Senior Security Expert

What you will do​

As a Senior Security Expert, you will play an essential role in ensuring the security of our multi-tenant cloud product. You will focus on product security, work proactively with DevOps Engineers, Developers, QA Engineers, System Analysts, and Project Managers to integrate robust security measures, and ensure a secure product lifecycle. Your role will involve hands-on security assessments, implementing automated security tools, and representing product security both within the organization and externally.

Key Responsibilities:

• Threat Modeling, Risk Assessment, and Security Requirements:
  • Conduct threat modeling and risk assessments to identify and prioritize vulnerabilities in our multi-tenant cloud environment as well as set security requirements from the start of the development lifecycle.
• Security Testing and Vulnerability Management:
  • Lead static (SAST) and dynamic (DAST) application security testing, as well as SAP-initiated validations like penetration tests to ensure vulnerabilities are remediated prior to deployment.
  • Oversee the integration and maintenance of security tools (e.g., Mend, Checkmarx) in CI/CD pipelines, manage ticket processing for vulnerabilities and drive continuous automation in security testing.
• Integration of Security in the Development Lifecycle (SDLC):
  • Embed security throughout the SDLC, enforce secure coding standards and collaborate with DevSecOps to integrate automated security checks.
  • Drive the setup and integration of additional security checks (e.g., Docker binary scans) within development pipelines to ensure comprehensive product security.
• Identity and Access Management (IAM):
  • Implement identity and access management (IAM) policies, enforce least privilege principles, and manage role-based access control (RBAC) with DevOps to secure multi-tenant environments.
• Security Policy Development and Enforcement:
  • Develop, document, and enforce security policies and standards, while integrating best practices across the product lifecycle.
  • Regularly review and adjust policies to align with the latest security threats and industry as well as SAP standards.
• External Representation and Product Security Advocacy:
  • Represent product security in interactions with SAP and external stakeholders, while leveraging expertise in cloud security to address challenges and drive innovation, including initiatives like Zero Trust Architecture.
  • Develop an in-depth understanding of the product’s architecture and infrastructure to provide comprehensive security insights.
  • Conduct regular security training for development and operations teams, promoting secure coding and a security-first culture.
  • Keep teams updated on emerging threats, vulnerabilities, and best practices.

What we are looking for​

​

Requirements​

• Minimum 7 years of proven experience in cloud product security, ideally with exposure to SAP BTP or similar platforms.
• Strong technical expertise in security assessments, penetration testing, threat modeling, and managing product security response processes.
• Hands-on experience with security scanning tools (e.g Mend, Checkmarx) along with SAST/DAST testing capabilities and familiarity with Docker and binary scanning tools.
• Knowledge of security frameworks (like OWASP).
• Demonstrated ability to lead initiatives and drive continuous security improvements in a collaborative environment.
• Strong communication and collaboration skills to work effectively with DevOps, DevSecOps, compliance as well as  engineering teams.
• A proactive, hands-on approach to security with the ability to advocate for security best practices at all levels.
• Fluency in English, written and spoken.

What we offer​

• A place where individuals are equally valued and where diversity and cultural differences are cherished.
• A global team of highly respected SAP and industry experts where you can make a difference.
• Competitive salaries and a broad range of benefits (Company Bike, Employee Wellbeing Benefits, New Office Space...)