SAP started in 1972 as a team of five colleagues with a desire to do something new. Together, they changed enterprise software and reinvented how business was done. Today, as a market leader in enterprise application software, we remain true to our roots. That's why we engineer solutions to fuel innovation, foster equality and spread opportunity for our employees and customers across borders and cultures.
SAP values the entrepreneurial spirit, fostering creativity and building lasting relationships with our employees. We know that a diverse and inclusive workforce keeps us competitive and provides opportunities for all. We believe that together we can transform industries, grow economics, lift up societies and sustain our environment. Because it's the best-run businesses that make the world run better and improve people's lives.
Application Security Architect
Designing and maintaining software security in an agile and platform-oriented environment is an exciting challenge: your mission is to ensure best-in-class security and data protection for Concur and its customers while enabling fast-paced innovation on Concur SaaS and mobile solutions.
The Application Security Architect will need to have:
Development background particularly building enterprise applications
Demonstrated working knowledge of securing applications in AWS
Experience identifying security flaws in current code /architecture and provide remediation solutions. For example, educate and design framework-level protection for OWASP top 10 risks (e.g CSRF/XSS etc).
Proficiency auditing object-oriented languages for vulnerabilities
Experience threat modeling at scale - both architecture and applications
Experience securing REST services
Hands-on leadership and own overall application security architecture design for Concur's SaaS-based financial services SaaS product.
Willingness to serve as lead or technical expert to define and maintain the architectural frameworks/patterns, processes, standards and guidelines related to systems, business or data architecture.
Technical and architectural subject matter expertise to provide to the various development teams including communicating architectural decisions and mentoring other technical staff around the various development technologies and decisions.
Ability to oversee multiple projects in order to preserve the architectural vision and protect stakeholder interests as well as to meet operational and financial reporting requirements
Experience translating threats and business risk to R&D and executive leadership
Dedication to keep current by researching security standards and best practices, security monitoring systems, encryption technologies, authentication protocols etc.
Ability to recognize and address antipatterns at scale
Create performance metrics and traceability maps for AppSec governance at scale
Deep understanding of the SaaS domain from a security perspective: ASP.NET/Java
Related field or 10+ years of experience in information security (including 5+ years in application security and prior experience as an application/platform developer).
Both deep and broad technical knowledge across a range of security areas. Proven expertise leading application security architecture and secure application development.
Industry standard certifications, including one or more of the following: CISSP, CISA, CCSP etc.
Strong knowledge of information security standards (PCI, FISMA, ISO 27034)
Strong verbal and written communication skills. Be a strong people leader - must be able to lead the and influence cross-functional leaders and executives
What do you need to bring?
* A four-year degree in computer science or information security and/or experience in an application security engineer position. * Analytical skills - identify and define problems; determine root causes; provide remediation guidance. * Work Ethic - Efficiently organize and prioritize work. Follow detailed procedures and ensure accuracy in documentation and data. * Teamwork - solicit ideas and opinions of other team members in an international environment. * Willingness to earn one of the following certifications: GIAC, CSSLP, CISSP * Ability to perform outside of normal working hours in the event of a security incident.
SAP'S DIVERSITY COMMITMENT
To harness the power of innovation, SAP invests in the development of its diverse employees. We aspire to leverage the qualities and appreciate the unique competencies that each person brings to the company.
SAP is committed to the principles of Equal Employment Opportunity and to providing reasonable accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with SAP and are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team (Americas: Careers.NorthAmerica@sap.com or Careers.LatinAmerica@sap.com, APJ: Careers.APJ@sap.com, EMEA: Careers@sap.com). Requests for reasonable accommodation will be considered on a case-by-case basis.
EOE AA M/F/Vet/Disability:
Qualified applicants will receive consideration for employment without regard to their age, race, religion, national origin, gender, sexual orientation, gender identity, protected veteran status or disability.