COMPANY DESCRIPTION
PURPOSE AND OBJECTIVES
EXPECTATIONS AND TASKS
You will be a member of an international team comprising of experts in secure-programming techniques, who work closely with developers on vulnerabilities and security incidents reported on SAP applications.
You are expected to:
- Combine your technical expertise with experience in managing complex situations
- Communicate with leading security researchers, customers and SAP’s support organizations on confidential and sensitive disclosures
- Assess the risk of disclosure and work with internal stakeholders to mitigate risk to SAP
- Guide development teams on possible solutions to fix security vulnerabilities and manage security incidents
EDUCATION AND QUALIFICATIONS / SKILLS AND COMPETENCIES
Required skills:
- Minimum Bachelor Degree in Technology, Computer Science or Engineering
- Enthusiasm for security and technology, understands current security trends
- Experiences in software development, focusing on security or secure software development practices
Preferred skills:
- Pen-testing experience using tools like Qualys, Burpsuite, Metasploit, etc
- Vulnerability management experience including PoC creation, exploit/attack recreation, triaging, prioritization, fix recommendation and fix validation.
- Thorough understanding of common vulnerability types including OWASP top 10
- Thorough understanding of supply-chain issues in application security
- Awareness of current security relevant regulations (e.g. DORA, CRA)
- Understanding of CVE, CVSS, CWE
- Understanding of NVD, KEV, and the latest CISA initiatives
- Understanding of Cyber Security Framework
- Understanding of Secure SDLC
- Understanding of common security architectures
- Certifications like CISSP, CSSLP, CCSP, OSCP, CEH, or SANS certifications
WORK EXPERIENCE:
- Minimum 7 years of experience in security, either as a security practitioner, an application security developer, or a security auditor
- Experience in managing complex security incidents as lead/commander
- Experience in working with developers (e.g. DevOps) or other development-supporting roles
Experience in executive communication and external/media communication
We win with inclusion
Specific conditions may apply for roles in Vocational Training.
Job Segment:Cloud, ERP, Testing, PR, Senior Product Manager, Technology, Marketing, Operations