Application Security Manager

We help the world run better

At SAP, we enable you to bring out your best. Our company culture is focused on collaboration and a shared passion to help the world run better.

How? We focus every day on building the foundation for tomorrow and creating a workplace that embraces differences, values flexibility, and is aligned to our purpose-driven and future-focused work.

We offer a highly collaborative, caring team environment with a strong focus on learning and development, recognition for your individual contributions, and a variety of benefit options for you to choose from.

Summary :

Do you thrive in fast-paced environments and have a passion for securing applications? Are you a leader who can inspire and guide a team while navigating the ever-evolving threat landscape?

If so, then we want you on our team!

Come be a part of the Intelligent Spend and Business Network Product Security team charged with building the world’s largest digital business marketplace even stronger and resilient against cyber criminals.

We are seeking a seasoned Application Security Manager to join our team and play a pivotal role in securing our applications.

At SAP, we connect millions of companies operating in over 190 countries to buy and sell goods and services. Each year, our network facilitates the transaction trillions of dollars, and is a key player in the global supply chain.

Role Expectations :

As an Application Security Manager, you’ll play a key role in guiding the application security team to assist product teams in delivering secure software products.

Partnering with product teams to review upcoming features and helping with complex security concepts are just a few of the many ways we work to keep our business secure.

Additionally, you will...

Help Drive our Shift Left Journey : Guide the creation of visibility metrics, and refinement of automated security feedback that our Product Teams depend on.

Visibility and insights are a key part of our shift-left strategy and enable our product teams to know where their products stand regarding security posture.

Lend Software Security Expertise to Product Teams : Focusing as a Subject Matter Expert, you’ll get to deepen your knowledge of software while guiding teams to maintaining a world-class level of security.

You’ll have the backing of a top global company, and a network of talented and passionate engineers and leaders to support your success.

Collaborate with product development and solution teams proactively to manage software security risk aligned with business goals.

Analyze Risk and Recommend Action Plans : Your understanding of risk will be key in guiding product teams to strike the right balance between ease-of-use and security.

Teams will often look to you to help identify secure approaches to solving technical challenges.

Continuously Learn and Share Our Knowledge : With modern application technology moving at an ever-increasing speed, we’re looking for engineers that are passionate in continuing to develop their expertise in one or two of the many domains we consult on.

Key areas for specialization : Threat Modeling, Secure Code Review, DevSecOps Automation, Developer Education.

Role Requirements :

Background and Experience : Bachelor’s degree in Computer Science, Software Development, Information Security or related discipline with 5+ years professional experience 7+ years of experience in application security, with a focus on secure software development practices (OWASP Top 10, Secure Coding principles).

Strong Background in two of the following : Threat Modeling, SDLC Security, Secure Coding, Web Penetration Testing Prior experience working in environments with NIST 800-53, NIST 800-171 controls or FedRAMP requirements a plus

Software Development Knowledge Strong understanding of web application architectures, cloud platforms (AWS, Azure, GCP), and modern software development methodologies (Agile, CI / CD).

Knowledge of common software design patterns Experience with modern JavaScript frameworks and libraries (such as Angular, and React) a plus

General Security Knowledge Experience with securing Kubernetes clusters and containers Deep understanding of inherent weaknesses in web technology and protocols.

Before you can break a system, you must understand the system. Relevant industry certifications are good to have, such as CISSP, CCSP.

The ability to think like an attacker, up to date with the current web application threat landscape. Experience conducting manual security analysis of web applications for common and nuanced vulnerabilities.

For example... OWASP Top10 ) Knowledge of vulnerability chaining techniques in web applications to maximize impact of an attack and a basic understanding of encryption concepts.

Experience reviewing findings from automated software assessment tools (SAST, DAST, Open-Source Software Scanners) Strong understanding of web security concepts such as SOP, CORS, and CSP Strong understanding of Authentication & Authorization protocols.

Ability to support in external and internal audits and certifications of products (e.g., ISO 271001, SOC2 Type1 / Type 2, GxP, NIST, PCI DSS etc) Ability to Drive and ensure the compliance of all delivered projects to Security and Data Protection & Privacy guidelines.

Leadership and Communication Skills Prior experience managing and motivating a cybersecurity team Collaborate with engineering, product, and other stakeholders to identify and mitigate application vulnerabilities.

Should be comfortable leading working sessions around security review and enhancements. Develop and maintain security metrics to measure the effectiveness of the application security program.

Who you are.

We’re looking for someone who takes initiative, perseveres, and stays curious. You like to partner with technical staff and leaders to drive security forward and are energized by lifelong learning.

Bring out your best

SAP innovations help more than four hundred thousand customers worldwide work together more efficiently and use business insight more effectively.

Originally known for leadership in enterprise resource planning (ERP) software, SAP has evolved to become a market leader in end-to-end business application software and related services for database, analytics, intelligent technologies, and experience management.

As a cloud company with two hundred million users and more than one hundred thousand employees worldwide, we are purpose-driven and future-focused, with a highly collaborative team ethic and commitment to personal development.

Whether connecting global industries, people, or platforms, we help ensure every challenge gets the solution it deserves.

At SAP, you can bring out your best.