Expoint - all jobs in one place

Finding the best job has never been easier

Limitless High-tech career opportunities - Expoint

SAP Senior Product Security Response Specialist 
Canada, British Columbia, Vancouver 
971723795

30.08.2024

COMPANY DESCRIPTION

PURPOSE AND OBJECTIVES

EXPECTATIONS AND TASKS

You will be a member of an international team comprising of experts in secure-programming techniques, who work closely with developers on vulnerabilities and security incidents reported on SAP applications.

You are expected to:

  • Combine your technical expertise with experience in managing complex situations
  • Communicate with leading security researchers, customers and SAP’s support organizations on confidential and sensitive disclosures
  • Assess the risk of disclosure and work with internal stakeholders to mitigate risk to SAP
  • Guide development teams on possible solutions to fix security vulnerabilities and manage security incidents

EDUCATION AND QUALIFICATIONS / SKILLS AND COMPETENCIES

Required skills:

  • Minimum Bachelor Degree in Technology, Computer Science or Engineering
  • Enthusiasm for security and technology, understands current security trends
  • Experiences in software development, focusing on security or secure software development practices

Preferred skills:

  • Pen-testing experience using tools like Qualys, Burpsuite, Metasploit, etc
  • Vulnerability management experience including PoC creation, exploit/attack recreation, triaging, prioritization, fix recommendation and fix validation.
  • Thorough understanding of common vulnerability types including OWASP top 10
  • Thorough understanding of supply-chain issues in application security
  • Awareness of current security relevant regulations (e.g. DORA, CRA)
  • Understanding of CVE, CVSS, CWE
  • Understanding of NVD, KEV, and the latest CISA initiatives
  • Understanding of Cyber Security Framework
  • Understanding of Secure SDLC
  • Understanding of common security architectures
  • Certifications like CISSP, CSSLP, CCSP, OSCP, CEH, or SANS certifications

WORK EXPERIENCE:

  • Minimum 7 years of experience in security, either as a security practitioner, an application security developer, or a security auditor
  • Experience in managing complex security incidents as lead/commander
  • Experience in working with developers (e.g. DevOps) or other development-supporting roles

Experience in executive communication and external/media communication

We win with inclusion

Specific conditions may apply for roles in Vocational Training.


Job Segment:Cloud, ERP, Testing, PR, Senior Product Manager, Technology, Marketing, Operations