Senior Application Security Engineer

Do you want to be part of a new, fast-growing global company delivering the next generation of software solutions for the financial services industry?

As a spin-off from SAP (a market leader in enterprise application software), SAP Fioneer builds on a heritage of outstanding technology and a deep understanding of corporate and consumer demands. This gives us a head start to bring financial services to the next level with innovative software solutions and platforms. We help financial services businesses achieve speed, scalability, and cost efficiency through digital business innovation, cloud technology, and solutions that cover banking and insurance processes end-to-end.

SAP Fioneer is a global company with subsidiaries in Germany, Austria, Switzerland, the UK, UAE, Canada, the US, Brazil, Mexico, Japan, Australia, India, and Singapore. Our rapid growth, great team and lean organization make SAP Fioneer a great place to accelerate your career!

About the role

After an extensive onboarding period, you will work with a focus on cybersecurity topics of software products and services build with e.g. SpringBoot, Kotlin, React, SAP Fiori, and deepen your skills and experiences. You will also have the chance to gain further experiences in functional and technical security topics within our solution portfolio in an agile environment.

The role is located in the central Application Security Team of SAP Fioneer, which enables and supports application security excellence in product development teams.

• You will work in different phases of our Secure Development Lifecycle based on your skills and ambitions
• You are responsible for enabling and supporting software engineering teams to apply state-of-the-art software security techniques

Requirements

Requirements:

• Bachelor or Master’s degree in Computer Science, IT Security or similar degree
• 3-5 years of work experience in the field
• Familiar with the OWASP Top 10 Vulnerabilities and the knowledge how to prevent them
• Familiar with CVSS Rankings and Secure Development Lifecycle
• Experience in Manual Secure Code Reviews for Java and JavaScript
• Experience in Automated Security Testing with static/dynamic security testing tools (SAST/DAST) (e.g., with the tools Snyk and Burp)
• Know How in Secure Software Architecture
• Experience in Penetration Testing is beneficial
• Initial professional experience of DevSecOps (e.g., Pipelines with GitHub Actions or Jenkins) is beneficial
• Excellent communication and people-focused skills
• Eager to learn and improve your cloud application security skills
• Fluent in English and open to other cultures and ideas

Benefits

Our employee benefits package includes a gym membership, generous 27 days of paid time off, a flexible work and time environment, access to internal and external training opportunities, thoughtful anniversary and birthday gifts, the option to select equipment according to personal preference, and a dedicated work phone. We prioritize your well-being and professional development