Developer / Senior Developer (f/m): Security Code Scan Team - SAP Stellenangebot

Unternehmen: SAP
Vertragsart: Unbefristet - Vollzeit
Standort: Walldorf/St. Leon-Rot - Deutschland

• Bewerben Sie sich auf: Developer / Senior Developer (f/m): Security Code Scan Team

PURPOSE AND OBJECTIVES
The Security Code Scan Team is part of the TIP Governance team. It is responsible for defining the tool infrastructure and processes of security code scans of SAP products. Security code scans are an important automated test method to ensure SAP products are secure. The Security Code Scan Team has the goal to ensure that 100% of our source code is regularly scanned, and also to increase the number of PIL product standard security requirements which are covered by source code scans.

The Security Code Scan Team defines and drives implementation into the standard development infrastructure. These are the parts needed to run the security code scans and to support the steps of analyzing and fixing as part of a secure development lifecycle.
It also drives the development of internal security code scan tools as well as the selection of best suited 3rd party tools and manages the relationship to the tool vendors.
The Security Code Scan Team supports development groups in running automated scans and consults them in how-to handle the results.

The Security Code Scan Team works in close cooperation with the Product Standard Security Team and the Product Security Response Team.

As a member of the overall team, you will contribute to the SAP's security goals on a global scale.

EXPECTATIONS AND TASKS
* Roll-out processes and infrastructure for security code scans in development and support organization
* Coordinate and support pilot code scanning projects
* Consult and support development projects and maintenance groups executing security code scans
* Gather requirements for security code scanning tools and infrastructure and drive implementation, for example create reporting infrastructure and connect the SAP bugtracking system to Fortify tools
* Develop and improve mapping of test rules used in code scan to requirements of PIL Product Standard Security
* Perform conception work, for example, on key performance indicators, and on additional security assurance measures for on premise, on demand and on device software.
* Review security test case specifications with the goal of automation; contribute test tool strategy
* Engage with stakeholders (e.g. development groups, operation, production teams) to ensure successful security code scans as part of secure software development lifecycle
* Align the security code scans with other security assurance measures driven by other teams, like black box scanning, security scanning for binaries, and manual code reviews
* Manage relation to 3rd party tool providers for security code scans

WORK EXPERIENCE
* 3+ years of experience in development, support or other work areas related to secure development lifecycle

EDUCATION AND QUALIFICATIONS/SKILLS AND COMPETENCIES
* Bachelor or master degree in computer science, information systems, or a related discipline like mathematics, natural sciences
* Very good English oral and written communication and presentation skills (good German communication skills are an asset)
* Strong analytical and coordination skills
* Hands-on experience in one or more of the development environments or languages used at SAP (especially: ABAP(TM), Java, C, JavaScript, C#, .net, Flash, and JavaServer Pages (JSP), SAP BusinessObjects(TM) environment)
* Knowledge of SAP products or SAP BusinessObjects(TM) portfolio of solutions, as well as development and quality management processes (for example, product innovation lifecycle) is a benefit
* Ability to express and drive the resolution of technical problems effectively
* Strong appetite to continuously work on new technologies and topics
* Customer focused and a team player
* Hacker mindset is of advantage but not required , high motivation to acquire security know-how is required