Senior Product Security Engineer (f/m/d)
SAP SEBerlin DE 10557Vor 82 Tagen
HybridVollzeitSenior
Erforderliche Skills
JavaScriptTypeScriptKotlinJavaPythonOWASPNISTCISSANSCWEAzureAWSGCPCRESTOSCP
Nice-to-have
Threat modelingDevSecOpsPenetration testingIncident responseSecurity auditingVulnerability analysisSecure developmentAutomation
About the Company
At SAP, we keep it simple: you bring your best to us, and we'll bring out the best in you. We're builders touching over 20 industries and 80% of global commerce, and we need your unique talents to help shape what's next. The work is challenging – but it matters. You'll find a place where you can be yourself, prioritize your wellbeing, and truly belong. What's in it for you? Constant learning, skill growth, great benefits, and a team that wants you to grow and succeed.
Responsibilities
- Conducting secure requirements review, architecture and design review, threat modeling, secure code review, penetration testing, incident response
- Reviewing security scan findings to find patterns and collaborating with relevant stakeholders for resolution
- Performing analysis of complex vulnerability findings and collaborating across teams to develop and implement patches/solutions
- Providing consulting to cross-functional teams on security-related questions
- Supporting security audits and ensuring compliance to secure development lifecycle checkpoints
- Integrating secure development best practices throughout the development and deployment processes
- Collaborating on incident response efforts and monitoring product infrastructure security continuously
- Enhancing tools and processes by developing advanced/automated security solutions
- Assisting leadership in developing and tracking program metrics
- Contributing to the organization's security knowledge base
- Proactively researching security trends and recommending solution upgrades
- Providing support and guidance to junior team members
Requirements
- Minimum 8 years of industry experience with application security, secure code reviews, DevSecOps, and infrastructure security
- Experience with common vulnerability scanning tools and security frameworks (OWASP, NIST, CIS, SANS CWE)
- Experience with cloud security testing (e.g., Azure, AWS, GCP) and security testing of AI products
- Experience in performing/leading threat modeling sessions
- Knowledge of programming languages such as JavaScript/TypeScript, Kotlin, Java, Python
- Relevant security certifications (e.g., CREST CRT, CREST CPSA, OSCP, OSWE, CEH, CHFI)
- Fluent in spoken and written English
Benefits
- Competitive salary and benefits package
- Opportunities for career development and skill growth
- Flexible working models and focus on work-life balance
- Inclusive and diverse work environment
SAP SE
AnstellungVollzeit
ErfahrungSenior
ArbeitsmodellHybrid
StandortBerlin DE 10557
3 AufrufeRef: #19872
Sprachanforderungen
Deutsch
Englisch