SAP Vulnerability Management Senior Analyst

Job Description:

Reporting to the SAP Security Senior Manager, the SAP Vulnerability Management Senior Analyst is responsible for securing the SAP systems that comprise the Enterprise Digital Core program, starting with the Shared Template, Corporate, and Petcare S/4HANA systems on RISE and the SAP BTP environment. Mars will be leveraging the Onapsis security platform as a core part of the SAP security and vulnerability management strategy. This role will be responsible for gathering SAP vulnerability management requirements, technical configurations in Onapsis and SAP, and integrations with Mars tools for enhanced monitoring, alerting, and reporting capabilities. They will then be responsible for running SAP application layer vulnerability scans to identify security configuration / access vulnerabilities, missing patches / notes, and code vulnerabilities. They will support the Transformation Anchor Plan by running scans and working with project stakeholders and system owners throughout the project lifecycle to identify and remediate vulnerabilities in the project landscape prior to systems going live. As more systems and functionality come into scope, this role will be expected to grow our SAP vulnerability capabilities by integrating additional systems, finetuning and setting up additional alerts, and conducting proofs of concept on additional capabilities and integrations. They will also be responsible for transitioning the vulnerability management work at each go-live to the managed service team to ensure that scanning and monitoring is operating effectively in the steady-state live environment in parallel to the ongoing project work.

• Minimum 3-5 years of technical experience in the areas of SAP application security, vulnerability scanning, patch management, code security, and security incident response.

• In-depth knowledge of core SAP application security concepts – role-based access control, IT controls, sensitive access and segregation of duties.

• Hands-on experience working with SAP cybersecurity, vulnerability management, and code scanning tools (e.g., SAP Enterprise Threat Detection, Onapsis).

• Strong communication skills and ability to prepare and present findings and recommendations, both written and verbally.

• Experience with data protection tools (e.g., SAP UI Masking) is a plus.

• SIEM tools and ServiceNow Vulnerability Response module experience is a plus.

• Work with our security implementation partner to configure Onapsis.

• Run vulnerability scans, evaluate results, review / validate results, and prepare and review findings and recommendations with stakeholders (e.g., Basis / Platform Team, Developers).

• Work with InfoSec team members on use cases to utilize SAP security event / alarm data to correlate with other security data.

• Research and stay current with latest SAP vulnerabilities.

• Conduct proofs of concept for additional Onapsis functionality.

• Lead knowledge transfer sessions to managed service / operations team.

• Work with diverse and talented Associates, all guided by the Five Principles.

• Join a purpose driven company, where we’re striving to build the world we want tomorrow, today.

• Best-in-class learning and development support from day one, including access to our in-house Mars University.

• An industry competitive salary and benefits package, including company bonus.

The base pay range for this position at commencement of employment is USD 285,003.00 - USD 391,879.00. The total compensation package for this position will include variable pay, medical and dental benefits, participation in a 401k plan, and paid time off benefits. Details of participation in these benefit plans will be provided if an applicant receives an offer of employment.