed enterprise software and reinvented how business was done. Today, as a market leader in enterprise application software, we remain true to our roots. That s why we engineer solutions to fuel innovation, foster equality and spread opportunity for our employees and customers across borders and cultures.

SAP values the entrepreneurial spirit, fostering creativity and building lasting relationships with our employees. We know that a diverse and inclusive workforce keeps us competitive and provides opportunities for all. We believe that together we can transform industries, grow economics, lift up societies and sustain our environment. Because it s the best-run businesses that make the world run better and improve people s lives.

Summary

SAP Ariba Security team is looking for anInformation Security Engineer with focus on Penetration Test verification and remediationthat can deliver technical expertise for our offensive security Penetration Testing team and execute tactical, offensive assessments across our environments. This individual should have extensive experience across the attack lifecycle and a demonstrated capacity to lead, design, and execute a penetration test against various technologies and stacks. Candidates are expected to scope, prepare and deliver technology-oriented assessments that positively benefit the overall security posture of the organization. This role requires a desire to help drive fixes after testing cycles, both as short-term mitigations and long-term improvements.

Job Role

TheProduct Senior Security Engineerwill be collaborating and working with Product Security Architects to ensurepotential security defects are identified, tested, and remediated prior to release of the product.

• Working with SAP Penetration testing team to schedule and scope Periodic Security Tests on the application and publish the report to stakeholders with relevant countermeasures.
• Review and verify third party penetration tests.
• Work with Eng. teams to remediate vulnerabilities found during the Third-party of customer pen tests.
• Review the application code for Security vulnerabilities and publish the report to stakeholders with relevant countermeasures andconduct Threat Modeling and Architecture Review from security perspective on need basis.
• Identify potential areas of security improvement in design or implementation and work closely and continuously with teams including Development, Security and Quality Assurance to ensure solutions are highly secure.
• Creates documents to depict the security stature of the application and works with development architects, QA team and others to track the vulnerabilities closure.
• Develops test plans and test strategies for Application Security testing and manages vulnerabilities and works with development team to provide resolutions
• Plays an integral role in the entire software development lifecycle including participation in design sessions, defining functional requirements, working with development teams and testing.
• Help in the building of tooling to automate portions of pentests, scoping or other offensive security work, and use this model to inform and drive our assessments, as well as assist other teams with SAP Ariba security efforts
• Design, scope, and lead deep technical assessments on internal and external facing systems
• Work with vulnerability management, production security and other security programs to align remediation efforts and best protect the company from known threats

Job Requirement

• Bachelor s degree in Computer Science or related discipline with 10+ years professional experience in Information Security
• Background in Threat Modeling, Security in SDLC and Bug Bounty Programs
• Relevant industry certifications such as SANS GPEN and GWEB.
• Familiarity in modern software development methodologies and tooling (Agile, CI/CD, Jenkins, AWS, GCP, etc.)
• Familiarity with Atlassian Jira and Confluence or similar software bug tracking tools.
• Mastery of web technology and protocols and inherent weaknesses. Before you can break a system, you must understand the system.
• Experience in using dynamic web application vulnerability scanners, both open source and commercial. (Arachni, Nikto, AppSpider, Qualys,etc.)
• Demonstrated experience in using intercepting proxies to conduct manual security analysis of web applications. (OWASP ZAP, Burp Suite, Fiddler, Postman, etc.)
• Experience and/or working knowledge of modern programming languages such as Java, Python. .NET and common web application stack (HTML/CSS/JavaScript Frameworks)
• Theability to think like an attacker, up-to-date with the current web application threat landscape.

#SAPSecurityCareersPE

WHAT YOU GET FROM US

Success is what you make it. At SAP, we help you make it your own. A career at SAP can open many doors for you. If you re searching for a company that s dedicated to your ideas and individual growth, recognizes you for your unique contributions, fills you with a strong sense of purpose, and provides a fun, flexible and inclusive work environment apply now.

SAP'S DIVERSITY COMMITMENT
To harness the power of innovation, SAP invests in the development of its diverse employees. We aspire to leverage the qualities and appreciate the unique competencies that each person brings to the company.

SAP is committed to the principles of Equal Employment Opportunity and to providing reasonable accommodations to applicants with physical and/or mental disabilities. If you are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team (Americas:[email protected]@sap.com, APJ:[email protected], EMEA:[email protected]).

Successful candidates might be required to undergo a background verification with an external vendor.

Additional Locations: