29 applicants

Company

Original Job Post

SAP · 2 days ago

Application Security Manager

Reston, VA

Full-time

Hybrid

Senior Level

$159,900/hr - $367,000/hr

7+ years exp

Wonder how qualified you are to the job?

Maximize your interview chances

AnalyticsBusiness Intelligence

H1B Sponsorship

Growth Opportunities

Insider Connection @SAP

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Help Drive our Shift Left Journey: Guide the creation of visibility metrics, and refinement of automated security feedback that our Product Teams depend on. Visibility and insights are a key part of our shift-left strategy and enable our product teams to know where their products stand regarding security posture.

Lend Software Security Expertise to Product Teams: Focusing as a Subject Matter Expert, you’ll get to deepen your knowledge of software while guiding teams to maintaining a world-class level of security. You’ll have the backing of a top global company, and a network of talented and passionate engineers and leaders to support your success. Collaborate with product development and solution teams proactively to manage software security risk aligned with business goals.

Analyze Risk and Recommend Action Plans: Your understanding of risk will be key in guiding product teams to strike the right balance between ease-of-use and security. Teams will often look to you to help identify secure approaches to solving technical challenges.

Continuously Learn and Share Our Knowledge: With modern application technology moving at an ever-increasing speed, we’re looking for engineers that are passionate in continuing to develop their expertise in one or two of the many domains we consult on. Key areas for specialization: Threat Modeling, Secure Code Review, DevSecOps Automation, Developer Education.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Application SecuritySecure Software DevelopmentThreat ModelingSDLC SecurityWeb Penetration TestingNIST 800-53NIST 800-171FedRAMPWeb Application ArchitecturesCloud PlatformsAgileCI/CDSoftware Design PatternsKubernetesWeb Technology WeaknessesCISSPCCSPWeb Application Threat LandscapeManual Security AnalysisVulnerability ChainingEncryption ConceptsAutomated Software Assessment ToolsSASTDASTOpen-Source Software ScannersWeb Security ConceptsSOPCORSCSPAuthentication & Authorization Protocols

Required

Bachelor’s degree in Computer Science, Software Development, Information Security or related discipline with 5+ years professional experience

7+ years of experience in application security, with a focus on secure software development practices (OWASP Top 10, Secure Coding principles)

Strong Background in two of the following: Threat Modeling, SDLC Security, Secure Coding, Web Penetration Testing

Prior experience working in environments with NIST 800-53, NIST 800-171 controls or FedRAMP requirements a plus

Strong understanding of web application architectures, cloud platforms (AWS, Azure, GCP), and modern software development methodologies (Agile, CI/CD)

Knowledge of common software design patterns

Experience with securing Kubernetes clusters and containers

Deep understanding of inherent weaknesses in web technology and protocols

Relevant industry certifications are good to have, such as CISSP, CCSP

The ability to think like an attacker, up to date with the current web application threat landscape

Experience conducting manual security analysis of web applications for common and nuanced vulnerabilities (For example... OWASP Top10)

Knowledge of vulnerability chaining techniques in web applications to maximize impact of an attack and a basic understanding of encryption concepts

Experience reviewing findings from automated software assessment tools (SAST, DAST, Open-Source Software Scanners)

Strong understanding of web security concepts such as SOP, CORS, and CSP

Strong understanding of Authentication & Authorization protocols. Ability to support in external and internal audits and certifications of products (e.g., ISO 271001, SOC2 Type1/ Type 2, GxP, NIST, PCI DSS etc)

Ability to Drive and ensure the compliance of all delivered projects to Security and Data Protection & Privacy guidelines

Prior experience managing and motivating a cybersecurity team

Collaborate with engineering, product, and other stakeholders to identify and mitigate application vulnerabilities

Should be comfortable leading working sessions around security review and enhancements

Develop and maintain security metrics to measure the effectiveness of the application security program

Preferred

Experience with modern JavaScript frameworks and libraries (such as Angular, and React)

Benefits

Health and Well-being Programs

Flexible Working Models

Company

SAP

Glassdoor

4.3

SAP provides enterprise application software to various industries, including consumer, discrete manufacturing, public services.

Founded in 1972

Walldorf, Baden-Wurttemberg, DEU

10,001+ employees

https://www.sap.com

H1B Sponsorship

SAP has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Trends of Total Sponsorships

2023 (282)

2022 (322)

2021 (371)

2020 (465)