What you will do
As a Senior Security Expert, you will play an essential role in ensuring the security of our multi-tenant cloud product. You will focus on product security, work proactively with DevOps Engineers, Developers, QA Engineers, System Analysts, and Project Managers to integrate robust security measures, and ensure a secure product lifecycle. Your role will involve hands-on security assessments, implementing automated security tools, and representing product security both within the organization and externally.
Key Responsibilities:
* Threat Modeling, Risk Assessment, and Security Requirements:
o Conduct threat modeling and risk assessments to identify and prioritize vulnerabilities in our multi-tenant cloud environment as well as set security requirements from the start of the development lifecycle.
* Security Testing and Vulnerability Management:
o Lead static (SAST) and dynamic (DAST) application security testing, as well as SAP-initiated validations like penetration tests to ensure vulnerabilities are remediated prior to deployment.
o Oversee the integration and maintenance of security tools (e.g., Mend, Checkmarx) in CI/CD pipelines, manage ticket processing for vulnerabilities and drive continuous automation in security testing.
* Integration of Security in the Development Lifecycle (SDLC):
o Embed security throughout the SDLC, enforce secure coding standards and collaborate with DevSecOps to integrate automated security checks.
o Drive the setup and integration of additional security checks (e.g., Docker binary scans) within development pipelines to ensure comprehensive product security.
* Identity and Access Management (IAM):
o Implement identity and access management (IAM) policies, enforce least privilege principles, and manage role-based access control (RBAC) with DevOps to secure multi-tenant environments.
* Security Policy Development and Enforcement:
o Develop, document, and enforce security policies and standards, while integrating best practices across the product lifecycle.
o Regularly review and adjust policies to align with the latest security threats and industry as well as SAP standards.
* External Representation and Product Security Advocacy:
o Represent product security in interactions with SAP and external stakeholders, while leveraging expertise in cloud security to address challenges and drive innovation, including initiatives like Zero Trust Architecture.
o Develop an in-depth understanding of the product’s architecture and infrastructure to provide comprehensive security insights.
o Conduct regular security training for development and operations teams, promoting secure coding and a security-first culture.
o Keep teams updated on emerging threats, vulnerabilities, and best practices.
What we are looking for
Requirements
* Minimum 7 years of proven experience in cloud product security, ideally with exposure to SAP BTP or similar platforms.
* Strong technical expertise in security assessments, penetration testing, threat modeling, and managing product security response processes.
* Hands-on experience with security scanning tools (e.g Mend, Checkmarx) along with SAST/DAST testing capabilities and familiarity with Docker and binary scanning tools.
* Knowledge of security frameworks (like OWASP).
* Demonstrated ability to lead initiatives and drive continuous security improvements in a collaborative environment.
* Strong communication and collaboration skills to work effectively with DevOps, DevSecOps, compliance as well as engineering teams.
* A proactive, hands-on approach to security with the ability to advocate for security best practices at all levels.
* Fluency in English, written and spoken.
What we offer
* A place where individuals are equally valued and where diversity and cultural differences are cherished.
* A global team of highly respected SAP and industry experts where you can make a difference.
* Competitive salaries and a broad range of benefits (Company Bike, Employee Wellbeing Benefits, New Office Space...)