Job Position ID:  9533

Senior Security Expert

Location: 

Wrocław, PL

Employment Type:  Full Time
Work Model:  Hybrid

Who we are

NEXONTIS has one simple goal: We help our clients become more efficient. We believe, that every business can perform better, regardless of its size or industry. With our high-end SAP solutions for Performance Management, Sustainability and Accounting, we enable our customers around the world to operate profitably, adapt continuously, and make a difference.

What you will do​

 

As a Senior Security Expert, you will play an essential role in ensuring the security of our multi-tenant cloud product. You will focus on product security, work proactively with DevOps Engineers, Developers, QA Engineers, System Analysts, and Project Managers to integrate robust security measures, and ensure a secure product lifecycle. Your role will involve hands-on security assessments, implementing automated security tools, and representing product security both within the organization and externally.

 

Key Responsibilities:

  • Threat Modeling, Risk Assessment, and Security Requirements:
    • Conduct threat modeling and risk assessments to identify and prioritize vulnerabilities in our multi-tenant cloud environment as well as set security requirements from the start of the development lifecycle.
  • Security Testing and Vulnerability Management:
    • Lead static (SAST) and dynamic (DAST) application security testing, as well as SAP-initiated validations like penetration tests to ensure vulnerabilities are remediated prior to deployment.
    • Oversee the integration and maintenance of security tools (e.g., Mend, Checkmarx) in CI/CD pipelines, manage ticket processing for vulnerabilities and drive continuous automation in security testing.
  • Integration of Security in the Development Lifecycle (SDLC):
    • Embed security throughout the SDLC, enforce secure coding standards and collaborate with DevSecOps to integrate automated security checks.
    • Drive the setup and integration of additional security checks (e.g., Docker binary scans) within development pipelines to ensure comprehensive product security.
  • Identity and Access Management (IAM):
    • Implement identity and access management (IAM) policies, enforce least privilege principles, and manage role-based access control (RBAC) with DevOps to secure multi-tenant environments.
  • Security Policy Development and Enforcement:
    • Develop, document, and enforce security policies and standards, while integrating best practices across the product lifecycle.
    • Regularly review and adjust policies to align with the latest security threats and industry as well as SAP standards.
  • External Representation and Product Security Advocacy:
    • Represent product security in interactions with SAP and external stakeholders, while leveraging expertise in cloud security to address challenges and drive innovation, including initiatives like Zero Trust Architecture.
    • Develop an in-depth understanding of the product’s architecture and infrastructure to provide comprehensive security insights.
    • Conduct regular security training for development and operations teams, promoting secure coding and a security-first culture.
    • Keep teams updated on emerging threats, vulnerabilities, and best practices.

 

What we are looking for​

Requirements​

  • Minimum 7 years of proven experience in cloud product security, ideally with exposure to SAP BTP or similar platforms.
  • Strong technical expertise in security assessments, penetration testing, threat modeling, and managing product security response processes.
  • Hands-on experience with security scanning tools (e.g Mend, Checkmarx) along with SAST/DAST testing capabilities and familiarity with Docker and binary scanning tools.
  • Knowledge of security frameworks (like OWASP).
  • Demonstrated ability to lead initiatives and drive continuous security improvements in a collaborative environment.
  • Strong communication and collaboration skills to work effectively with DevOps, DevSecOps, compliance as well as  engineering teams.
  • A proactive, hands-on approach to security with the ability to advocate for security best practices at all levels.
  • Fluency in English, written and spoken.

 

What we offer​

  • A place where individuals are equally valued and where diversity and cultural differences are cherished.
  • A global team of highly respected SAP and industry experts where you can make a difference.
  • Competitive salaries and a broad range of benefits (Company Bike, Employee Wellbeing Benefits, New Office Space...)

NEXONTIS is an Equal Opportunity Employer. Equal Employment Opportunity has been, and will continue to be, a fundamental principle for us. At the heart of this policy is our commitment that we make job related decisions based on the job related criteria. More specifically, employment is based on personal capabilities and qualifications without discrimination based on race, color, religion, sex, age, national origin, disability, sexual orientation, marital status, ancestry, veteran status or any other protected characteristic as established by law. These principles are to be applied to policies and procedures relating to recruitment and hiring, compensation, benefits, termination and all other terms and conditions of employment.