Summary
SAP HCM Cloud is looking for a seasoned Operation Security Engineer/Architect with strong DevOps engineering background and extensive infrastructure security experience to help with DevOps security initiatives and implement best practices in the areas of infrastructure, network security, cloud operation. The engineer will be part of the Operation Security team under Cloud Operation office and work closely with the CTO office chief architects, Compliance, and Engineering teams. The engineer needs to work independently as well as integrated into a scrum team in lean DevOps culture to introduce and execute DevSecOps best practices, make decisions based on risk analysis, create and enforce security policy.
The Role:
Be part of a cross organizational team responsible for designing and promoting secure by default architecture and development practices.Applying Security-as-Code principles across the board to improve security of the entire product suite & provide training, mentoring, and best practices to the operation and development teams.Develop primarily on automating security principles and checkpoints into the CI/CD pipeline and containerization process.Execute security operation control to respond to and mitigate security incidents.Quick response to new and emerging security threats and vulnerabilities, investigate suspected attacks and help manage security incidents including providing post-mortem analysis, identify causes, develop solutions and preventive measures.Collaborate effectively with other teams including architects, Risk Management, Compliance and product development teams to implement best practices, remediate vulnerabilities, educate employees, and keep the customer data safe
Requirements
• Expert experience with all aspects of security in SaaS application and API driven technical stack
• 6+ years of hands-on experience with infrastructure and application-level security in a production environment and public cloud experience. Container and SaaS enterprise software experience is a must.
• Hands-on experience with major DevOps tools and technologies ,working experience with secure docker image.Solid understanding PKI, Key Management, Encryption as a Service, Oauth, etc.
• Expert knowledge and practice with multiple public clouds
• Strong Linux administration and network experience,hands-on Python development
• Experience in requirements identification, solution analysis/testing, and product selection
• Vendor solution evaluation and management experience