Security Operations Engineering Lead

**What we offer**
**PURPOSE AND OBJECTIVES**
SAP Concur Security Operations is a central function that is responsible for ensuring SAP Concur's ability to maintain and improve our SOC Maturity Model, determine ongoing control and remediation requirements and monitor them to ensure remediation of security gaps. SAP Concur Security Operations further supports the line of business in developing threat hunting techniques for Service Organization Control (SOC) detections and investigations.
SAP Concur Security Operations is a global team with a follow-the-sun structure. It closely interacts with global and local functions in the areas of development and compliance, product development, audit support, incident management and other internal and external stakeholders. Members of the Security Operations team will utilize a threat-based security approach focused on known and active adversarial behaviors.
- Live your virtue as a problem solver for complex issues and security requirements
- Be a functional lead and drive internal projects
- Be part of a global and diverse team
- Work in an operations and security function (incident management and data loss prevention)
- Learn about security and compliance aspects of all of SAP Concur's products
- Learn how SAP Concur is dealing with third party products and build-in's
- Obtain insights to risk management and respective mitigation
- Broaden your network within security and other functions such as development
- Have fun
**EXPECTATIONS AND TASKS**
- Lead incidents of local, regional, and global scales, setting goals and prioritizing tasks
- Is part of a 24/7 follow-the-sun organization
- Drives continuous improvement and increases efficiency through standardization and automation
- Work independently and with management on highly visible, complex projects
- Contributes to major, global scale incidents by conducting root cause analysis and writing summaries or reports
- Maintain excellent collaboration with internal and external key stakeholders
- Establish and perform knowledge management activities, such as lessons learned, knowledge-based articles, and trainings
- Designs, implement and verify new detection mechanisms
- Conduct investigations and forensics on internal and cloud assets
- Support other SAP Concur teams in their day-to-day business activities
**EDUCATION AND QUALIFICATIONS / SKILLS AND COMPETENCIES**
Bachelor/ master's degree in information systems engineering, computer science, cybersecurity, software development or equivalent similar education
One or more security certifications (e.g. Security+, GCIA, GCIH, CISSP)
**Required skills**
- Experience in the area of creation and maintenance of detection use cases, designing mitigation playbooks, and security event monitoring
- Experience managing cases with enterprise SIEM or Incident Management systems (Information Security, Information Systems, Engineering or related work experience)
- Good knowledge of one or more of the following: Windows/AD file system, registry functions and memory artifacts, Unix/Linux file systems and memory artifacts, Mac file systems and memory artifacts, Cybersecurity automation, Security Information and Event Management (SIEM) tools (Splunk, Fortinet, Skybox, Gigamon, Akamai, Thales, Nexpose, Tenable, Tanium, Sophos, clamAV, Device42)
- Knowledge of Advanced Persistent Threat (APT) actors; their tools, techniques, and procedures (TTPs),
- Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, solution orientation, and to learn and adapt quickly
- Able to explain complex issues in layman terms
- High quality awareness and process-oriented thinking and acting
- Willingness and ability to work in a security function
- Ability to work as an individual contributor and closely collaborate across, organizations, teams and cultures
- Fluent Business English is a must
**Preferred skills**
- Experience in network security and network systems including LANs/WANs/VPNs/Firewalls and IDS's
- Experience with one or more scripting languages (Powershell, Python, Bash, etc.)
- Experience in Data Loss Prevention (DLP)
- International working experience
**WORK EXPERIENCE**
Solid professional experience; experience in high-tech industry closely related to security operations as well as experience in critical incident management
**We are SAP**
**Our inclusion promise**
SAP's culture of inclusion, focus on health and well-being, and flexible working models help ensure that everyone - regardless of background - feels included and can run at their best. At SAP, we believe we are made stronger by the unique capabilities and qualities that each person brings to our company, and we invest in our employees to inspire confidence and help everyone realize their full potential. We ultimately believe in unleashing all talent and creating a better and more equitable world.
EOE AA M/F/Vet/Disability:
Qualified applicants will receive conside

---