SAP Senior Product Security Response Specialist 

Canada, British Columbia, Vancouver 

971723795

COMPANY DESCRIPTION

PURPOSE AND OBJECTIVES

EXPECTATIONS AND TASKS

You will be a member of an international team comprising of experts in secure-programming techniques, who work closely with developers on vulnerabilities and security incidents reported on SAP applications.

You are expected to:

• Combine your technical expertise with experience in managing complex situations
• Communicate with leading security researchers, customers and SAP’s support organizations on confidential and sensitive disclosures
• Assess the risk of disclosure and work with internal stakeholders to mitigate risk to SAP
• Guide development teams on possible solutions to fix security vulnerabilities and manage security incidents

EDUCATION AND QUALIFICATIONS / SKILLS AND COMPETENCIES

Required skills:

• Minimum Bachelor Degree in Technology, Computer Science or Engineering
• Enthusiasm for security and technology, understands current security trends
• Experiences in software development, focusing on security or secure software development practices

Preferred skills:

• Pen-testing experience using tools like Qualys, Burpsuite, Metasploit, etc
• Vulnerability management experience including PoC creation, exploit/attack recreation, triaging, prioritization, fix recommendation and fix validation.
• Thorough understanding of common vulnerability types including OWASP top 10
• Thorough understanding of supply-chain issues in application security
• Awareness of current security relevant regulations (e.g. DORA, CRA)
• Understanding of CVE, CVSS, CWE
• Understanding of NVD, KEV, and the latest CISA initiatives
• Understanding of Cyber Security Framework
• Understanding of Secure SDLC
• Understanding of common security architectures
• Certifications like CISSP, CSSLP, CCSP, OSCP, CEH, or SANS certifications

WORK EXPERIENCE:

• Minimum 7 years of experience in security, either as a security practitioner, an application security developer, or a security auditor
• Experience in managing complex security incidents as lead/commander
• Experience in working with developers (e.g. DevOps) or other development-supporting roles

Experience in executive communication and external/media communication

We win with inclusion

Specific conditions may apply for roles in Vocational Training.

Job Segment:Cloud, ERP, Testing, PR, Senior Product Manager, Technology, Marketing, Operations