Requisition ID: 264123 Work Area: Software-Design and Development Expected Travel: 0 - 10% Career Status: Professional Employment Type: Regular Full Time
SAP started in 1972 as a team of five colleagues with a desire to do something new. Together, they changed enterprise software and reinvented how business was done. Today, as a market leader in enterprise application software, we remain true to our roots. That's why we engineer solutions to fuel innovation, foster equality and spread opportunity for our employees and customers across borders and cultures.
SAP values the entrepreneurial spirit, fostering creativity and building lasting relationships with our employees. We know that a diverse and inclusive workforce keeps us competitive and provides opportunities for all. We believe that together we can transform industries, grow economics, lift up societies and sustain our environment. Because it's the best-run businesses that make the world run better and improve people's lives.
Are you passionate about raising the bar on enterprise application security?
Do you find collaborating with developers to jointly solve hard problems fulfilling?
If so, we'd love to meet you!
As the Application Security Engineer at Ariba, you will lead the effort to secure the world's #1 cloud procurement platform. You and team of security architects will set the direction and coordinate efforts across the Ariba applications and platform on all security topics. You will also closely coordinate with your peers in the other SAP cloud businesses and the central security team to help develop the overall strategy and ensure Ariba is aligned to it.
Ariba is looking for a security Engineer to lead key efforts on the Ariba OnDemand platform, its software stack, and the underlying infrastructure. You should have a passion for security principles, architecture, have strong software development experience using java-based technologies and components, have knowledge of web Servers and secure infrastructure, and have the ability to understand complex Legacy systems and adapt them to modern technologies and principals. You will have ownership of solution designs, implementations, testing, and delivery with high quality.
Define product architecture from a security perspective together with implementation team(s), drive alignment of architecture concepts and ensures documentation in architecture concept document(s). Contribute to the aligned and consistent architecture strategy and/or target architecture of product line, product family, or a specific cross-product architecture subject (eg user interface strategy, platform strategy). Evaluates architecture and security risks and estimates effort for business case or backlog item, prepares management decisions on these topics Translates business and product requirements into technical requirements, models and software architecture Identifies opportunities for reuse of architecture concepts or software parts and cross-team synergies Supports and advices product owner by ensuring technical and architectural feasibility, readiness, and compliance Coaches and advises implementation team(s) on all aspects of security Proposes improvements and innovations for implementing a product but also in development processes and methodologies Develop, perform, and analyze vulnerability assessments and penetration tests using generally accepted tools, and recommend remediations.
Bachelor's degree in Computer Science or related discipline with 10+ years professional experience in Information Security 5+ Years professional experience is development and engineering of security services Experience with Secure SDLC, Governance, and Compliance for PCI,FedRAMP, IRAP Ability to work in an agile development environment and capable of working effectively in cross-cultural global teams Excellent writing, communication, and presentation skills Strong analytical skills, results-oriented, customer-oriented attitude, good strategic and conceptual thinking skills Strong hands-on experience with full-stack security assessment and threat modeling Strong hands-on experience with penetration testing across the full spectrum of technologies Expertise in vulnerability analysis (eg, design flaws, data-flow analysis, social engineering) Experience with full software development lifecycle, likes to champion secure-SDLC, comfortable working with SAST/DAST/SCA tools and committed to shift left strategy. Experience securing infrastructure in public cloud (eg AWS, Azure, Google Cloud) and cloud security/governance tools. Practical experience with creating a secure design process and DevSecOps-based CI/CD pipeline Ability to present complex information in a clear and appealing manner Experience in cloud-based SaaS applications
About SAP Ariba:
Ariba, an SAP Company makes business commerce as easy as consumer commerce. Every day, we help our customer find opportunities to cut costs, reduce risk, and grow revenue through better collaboration with trading partners. We enable the collaboration through the Ariba Network - a cloud-based community where you will find buying, selling, and managing cash to be as easy as using Amazon, eBay, and PayPal. We also host other online communities where business commerce professionals network and share information and best practices, just like friends on Facebook.
WHAT YOU GET FROM US
Success is what you make it. At SAP, we help you make it your own. A career at SAP can open many doors for you. If you're searching for a company that's dedicated to your ideas and individual growth, recognizes you for your unique contributions, fills you with a strong sense of purpose, and provides a fun, flexible and inclusive work environment - apply now .
SAP'S DIVERSITY COMMITMENT To harness the power of innovation, SAP invests in the development of its diverse employees. We aspire to leverage the qualities and appreciate the unique competencies that each person brings to the company.
SAP is committed to the principles of Equal Employment Opportunity and to providing reasonable accommodations to applicants with physical and/or mental disabilities. If you are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team (Americas: (see below) or (see below), APJ: (see below), EMEA: (see below) ).
Successful candidates might be required to undergo a background verification with an external vendor.