Share this Job

Senior Information Security Engineer, SAP Ariba Job

Apply now »

Date: Jul 10, 2019

City: Bangalore, KA, IN

Company: SAP

Requisition ID: 185219
Work Area: Software-Development Operations
Expected Travel: 0 - 10%
Career Status: Professional
Employment Type: Regular Full Time

SAP started in 1972 as a team of five colleagues with a desire to do something new. Together, they changed enterprise software and reinvented how business was done. Today, as a market leader in enterprise application software, we remain true to our roots. That’s why we engineer solutions to fuel innovation, foster equality and spread opportunity for our employees and customers across borders and cultures.

SAP values the entrepreneurial spirit, fostering creativity and building lasting relationships with our employees. We know that a diverse and inclusive workforce keeps us competitive and provides opportunities for all. We believe that together we can transform industries, grow economics, lift up societies and sustain our environment. Because it’s the best-run businesses that make the world run better and improve people’s lives.

Security and Privacy are vital components of SAP Ariba's success as a cloud company. Our customers entrust us with their Sensitive Business Transactional Data and a limited amount of Personally Identifiable Information because of the value that we add by processing that data for them. If you want to be a game changer in building confidence in the cloud for our customers, consider joining our team. 

SAP Ariba’s Trust Office team is responsible for identifying, assessing and managing threats, vulnerabilities, and associated risks to Ariba’s information assets and resources. This includes providing expertise and partnership with operating and maintaining various integrated security technologies to protect the integrity, confidentiality and availability of all information resources throughout a highly distributed cloud environment.

The Application Security Architect is expected to be a seasoned security professional who drives security improvements within SAP Ariba. The Security Architect will drive security improvements for product and platform releases. The architect will ensure Secure by Design and Privacy by Design compliance can be met. In addition, the Architect will need to innovate solutions to challenging security problems. This role will report to the leader for Product and Ecosystem security.

Primary Job Responsibilities

  • Oversee Security Testing Process for your Product Area within SAP Ariba (Fortify, AppScan, etc.)
  • Monitor and Report on Product Penetration Test Issue Resolutions including maintaining a customer facing remediation report
  • Manage Build Secure for their Product Area (perform Security Risk assessments and Design Reviews)
  • Perform Threat Modeling and maintain Security Architecture Documentation
  • Act as the Incident Response Liaison to SecOps for SAP Product Area
  • Act as a Scrum team member, creates Security User Stories
  • Create content for Security Whitepapers and own SAP Ariba customer collateral for Product Security topics
  • Product Management Tasks as Security Solution Owner
  • Train Engineering Teams on OWASP & Secure Coding through Security Champion program
  • Enforces SAP Product Security Standards
  • Promotes & Enforces SAP Ariba Security Policies & Procedures, promotes security awareness in their responsible product area
  • Responsible for identifying the need for Privacy reviews in responsible product Area

Minimum Qualifications for this role

  • Candidate must have 7 to 10+ years of experience as an Application Security Engineer (with QA/Software Development Background)
  • Background with Security Testing Tools (Fortify, AppScan, Fuzzing)
  • Hands on experience with Security Architecture & Threat Modeling
  • Strong understanding of OWASP Top 10 for Web and Mobile & Secure Coding techniques, Privacy / Data Protection
  • Proven Understanding of Cryptography, SSO / SAML / OAuth / IdP
  • Strong understanding of SDLC / Agile / Scrum
  • Program Management Experience

Additional Qualifications for this role

  • Experience with Microservices & Containers
  • 2+ Years of work as a Penetration Tester for Web Applications or Mobile Applications
  • Knowledge of SANS Top 25 Common Weaknesses
  • Knowledge of PCI-DSS standard and controls
  • Knowledge of ISO 27034 standard
  • Certifications, one of: GSEC / CEH / GCIH / GWAPT

The ideal candidate will have the following qualities

  • Software Development, System Administration, or Network Engineering experience
  • Successful track record of working with both business and technical customers to achieve business goals and meet requirements
  • Knowledgeable in Cloud Security, Application and Web Application Security and the concepts, techniques, tools, methods and practices used to secure them
  • Strong communication skills and ability to influence others
  • Excellent planning ability and business acumen, goal/execution oriented
  • Able to see the “big picture” and contribute to development of operations runbook

Bachelor’s Degree or Equivalent


Success is what you make it. At SAP, we help you make it your own.A career at SAP can open many doors for you. If you’re searching for a company that’s dedicated to your ideas and individual growth, recognizes you for your unique contributions, fills you with a strong sense of purpose, and provides a fun, flexible and inclusive work environment – apply now.

To harness the power of innovation, SAP invests in the development of its diverse employees. We aspire to leverage the qualities and appreciate the unique competencies that each person brings to the company.

SAP is committed to the principles of Equal Employment Opportunity and to providing reasonable accommodations to applicants with physical and/or mental disabilities. If you are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team (Americas: or, APJ:, EMEA:

Successful candidates might be required to undergo a background verification with an external vendor.

Additional Locations

Job Segment: Information Security, SAP, ERP, Engineer, Security, Technology, Engineering