Information Technology

(Senior) Privileged Identity & Access Management (PIM/PAM) Architect/Engineer (f/m/d)

We help the world run better

Our company culture is focused on helping our employees enable innovation by building breakthroughs together. How? We focus every day on building the foundation for tomorrow and creating a workplace that embraces differences, values flexibility, and is aligned to our purpose-driven and future-focused work. We offer a highly collaborative, caring team environment with a strong focus on learning and development, recognition for your individual contributions, and a variety of benefit options for you to choose from. Apply now!


What you`ll do 
You will be driving the improvement and implementation of the new IAM/PAM security concept in Enterprise Cloud Services (ECS) and the entire IAM ecosystem of our Private Cloud in order to transform our security posture, drive seamless user experiences, and enabling our digital transformation. We are looking for a Senior Privileged Identity & Access Management Architect/Engineer to help us transform how we build & leverage technology solutions capabilities to manage Privileged Access across the business unit, with leading edge best practices.


The Role:
As a Senior Privileged Identity & Access Management Architect/Engineer you will plan and execute the delivery of Privileged Access Management (PAM) services that include health check assessments, strategy, and implementation engagements and you will improve PAM solutions to enforce applicable organization security policies and access management requirements.
You will report directly to ECS Chief Security Officer and you will lead and oversee the build, configuration, and architecture of one or more privileged access management platforms, such as CyberArk, Centrify, Beyond Trust and Thycotic, including integral technology components such as password vaulting, privileged session management, application to application authentication, SSH key management, etc. by working closely with our Defensive Architecture Lead.
As part of our culture, we are interested that you do continuous improvement utilizing Agile practices and delivering value, by partnering with product owners and architects to enable & optimize the delivery of prioritized work.
In the same time, you will provide technical guidance, leadership and direction ensuring accountability for engineering practices with a focus on secure devops, automated testing and threat modeling with operational effectiveness through automation, tool integration and left shifting.


What you bring 
•    Strong understanding and experience with the implementation and functionality of Privileged Access and Account Management systems and controls (on premise and Cloud)
•    Experience implementing at least one of the following PAM solutions – CyberArk, Centrify, BeyondTrust, Thycotic, preferably vendor certified
•    Experience with one or more general purpose programming languages including but not limited to: Python, JavaScript, Java, C/C++, C#, or Go
•    Expertise in platform security, administration and management, such as Microsoft Windows Server administration and/or Linux/UNIX system administration
•    At least 3 years of hands-on experience with IAM in Azure and AWS or GCP including architecture or strategy experience and overall hands-on experience in deploying complex solution architectures in Azure, AWS or GCP
•    Experience with designing and implementing MFA, SAML, RBAC solutions in Azure
•    Deep understanding of Cloud services interactions (e.g., API key exchange, roles, groups, entitlements)
•    Broad understanding of security principles and best practices (e.g., access control)


Meet your team 
Enterprise Cloud Services (ECS) is a business unit in the Product Engineering Board Area. Enterprise Cloud Services supports customers throughout their cloud transformation and SAP S/4HANA adoption journey. We run the Intelligent Enterprise so they can be an Intelligent Enterprise. Our portfolio of SAP HANA Enterprise Cloud  and SAP Cloud Application Services  turns SAP products into a solution-as-a-service on customer’s preferred infrastructure, including Hyperscalers, as one SAP. As ECS Security, we are responsible for securing the biggest private cloud in the world and drive our maturity to new heights.


 We build breakthroughs together

SAP innovations help more than 400,000 customers worldwide work together more efficiently and use business insight more effectively. Originally known for leadership in enterprise resource planning (ERP) software, SAP has evolved to become a market leader in end-to-end business application software and related services for database, analytics, intelligent technologies, and experience management. As a cloud company with 200 million users and more than 100,000 employees worldwide, we are purpose-driven and future-focused, with a highly collaborative team ethic and commitment to personal development. Whether connecting global industries, people, or platforms, we help ensure every challenge gets the solution it deserves. At SAP, we build breakthroughs, together.

We win with inclusion

SAP’s culture of inclusion, focus on health and well-being, and flexible working models help ensure that everyone – regardless of background – feels included and can run at their best. At SAP, we believe we are made stronger by the unique capabilities and qualities that each person brings to our company, and we invest in our employees to inspire confidence and help everyone realize their full potential. We ultimately believe in unleashing all talent and creating a better and more equitable world.
SAP is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to the values of Equal Employment Opportunity and provide accessibility accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with SAP and are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team:
For SAP employees: Only permanent roles are eligible for the SAP Employee Referral Program, according to the eligibility rules set in the SAP Referral Policy. Specific conditions may apply for roles in Vocational Training.

Requisition ID: 354980  | Work Area: Information Technology  | Expected Travel: 0 - 10%  | Career Status: Berufserfahren  | Employment Type: Vollzeit, unbefristet   | Additional Locations: #LI-Hybrid

Ausschreibungsnummer:  354980
Ausschreibungsdatum:  09.11.2022
Funktionsbereich:  Information Technology
Karrierestatus:  Berufserfahren
Anstellungsverhältis:  Vollzeit, unbefristet
Voraussichtliche Reisetätigkeit:  0 - 10%

St. Leon-Rot, DE, 68789

Job alert