Security Expert - Gurgaon Job in Sap

Requisition ID: 265582
Work Area: Software-Quality Assurance
Expected Travel: 0 - 10%
Career Status: Professional
Employment Type: Regular Full Time

COMPANY DESCRIPTION

SAP started in 1972 as a team of five colleagues with a desire to do something new. Together, they changed enterprise software and reinvented how business was done. Today, as a market leader in enterprise application software, we remain true to our roots. Thats why we engineer solutions to fuel innovation, foster equality and spread opportunity for our employees and customers across borders and cultures.

SAP values the entrepreneurial spirit, fostering creativity and building lasting relationships with our employees. We know that a diverse and inclusive workforce keeps us competitive and provides opportunities for all. We believe that together we can transform industries, grow economics, lift up societies and sustain our environment. Because its the best-run businesses that make the world run better and improve peoples lives.

ABOUT THE TEAM

The SAP IBSO team is committed to deliver a best-in-class and provide best quality solutions to customers. The solution combines software, configuration and customization tools and a cutting edge, rich user experience into a complete solution offering that will change the way how customers uses the SAP software

Compliance to Security is a default customer expectation for a every product and projects, and further-on in the context of the European Union (EU) General Data Protection Regulation (GDPR), there is an emphasis on Data Protection & Privacy (DPP) compliance, NIST compliance, ISO 27001 compliance, etc now more than ever before. The Security Expert in IBSO is therefore be the Security Champion for the organization.

THE ROLE

• She/He shall able to drive the topics within SAP IBSO on security
• She/He able to mentor colleagues to run end 2 end security topics within SAP IBSO
• S/He shall ensure that all IBSO delivered projects mandatorily go through the SAP Secure Software Development Lifecycle (S2DL).
• Her/His technical competencies therefore include the ability to
  • lead Security Evaluations & Estimations during the Solution Proposal phase (prior delivery).
  • moderate the Threat Modeling Workshops and Data Protection Compliance Evaluation Workshops during the Design phase
  • advocate the Secure Programming Guidelines to the Development team during the Build phase
  • own the DPP testcases, and audit the mandatory execution of these tests during the MIT phase
  • conduct of the Security Code Scans on support bug fixes and regression tests for resolution of critical Security vulnerabilities
  • conduct open source security scan and guide projects teams to fix vulnerabilities
• Guide architecture decisions based on SAP Product Standard Security and Secure Programming principles.
• Drive and ensure the compliance of all delivered projects to Security and Data Protection & Privacy guidelines.
• Work closely with Solution Architects, Development Architects, Project Managers, Developers and Quality Assurance, to coordinate the delivery of secure solutions (delivery includes design, development, testing, documentation, go-live and maintenance & support activities)
• Perform dynamic application security testing (manual and tool based). Remove the false positives and report issues to the development team.
• Perform penetration testing for the applications
• Support development team in fixing the issues.
• Create and maintain network with Security Experts across SAP (both internal and external).

ROLE REQUIREMENT

• 10+ years of total experience in Information Security
• Security certifications like CEH, Security+, CISSP or any other security related certifications

• Deep understanding of adherence of SAP Secure Software Development Lifecycle (Secure SDL) during design, development, testing, debugging, delivery and support for IBSO projects
• Knowledge and experience with Data Protection & Privacy principles to be adhered to during customer projects
• Prior experience with Secure Programming principles in at least one programming language (ABAP, Java, C, C++, JavaScripts)
• Debugging experiences with commonly occurring Security vulnerabilities such as Cross-Site Scripting, Cross-Site Request Forgery, Clickjacking, Authentication & Authorization, Fuzzing and the like
• Understanding of architecture and development experience with SAP technologies
• Knowledge and experience with Penetration Testing
• Proven hands-on experience working with Static and Dynamic Security Scan tools
• Experience on Open Source Security code scan
• Hands-on experience on conducting application vulnerability assessments for web, mobile and cloud applications.
• Deep understanding on tools like Burp Suite, Web Inspect, Fortify, Checkmarx, nmap etc.
• Knowledge on security hardening procedures major cloud platforms like AWS, Azure, GCP, SCP etc

WHAT YOU GET FROM US

Success is what you make it. At SAP, we help you make it your own. A career at SAP can open many doors for you. If youre searching for a company thats dedicated to your ideas and individual growth, recognizes you for your unique contributions, fills you with a strong sense of purpose, and provides a fun, flexible and inclusive work environment apply now.

SAP'S DIVERSITY COMMITMENT
To harness the power of innovation, SAP invests in the development of its diverse employees. We aspire to leverage the qualities and appreciate the unique competencies that each person brings to the company.

SAP is committed to the principles of Equal Employment Opportunity and to providing reasonable accommodations to applicants with physical and/or mental disabilities. If you are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team (Americas:[email protected]@sap.com, APJ:[email protected], EMEA:[email protected]).

Successful candidates might be required to undergo a background verification with an external vendor.