Share this Job
Software-Design and Development

Senior Developer Security

What we offer

Our company culture is focused on helping our employees enable innovation by building breakthroughs together. How? We focus every day on building the foundation for tomorrow and creating a workplace that embraces differences, values flexibility, and is aligned to our purpose-driven and future-focused work. We offer a highly collaborative, caring team environment with a strong focus on learning and development, recognition for your individual contributions, and a variety of benefit options for you to choose from. Apply now!



The Team


The SAP CIM IBSO team is committed to deliver a best-in-class and provide best quality solutions to customers. The solution combines software, configuration and customization tools and a cutting edge, rich user experience into a “complete solution offering” that will change the way how customers uses the SAP software


Compliance to Security is a default customer expectation for a every product and projects, and further-on in the context of the European Union (EU) General Data Protection Regulation (GDPR), there is an emphasis on Data Protection & Privacy (DPP) compliance, NIST compliance, ISO 27001 compliance, etc  now more than ever before. The Security Expert in CIM IBSO is therefore be the Security Champion for the organization.

The SAP CIM IBSO team is committed to deliver a best-in-class and provide best quality solutions to customers. The solution combines software, configuration and customization tools and a cutting edge, rich user experience into a “complete solution offering” that will change the way how customers uses the SAP software


The Role


  • S/He shall ensure that all IBSO delivered projects mandatorily go through the SAP Secure Software Development Lifecycle (S2DL).
  • Her/His technical competencies therefore include the ability to
    • lead Security Evaluations & Estimations during the Solution Proposal phase (prior delivery).
    • moderate the Threat Modeling Workshops and Data Protection Compliance Evaluation Workshops during the Design phase
    • perform end to end risk assessment
    • advocate the Secure Programming Guidelines to the Development team during the Build phase
    • own the DPP testcases, and audit the mandatory execution of these tests during the MIT phase
    • conduct of the Security Code Scans on support bug fixes and regression tests for resolution of critical Security vulnerabilities
    • conduct open source security scan and guide projects teams to fix vulnerabilities
  • Guide architecture decisions based on SAP Product Standard Security and Secure Programming principles.
  • Drive and ensure the compliance of all delivered projects to Security and Data Protection & Privacy guidelines.
  • Work closely with Solution Architects, Development Architects, Project Managers, Developers and Quality Assurance, to coordinate the delivery of secure solutions (delivery includes design, development, testing, documentation, go-live and maintenance & support activities)
  • Perform dynamic application security testing (manual and tool based). Remove the false positives and report issues to the development team.
  • Perform penetration testing for the applications
  • Support development team in fixing the issues.
  • Create and maintain network with Security Experts across SAP (both internal and external).


The Role Requirement


  • 7+ years of total experience in Information Security
  • Security certifications like CEH, Security+, OSCP,  GPEN, CCSP, CISSP or any other security related certifications
  • Deep understanding of adherence of Secure Software Development Lifecycle (Secure SDL) during design, development, testing, debugging, delivery and support phase of products and projects
  • Knowledge and experience with Data Protection & Privacy principles to be adhered (e.g. GDPR)
  • Collaborate with product development and solution teams proactively to manage software security risk aligned with business goals
  • Support in external and internal audits and certifications of products (e.g. ISO 271001, SOC2 Type1/ Type 2, GxP, NIST, PCI DSS etc)
  • Strong understanding of OWASP top 10 and similar application security methodologies
  • Perform threat modelling as part of secure SDLC process
  • Hands on experience in conducting penetration for web application, API, Webservices, mobile application and thick clients (both cloud and on prem)
  • Proven hands-on experience working with Static (Checkmarx & Fortify) and Dynamic Security Scan tools (Burp suite, WebInspect)
  • Experience on Open Source Security code scan (tools - WhiteSource and Blackduck)
  • Maintain active understanding of industry practices for secure software development and incident response
  • Prior experience with Secure Programming principles in at least one programming language (ABAP, Java, C, C++, JavaScript’s)
  • Understanding of architecture and basic development experience with SAP technologies



We are SAP

SAP innovations help more than 400,000 customers worldwide work together more efficiently and use business insight more effectively. Originally known for leadership in enterprise resource planning (ERP) software, SAP has evolved to become a market leader in end-to-end business application software and related services for database, analytics, intelligent technologies, and experience management. As a cloud company with 200 million users and more than 100,000 employees worldwide, we are purpose-driven and future-focused, with a highly collaborative team ethic and commitment to personal development. Whether connecting global industries, people, or platforms, we help ensure every challenge gets the solution it deserves. At SAP, we build breakthroughs, together.


Our inclusion promise

SAP’s culture of inclusion, focus on health and well-being, and flexible working models help ensure that everyone – regardless of background – feels included and can run at their best. At SAP, we believe we are made stronger by the unique capabilities and qualities that each person brings to our company, and we invest in our employees to inspire confidence and help everyone realize their full potential. We ultimately believe in unleashing all talent and creating a better and more equitable world.


SAP is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to the values of Equal Employment Opportunity and provide accessibility accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with SAP and are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team: Americas: Careers.NorthAmerica@sap.com or Careers.LatinAmerica@sap.com, APJ: Careers.APJ@sap.com, EMEA: Careers@sap.com.


EOE AA M/F/Vet/Disability:

Qualified applicants will receive consideration for employment without regard to their age, race, religion, national origin, ethnicity, age, gender (including pregnancy, childbirth, et al), sexual orientation, gender identity or expression, protected veteran status, or disability.

Successful candidates might be required to undergo a background verification with an external vendor.

 Requisition ID:315891 | Work Area: Software-Design and Development | Expected Travel: 0 - 10% | Career Status: Professional | Employment Type: Regular Full Time  | Additional Locations: 

Senior Developer Security

Facility:  315891
Posted Date:  Jan 19, 2022
Work Area:  Software-Design and Development
Career Status:  Professional
Employment Type:  Regular Full Time
Expected Travel:  0 - 10%

Bangalore, IN, 560066

Job Segment: Developer, ERP, Product Development, SAP, Security, Technology, Research