Security Operations Analyst

**What we offer**

**PURPOSE AND OBJECTIVES**
SAP Concur Security Operations is a central function that is responsible for ensuring SAP Concur’s ability to maintain and improve our SOC Maturity Model, determine ongoing control and remediation requirements and monitor them to ensure remediation of security gaps. SAP Concur Security Operations further supports the line of business in developing threat hunting techniques for Service Organization Control (SOC) detections and investigations.
SAP Concur Security Operations is a global team with a follow-the-sun structure. It closely interacts with global and local functions in the areas of development and compliance, product development, audit support, incident management and other internal and external stakeholders. Members of the Security Operations team will utilize a threat-based security approach focused on known and active adversarial behaviors.
- Live your virtue as problem solver for complex issues and legal requirements
- Be a key driver of internal projects
- Be part of a global and diverse team
- Work in an operations and security function (incident management and data loss prevention)
- Learn about security and compliance aspects of all of SAP Concur’s products
- Learn how SAP Concur is dealing with third party products and build-in’s
- Obtain insights to risk management and respective mitigation
- Broaden your network within security and other functions such as development
- Have fun and experience cybersecurity beyond your profession
**EXPECTATIONS AND TASKS**
- Support incidents of local, regional, and global scales, accomplishing goals and prioritizing tasks
- Is part of a 24/7 follow-the-sun organization
- Supports continuous improvement and increases efficiency through standardization and automation
- Work with management on highly visible, complex projects
- Perform service organizational control (SOC) and incident response (IR) duties
- Maintain excellent collaboration with internal and external key stakeholders
- Establish and perform knowledge management activities, such as lessons learned, knowledge-based articles, and trainings
- Develop attack remediation strategies, and ensure communication and escalation of security activities to leadership
- Conduct firewall and proxy reviews, bot detection and WAF, support of internal and external audits, controls alignment, and PIM support
- Be responsible for development of incident handling processes, standard operating procedures, playbooks and runbooks as well as detection queries
**EDUCATION AND QUALIFICATIONS / SKILLS AND COMPETENCIES**
Bachelor’s degree in information systems engineering, computer science, cybersecurity, software development or equivalent similar education/hands on experience
**Required skills**
- Working knowledge of SIEM tools, such as (but not limited to) Splunk, Tanium, Device42
- Knowledge of one or more of the following: Windows/AD file system, registry functions and memory artifacts, Unix/Linux file systems and memory artifacts, Mac file systems and memory artifacts, or cybersecurity automation
- Knowledge of Advanced Persistent Threat (APT) actors; their tools, techniques, and procedures (TTPs),
Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, solution orientation, and to learn and adapt quickly.
- Able to explain complex issues in layman terms
- Willingness and ability to work in a security function
- Ability to work as an individual contributor and closely collaborate across, organizations, teams and cultures
- Fluent Business English is a must
**Preferred skills**
- Experience working in a 24/7 operational environment (Cyber Intelligence Fusion Center, SOC, NOC, Operations Center)
- Experience in Data Loss Prevention (DLP)
- Experience in network security and network systems including LANs/WANs/VPNs/Firewalls and IDS’s
- One or more security certifications (e.g. Security+, GCIA, GCIH, CISSP)
- International working experience
**WORK EXPERIENCE**
Relevant professional experience; experience in high-tech industry closely related to security operations as well as experience in critical incident management

LI-Remote

**We are SAP**

**Our inclusion promise**
SAP’s culture of inclusion, focus on health and well-being, and flexible working models help ensure that everyone - regardless of background - feels included and can run at their best. At SAP, we believe we are made stronger by the unique capabilities and qualities that each person brings to our company, and we invest in our employees to inspire confidence and help everyone realize their full potential. We ultimately believe in unleashing all talent and creating a better and more equitable world.

EOE AA M/F/Vet/Disability:
Qualified applicants will receive consideration for employment without regard to their age, race, religion, national origin, ethnicity, age, gender (including pregnancy, childbirth, et al), sexual orientation, gender identity