SAP - Herndon, VA
posted 20 days ago
Full-time - Mid Level
Herndon, VA
10,001+ employees
Publishing Industries
About the position
The Senior Security Compliance Engineer at SAP NS2 is responsible for enhancing the security posture of the organization by conducting assessments, monitoring compliance, and collaborating with various teams to address security vulnerabilities. This role requires a strong background in security assessments and remediation, as well as experience with cloud applications and security tools. The position emphasizes a proactive approach to security and compliance, ensuring that SAP NS2 meets the stringent requirements of U.S. national security and critical infrastructure customers.
Responsibilities
- Assist with various assessments via mock interviews, participation in assessment activities and collection of evidence
- Assist with Continuous Monitoring via review of scans, identification of vulnerabilities, tracking of remediation and interaction with various teams on recommended mitigation / remediation
- Providing a QA function for security components of product builds
- Leverage security tooling and reporting to ensure technical security findings are addressed and corrected
- Coordinate with Build and Operations teams to ensure security tooling and logging are in place
- Participate in overall security activities such as process improvement, ticket review and response
Requirements
- BS degree in Computer Science, MIS, Computer Engineering, or similar field, and 5-8+ years of technology experiences - or additional years of technology experiences in lieu of a BS degree
- 2+ years' experience with security assessments of various frameworks such as FedRAMP, SOC, HIPAA, and ISO
- 2+ years' experience with remediation of findings and vulnerabilities that are identified through assessment, scanning or penetration testing
- 2+ years' experience with Linux/Unix system administration, tools and architecture
- 2+ years' experience with cloud applications and cloud SaaS architecture (web/app/db) on a variety of hyperscalers (AWS/Azure/GCP)
Nice-to-haves
- 2+ years' experience implementing and operationalizing security tools across a variety of applications and hyperscalers
- Demonstrated experiences logging into Windows and Linux systems to pull audit evidence, and troubleshooting and remediating security findings
- Effective communication and collaboration skills - experience working with other teams and customers on security challenges, assessment readiness, Continuous Monitoring tooling, vulnerabilities and remediations
- Continuous learning mindset to stay current with the tools and the rapidly evolving cyber threat landscape
- Motivated with a positive attitude and a strong bias towards taking corrective action and providing resolutions
Benefits
- Health insurance
- Dental insurance
- Vision insurance
- 401k
- Paid holidays
- Flexible scheduling
- Professional development
- Employee discount programs
- Wellness programs
