Senior Developer / Dev. Architect (f/m): Product Security Team - SAP Stellenangebot
Unternehmen: SAP
Vertragsart: Unbefristet - Vollzeit
Standort: Walldorf/St. Leon-Rot - Deutschland
PURPOSE AND OBJECTIVES
The Product Security Team is part of the Architecture Governance and Product Standards team. It owns the PIL Product Standard Security and the Product Security Response Process.
The Product Standard Security Team supports development groups in building secure products that represent a low risk and low security total cost of ownership for customers. It develops, promotes, and seeks continuous improvement of the security standard. This includes gathering customer feedback and evaluating the market requirements to ensure that the security standard always reflects the latest business, technological, and normative developments.
The team supports the SAP® security quality strategy with internal consulting, best practices, training offerings, test cases, roll out, and the standards integration into the PIL. The PIL Security Standard owner decides in the escalation process if development programs deviate from the security standard.
The Product Security Response Team is responsible for SAPs global security response process. The target is to ensure an appropriate handling of discovered security issues in SAP products. This includes to drive the communication with customers and other finders, and to perform a responsible disclosure of security vulnerabilities in our products for the good of our customers. In addition the processes to report, fix, and monitor security issues is defined and orchestrated. State-of-the-art processes protect SAPs reputation with regards to security vulnerability management.
As a member of the overall team, you will be responsible for supporting the SAPs security goals on a global scale.
EXPECTATIONS AND TASKS
* Coordinate the internal and external roll-out of the teams results
* Support Global Communication in external security roll out
* Communicate with and drive the worldwide security network with security researchers, customers, and our own support organization
* Provide internal consulting for secure planning and development, analyze product security architectures
* Validate claimed vulnerabilities, assess the risk using Common Vulnerability Scoring System (CVSS) and ensure adequate roll-out of security patches
* Provide reporting for different management levels
* Develop and improve the PIL Security Standard requirements for different target groups
* Make decisions in cases of deviations from the product standard or either prepare management to make decisions or advise development on solution strategy
* Support security projects in development and security research projects
* Perform conception work, for example, on key performance indicators, framework for external security assessments, security in Scrum, cloud computing, and software as a service
* Create security training, self tests and enhance the secure programming guides
* Create security test case specifications (target: code reviews, automation, and easy manual execution), contribute test tool strategy
* Work on legal security requirements
* Drive communication to align stakeholders
WORK EXPERIENCE
* 3+ years of experience in development, quality management, consulting, or support
TRAVEL
Occasionally
EDUCATION AND QUALIFICATIONS/SKILLS AND COMPETENCIES
* Bachelor or master degree in computer science, information systems, or a related discipline like mathematics, natural sciences
* Hacker mindset, security risk awareness and security know-how
* Very good English oral and written communication and presentation skills (good German communication skills are an asset)
* Strong analytical and coordination skills
* Proficiency of one or more of the development environments or languages used at SAP (ABAP(TM), Java, C, JavaScript, C#, .net, Flash, and JavaServer Pages (JSP), SAP BusinessObjects(TM) environment)
* Knowledge of SAP products or SAP BusinessObjects(TM) portfolio of solutions, as well as development and quality management processes (for example, product innovation lifecycle) is a benefit
* Ability to express and drive the resolution of technical problems effectively
* Strong appetite to continuously work on new technologies and topics
* Drive for quality, ability to define and execute security assurance strategy and security process
* Customer focused and a team player
Ähnliche Beiträge
- Developer / Senior Developer (f/m): Security Code Scan Team - SAP Stellenangebot
- Chief Product Security Officer (f/m) - SAP Stellenangebot
- Chief Product Security Officer (f/m) - SAP Stellenangebot
- Senior Dev./Architect (f/m):Identity Management&Platform Security Product Team - SAP Stellenangebot
- IT Security Specialist (f/m) - SAP Stellenangebot
