Requisition ID: 272786
Work Area: Software-Design and Development
Expected Travel: 0 - 10%
Career Status: Professional
Employment Type: Regular Full Time
SAP started in 1972 as a team of five colleagues with a desire to do something new. Together, they changed enterprise software and reinvented how business was done. Today, as a market leader in enterprise application software, we remain true to our roots. That’s why we engineer solutions to fuel innovation, foster equality and spread opportunity for our employees and customers across borders and cultures.
SAP values the entrepreneurial spirit, fostering creativity and building lasting relationships with our employees. We know that a diverse and inclusive workforce keeps us competitive and provides opportunities for all. We believe that together we can transform industries, grow economics, lift up societies and sustain our environment. Because it’s the best-run businesses that make the world run better and improve people’s lives.
Concur, the most profitable and fastest growing SaaS provider in the world, is hiring a Senior Application Security Engineer to support our expanding public cloud presence. This is a fast growing team with the ability to make significant difference to Concur’s service offerings. Designing and maintaining software security in an agile and platform-oriented environment is an exciting challenge: your mission is to ensure best-in-class security and data protection for SAP Concur and its customers while enabling fast-paced innovation on SAP Concur SaaS and mobile solutions.
A Senior Application Security Engineer would preferably have experience creating performance metrics and traceability maps for AppSec governance at scale, deep understanding of the SaaS domain from a security perspective (ASP.NET/Java), experience in a related field or 5+ years of experience in information security (including 5+ years in application security and prior experience as an application/platform developer), as well as both deep and broad technical knowledge across a range of security areas. Industry standard certifications, including one or more of the following: CISSP, CISA, CCSP etc. would be a plus.
What you will need:
- Development background particularly building enterprise applications.
- Demonstrated working knowledge of securing applications in AWS Experience identifying security flaws in current code /architecture and provide remediation solutions. For example, educate and design framework-level protection for OWASP top 10 risks (e.g CSRF/XSS etc).
- Proficiency auditing object-oriented languages for vulnerabilities.
- Experience threat modeling at scale - both architecture and applications.
- Experience securing REST services.
- Hands-on leadership and own overall application security architecture design for Concur's SaaS-based financial services SaaS product.
- Willingness to serve as lead or technical expert to define and maintain the architectural frameworks/patterns, processes, standards and guidelines related to systems, business or data architecture.
- Technical and architectural subject matter expertise to provide to the various development teams including communicating architectural decisions and mentoring other technical staff around the various development technologies and decisions.
- Ability to oversee multiple projects in order to preserve the architectural vision and protect stakeholder interests as well as to meet operational and financial reporting requirements.
- Experience translating threats and business risk to R&D and executive leadership.
- Ability to recognize and address antipatterns at scale.
- Dedication to keep current by researching security standards and best practices, security monitoring systems, encryption technologies, authentication protocols etc.
- Strong verbal and written communication skills. Be a strong people leader - must be able to lead the and influence cross-functional leaders and executives.
- A four-year degree in computer science or information security and/or experience in an application security engineer position.
- Analytical skills – identify and define problems; determine root causes; provide remediation guidance.
- Work Ethic – Efficiently organize and prioritize work. Follow detailed procedures and ensure accuracy in documentation and data.
- Teamwork – solicit ideas and opinions of other team members in an international environment.
- Willingness to earn one of the following certifications: GIAC, CSSLP, CISSP.
- Ability to perform outside of normal working hours in the event of a security incident.
WHAT YOU GET FROM US
Success is what you make it. At SAP, we help you make it your own. A career at SAP can open many doors for you. If you’re searching for a company that’s dedicated to your ideas and individual growth, recognizes you for your unique contributions, fills you with a strong sense of purpose, and provides a fun, flexible and inclusive work environment – apply now.
SAP'S DIVERSITY COMMITMENT
To harness the power of innovation, SAP invests in the development of its diverse employees. We aspire to leverage the qualities and appreciate the unique competencies that each person brings to the company.
SAP is committed to the principles of Equal Employment Opportunity and to providing reasonable accommodations to applicants with physical and/or mental disabilities. If you are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team (Americas: Careers.NorthAmerica@sap.com or Careers.LatinAmerica@sap.com, APJ: Careers.APJ@sap.com, EMEA: Careers@sap.com).
Successful candidates might be required to undergo a background verification with an external vendor.
Additional Locations: Virtual - USA