Share this Job
Solution and Product Management

Senior Application Security Engineer, SAP Ariba

What we offer

Our company culture is focused on helping our employees enable innovation by building breakthroughs together. How? We focus every day on building the foundation for tomorrow and creating a workplace that embraces differences, values flexibility, and is aligned to our purpose-driven and future-focused work. We offer a highly collaborative, caring team environment with a strong focus on learning and development, recognition for your individual contributions, and a variety of benefit options for you to choose from. Apply now!



Role Location: US/Remote


Role Summary

The SAP Ariba Product Security team is looking for a Senior Application Security Engineer with focus on leading and guiding software development teams in executing security tasks within the software development lifecycle (SDLC). Candidates should have experience or working knowledge of modern programming languages such as Java, Python, .NET and common web application stack (HTML/JavaScript Frameworks).


Role Expectations and Tasks 

The Product Senior Security Engineer will be collaborating and working with Product Security Architects to ensure potential security defects are identified, tested, and remediated prior to release of the product.

  • Review the application code for Security vulnerabilities and publish the report to stakeholders with relevant countermeasures and conduct Threat Modeling and Architecture Review from security perspective on need basis.
  • Identify potential areas of security improvement in design or implementation and work closely and continuously with teams including Development, Security and Quality Assurance to ensure solutions are highly secure.
  • Creates documents to depict the security stature of the application and works with development architects, QA team and others to track the vulnerabilities closure.
  • Develops test plans and test strategies for Application Security testing and manages vulnerabilities and works with development team to provide resolutions
  • Plays an integral role in the entire software development lifecycle including participation in design sessions, defining functional requirements, working with development teams and testing.
  • Design, scope, and lead deep technical assessments on internal and external facing systems
  • Work with vulnerability management, production security and other security programs to align remediation efforts and best protect the company from known threats
  • Working with SAP Penetration testing team to schedule and scope Periodic Security Tests on the application and publish the report to stakeholders with relevant countermeasures.
  • Review and verify third party penetration tests. Work with Engineering teams to remediate vulnerabilities found during the Third-party of customer pen tests.
  • Collaborate with Product Security Architects in the design, Implementation and maintenance of security controls in the SDLC relevant to FedRAMP and NIST compliance for on-premise software and SaaS-based offerings.


Role Requirements

  • Bachelor’s degree in Computer Science or related discipline with 8+ years professional experience in Information Security
  • Background in Threat Modeling, Security in SDLC, Secure Coding and Software Assurance
  • Relevant industry certifications such as SANS GPEN, GWEB and CSSLP
  • Familiarity in modern software development methodologies and tooling (Agile, CI/CD, Jenkins, AWS, GCP, etc.)
  • Familiarity with Atlassian Jira and Confluence or similar software bug tracking tools.
  • Mastery of web technology and protocols and inherent weaknesses.  Before you can break a system, you must understand the system.
  • Demonstrated experience in using Static Code Analysis Tools for security (Coverity, Fortify, Sonar, etc.), including security tools for vulnerability management of Free and Open Source (FOSS) components and libraries such as Whitesource, Blackduck and Snyk.
  • Experience in using dynamic web application vulnerability scanners, both open source and commercial. (Arachni, Nikto, AppSpider, Qualys,etc.)
  • Demonstrated experience in using intercepting proxies to conduct manual security analysis of web applications. (OWASP ZAP, Burp Suite, Fiddler, Postman, etc.)
  • Experience and/or working knowledge of modern programming languages such as Java, Python. .NET and common web application stack (HTML/CSS/JavaScript Frameworks)
  • The ability to think like an attacker, up-to-date with the current web application threat landscape.






We are SAP

SAP innovations help more than 400,000 customers worldwide work together more efficiently and use business insight more effectively. Originally known for leadership in enterprise resource planning (ERP) software, SAP has evolved to become a market leader in end-to-end business application software and related services for database, analytics, intelligent technologies, and experience management. As a cloud company with 200 million users and more than 100,000 employees worldwide, we are purpose-driven and future-focused, with a highly collaborative team ethic and commitment to personal development. Whether connecting global industries, people, or platforms, we help ensure every challenge gets the solution it deserves. At SAP, we build breakthroughs, together.


Our inclusion promise

SAP’s culture of inclusion, focus on health and well-being, and flexible working models help ensure that everyone – regardless of background – feels included and can run at their best. At SAP, we believe we are made stronger by the unique capabilities and qualities that each person brings to our company, and we invest in our employees to inspire confidence and help everyone realize their full potential. We ultimately believe in unleashing all talent and creating a better and more equitable world.


SAP is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to the values of Equal Employment Opportunity and provide accessibility accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with SAP and are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team: Americas: Careers.NorthAmerica@sap.com or Careers.LatinAmerica@sap.com, APJ: Careers.APJ@sap.com, EMEA: Careers@sap.com.


EOE AA M/F/Vet/Disability:

Qualified applicants will receive consideration for employment without regard to their age, race, religion, national origin, ethnicity, age, gender (including pregnancy, childbirth, et al), sexual orientation, gender identity or expression, protected veteran status, or disability.

Successful candidates might be required to undergo a background verification with an external vendor.

 Requisition ID:305968 | Work Area: Solution and Product Management | Expected Travel: 0 - 10% | Career Status: Professional | Employment Type: Regular Full Time  | Additional Locations: Virtual - USA

Senior Application Security Engineer, SAP Ariba

Facility:  305968
Posted Date:  Sep 21, 2021
Work Area:  Solution and Product Management
Career Status:  Professional
Employment Type:  Regular Full Time
Expected Travel:  0 - 10%

Newtown Square, PA, US, 19073

Nearest Major Market: Philadelphia

Job Segment: Application Engineering, Engineer, SAP, ERP, Engineering, Security, Technology