Loading...
 
Share this Job
Solution and Product Management

Senior Application Security Engineer, SAP Ariba

What we offer

Our company culture is focused on helping our employees enable innovation by building breakthroughs together. How? We focus every day on building the foundation for tomorrow and creating a workplace that embraces differences, values flexibility, and is aligned to our purpose-driven and future-focused work. We offer a highly collaborative, caring team environment with a strong focus on learning and development, recognition for your individual contributions, and a variety of benefit options for you to choose from. Apply now!

 

 

Role Location: US/Remote

 

Come be a part of the software security team charged with building the world’s largest digital Business marketplace even stronger and resilient against cyber criminals. We’re looking for an Application Security Engineer to guide software development teams in creating world-class secure products that power businesses around the globe.

 

At SAP Ariba, we connect millions of companies operating in over 190 countries to buy and sell goods and services. Each year, our network facilitates the transaction trillions of dollars, and is a key player in the global supply chain.

 

Role Expectations:

As a Product Security Engineer, you’ll play a key role in guiding application teams to deliver secure software products. Partnering with Developers to review upcoming features and helping developers to answer questions on security best-practices are just a few of the many ways we work to keep our business secure. Additionally, you will...

  • Help Drive our Shift Left Journey: Guide the creation of visibility metrics, and refinement of automated security feedback that our App Teams depend on. Visibility and insights are a key part of our shift-left strategy and enable our app teams to know where their products stand regarding security posture.

 

  • Lend Software Security Expertise to Dev Teams: Focusing as an aligned Security Subject Matter Expert to a small set of applications, you’ll get to deepen your knowledge of software while guiding teams to maintaining a world-class level of security. You’ll have the backing of a top global company, and a network of talented and passionate engineers and leaders to support your success.

 

  • Analyze Risk and Recommend Action Plans: Your knowledge of application security and understanding of risk will be key in guiding application teams and product owners to strike the right balance between ease-of-use and security. Teams will often look to you to help identify secure approaches to solving technical challenges.

 

  • Continuously Learn and Share Our Knowledge: With modern application technology moving at an ever-increasing speed, we’re looking for engineers that are passionate in continuing to develop their expertise in one or two of the many domains we consult on. Key areas for specialization: Threat Modeling, Secure Code Review, Mobile Application Security,  DevSecOps Automation, Developer Education.

 

Role Requirements:

  • Background and Experience:
    • Bachelor’s degree in Computer Science, Software Development, Information Security or related discipline with 8+ years professional experience
    • Strong Background in two of the following:  Threat Modeling,  SDLC Security, Secure Coding, Web Penetration Testing
    • Knowledge of Cloud and Containerization Technologies a plus

 

  • Software Development Knowledge
    • Experience and/or strong working knowledge of modern programming languages such as Java, Python, .NET, JavaScript as well as web application Fundamentals (HTML, CSS, JS)
    • Knowledge of common software design patterns
    • Basic knowledge of Build and Deploy tooling and technologies (Maven, Artifactory, Jenkins, etc...)
    • Experience with Mobile Applications a plus
    • Experience with modern JavaScript frameworks and libraries (such as Angular, and React) a plus

 

  • General Security Knowledge
    • Deep understanding of inherent weaknesses in web technology and protocols.  Before you can break a system, you must understand the system.
    • Relevant industry certifications are good to have, such as SANS GPEN, GWEB, OSWA, or CSSLP
    • The ability to think like an attacker, up to date with the current web application threat landscape.
    • Experience conducting manual security analysis of web applications for common and nuanced vulnerabilities. (For example... SQLi, XSS, Insecure Deserialization, Insecure Direct Object Reference)
    • Knowledge of vulnerability chaining techniques in web applications to maximize impact of an attack and a basic understanding of Encryption concepts.
    • Experience reviewing findings from automated software assessment tools (SAST, DAST, Open-Source Software Scanners)
    • Strong understanding of web security concepts such as SOP, CORS, and CSP
    • Strong understanding of Authentication & Authorization protocols.

 

  • Leadership and Communication Skills
    • Should be comfortable leading working sessions around security review and enhancements
    • Should be comfortable presenting to midsize groups (5 – 20) of technical contributors
    • Fundamental project management skills

 

Who you are

We’re looking for someone who takes initiative, perseveres, and stays curious. You like to partner with technical staff and leaders to drive security forward and are energized by lifelong learning.

 

#LI-REMOTE

#SAPSecurityCareersPE

 

 

We are SAP

SAP innovations help more than 400,000 customers worldwide work together more efficiently and use business insight more effectively. Originally known for leadership in enterprise resource planning (ERP) software, SAP has evolved to become a market leader in end-to-end business application software and related services for database, analytics, intelligent technologies, and experience management. As a cloud company with 200 million users and more than 100,000 employees worldwide, we are purpose-driven and future-focused, with a highly collaborative team ethic and commitment to personal development. Whether connecting global industries, people, or platforms, we help ensure every challenge gets the solution it deserves. At SAP, we build breakthroughs, together.

 

Our inclusion promise

SAP’s culture of inclusion, focus on health and well-being, and flexible working models help ensure that everyone – regardless of background – feels included and can run at their best. At SAP, we believe we are made stronger by the unique capabilities and qualities that each person brings to our company, and we invest in our employees to inspire confidence and help everyone realize their full potential. We ultimately believe in unleashing all talent and creating a better and more equitable world.

 

SAP is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to the values of Equal Employment Opportunity and provide accessibility accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with SAP and are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team: Americas: Careers.NorthAmerica@sap.com or Careers.LatinAmerica@sap.com, APJ: Careers.APJ@sap.com, EMEA: Careers@sap.com.

 

EOE AA M/F/Vet/Disability:

Qualified applicants will receive consideration for employment without regard to their age, race, religion, national origin, ethnicity, age, gender (including pregnancy, childbirth, et al), sexual orientation, gender identity or expression, protected veteran status, or disability.

Successful candidates might be required to undergo a background verification with an external vendor.

 Requisition ID:305968 | Work Area: Solution and Product Management | Expected Travel: 0 - 10% | Career Status: Professional | Employment Type: Regular Full Time  | Additional Locations: Virtual - USA

Senior Application Security Engineer, SAP Ariba

Facility:  305968
Posted Date:  Jan 15, 2022
Work Area:  Solution and Product Management
Career Status:  Professional
Employment Type:  Regular Full Time
Expected Travel:  0 - 10%
Location: 

Newtown Square, PA, US, 19073


Nearest Major Market: Philadelphia

Job Segment: Application Engineering, SAP, ERP, Developer, Engineering, Security, Technology