We help the world run better
At SAP, we enable you to bring out your best. Our company culture is focused on collaboration and a shared passion to help the world run better. We offer a highly collaborative, caring team environment with a strong focus on learning and development, recognition for your individual contributions, and a variety of benefit options for you to choose from.
What you'll do
Join an extraordinary team of innovative engineers, designers, and product managers at SAP Learning Systems - a dynamic hub within the global SAP Learning organization. As a Product Security Engineer, you will play a pivotal role in shaping the security landscape for SAP Learning products, applications, and services. You will be responsible for developing and maintaining end-to-end security concepts across our landscape, maintaining awareness of industry security architecture best practices, and working with product management, product engineering, and other cyber security professionals to design and implement secure processes and development practices.
Key responsibilities include:
1. Security Governance & Compliance:
Understand and contribute to SAP's standards, enterprise governance, and global security policies. Act as the subject matter expert in Application (AppSec) and Operational (OppSec) security risk management.
2. Risk Assessment & Mitigation:
Oversee security risks, conduct targeted security risk assessments, and review security exceptions. Ensure that the delivery is reinforced with all quality and security standards.
3. Strategic Leadership:
Advise corporate leadership on risk reduction proposals, backed by cost justifications. Provide leadership, mentoring, and training to security personnel and other SAP stakeholders.
4. Collaboration & Communication:
Work collaboratively with internal and external partners for third-party security assessments. Develop and monitor security risk metrics, providing periodic updates to executive management.
5. Secure Development Knowledge:
Perform Secure Code Review to identify and address potential security vulnerabilities. Knowledge of OWASP Top 10, SANS 25 and NIST Framework. Hands-on knowledge of implementing Secure development Pipeline of DevSecOps Mind set.
What you'll bring
1. BA/BS in Computer Science, Information Security, Business Administration or related work experience
2. Minimum of five (5) years of managing IT initiatives/project management required
3. Minimum of five (5) years information security, audit, risk management, compliance or risk consulting related experience preferred
4. Experience working with Azure Pipelines, GitHub, and GitOps
5. Hands-on experience securing, managing and/or designing micro-service cloud solutions
6. Knowledge and experience on network and application security on cloud infrastructure including Azure and SAP BTP preferred
7. Security certification, e.g. CISSP, CISA - CRISC preferred
8. Excellent written and oral communication skills in English
9. Proactive, self-managed, and able to interface well with sponsor personnel and inter-disciplinary teams across an organization
About the Team
SAP Learning System is building and running SAP's next generation learning and community experience. We are a newly created organization within SAP Learning, the education, training and adoption unit within SAP.
Bring out your best
SAP innovations help more than four hundred thousand customers worldwide work together more efficiently. At SAP, you can bring out your best.
We win with inclusion
SAP's culture of inclusion, focus on health and well-being, and flexible working models help ensure that everyone feels included and can run at their best. SAP is proud to be an equal opportunity workplace and is an affirmative action employer.
EOE AA M/F/Vet/Disability:
Qualified applicants will receive consideration for employment without regard to their age, race, religion, national origin, ethnicity, age, gender, sexual orientation, gender identity or expression, protected veteran status, or disability. #J-18808-Ljbffr