REQUISITION ID: 344207 WORK AREA: SOLUTION AND PRODUCT MANAGEMENT EXPECTED TRAVEL: 0 - 10% CAREER STATUS: GRADUATE EMPLOYMENT TYPE: REGULAR FULL TIME CAREER LEVEL: T2 HIRING MANAGER: JIM ROTAN  RECRUITER NAME: JODEE-ANN WILLIAMS ADDITIONAL LOCATIONS: VIRTUAL - USA

JOB TITLE: PRODUCT SECURITY SPECIALIST - SAP ARIBA

SUMMARY:

Come be a part of the software security team charged with building the world’s largest digital Business marketplace even stronger and resilient against cyber criminals. We’re looking for an Application Security Engineer to guide software development teams in creating world-class secure products that power businesses around the globe.

At SAP, we connect millions of companies operating in over 190 countries to buy and sell goods and services. Each year, our network facilitates the transaction trillions of dollars, and is a key player in the global supply chain.

ROLE EXPECTATIONS:

As a Product Security Specialist, you’ll play a key role in guiding application teams to deliver secure software products. Partnering with Developers to review upcoming features and helping developers to answer questions on security best-practices are just a few of the many ways we work to keep our business secure. Additionally, you will...

• HELP DRIVE OUR SHIFT LEFT JOURNEY: Guide the creation of visibility metrics, and refinement of automated security feedback that our App Teams depend on. Visibility and insights are a key part of our shift-left strategy and enable our App Teams to know where their products stand regarding security posture.

• LEND SOFTWARE SECURITY EXPERTISE TO DEV TEAMS: Focusing as an aligned Security Subject Matter Expert to a set of applications, you’ll get to deepen your knowledge of software while guiding teams to maintaining a world-class level of security. You’ll have the backing of a top global company, and a network of talented and passionate engineers and leaders to support your success. Collaborate with product development and solution teams proactively to manage software security risk aligned with business goals

• ANALYZE RISK AND RECOMMEND ACTION PLANS: Your knowledge of application security and understanding of risk will be key in guiding application teams and product owners to strike the right balance between ease-of-use and security. Teams will often look to you to help identify secure approaches to solving technical challenges.

• CONTINUOUSLY LEARN AND SHARE OUR KNOWLEDGE: With modern application technology moving at an ever-increasing speed, we’re looking for engineers that are passionate in continuing to develop their expertise in one or two of the many domains we consult on. KEY AREAS FOR SPECIALIZATION: Threat Modeling, Secure Code Review, DevSecOps Automation, and Developer Education.

ROLE REQUIREMENTS:

• BACKGROUND AND EXPERIENCE:

  • Bachelor’s degree in Computer Science, Software Development, Information Security or related discipline with 2-4 years professional experience
  • Strong Background in two of the following:  Threat Modeling, SDLC Security, Secure Coding, Web Penetration Testing
  • Knowledge of Cloud and Containerization Technologies a plus

• SOFTWARE DEVELOPMENT KNOWLEDGE

  • Experience and/or strong working knowledge of modern programming languages such as Java, Python, .NET, JavaScript as well as web application Fundamentals (HTML, CSS, JS)
  • Knowledge of common software design patterns
  • Basic knowledge of Build and Deploy tooling and technologies (Maven, Artifactory, Jenkins, etc...)
  • Experience with modern JavaScript frameworks and libraries (such as Angular, and React) a plus

• GENERAL SECURITY KNOWLEDGE

  • Experience on Container security / Kubernetes /Dockers
  • Deep understanding of inherent weaknesses in web technology and protocols.  Before you can break a system, you must understand the system.
  • Relevant industry certifications are good to have, such as CISSP, CCSP.
  • The ability to think like an attacker, up to date with the current web application threat landscape.
  • Experience conducting manual security analysis of web applications for common and nuanced vulnerabilities. (For example... OWASP Top10 )
  • Knowledge of vulnerability chaining techniques in web applications to maximize impact of an attack and a basic understanding of Encryption concepts.
  • Experience reviewing findings from automated software assessment tools (SAST, DAST, Open-Source Software Scanners)
  • Strong understanding of web security concepts such as SOP, CORS, and CSP
  • Strong understanding of Authentication & Authorization protocols. 
  • Ability to support in external and internal audits and certifications of products (e.g., ISO 271001, SOC2 Type1/ Type 2, GxP, NIST, PCI DSS etc)
  • Ability to Drive and ensure the compliance of all delivered projects to Security and Data Protection & Privacy guidelines.

• LEADERSHIP AND COMMUNICATION SKILLS

  • Should be comfortable leading working sessions around security review and enhancements
  • Should be comfortable presenting to midsize groups (5 – 20) of technical contributors
  • Good skills in project management, analytical thinking, problem solving and presentation.

WHO YOU ARE

We’re looking for someone who takes initiative, perseveres, and stays curious. You like to partner with technical staff and leaders to drive security forward and are energized by lifelong learning.

 SAP'S DIVERSITY COMMITMENT    To harness the power of innovation, SAP invests in the development of its diverse employees. We aspire to leverage the qualities and appreciate the unique competencies that each person brings to the company. SAP is committed to the principles of Equal Employment Opportunity and to providing reasonable accommodations to applicants with physical and/or mental disabilities. If you are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team: Careers@sap.com  For SAP employees: Only permanent roles are eligible for the SAP Employee Referral Program, according to the eligibility rules set in the SAP Referral Policy. ADDITIONAL LOCATIONS :Virtual - USA

SAP is one of the biggest business software companies in the world. We collaborate every day to help make the world run better and improve people's lives. Every day, we help companies and organizations of all sizes and industries to run their businesses profitably, to adapt continuously, and grow sustainably.