Address
Form of work Minimum of 3-5 years experience in the areas of SAP vulnerability scanning, security event management and penetration testing
Deep technical knowledge in Threat Modelling and IT Risk Assessment projects
Deep technical knowledge of security vulnerabilities & exploitation techniques
Experience working with SAP application vulnerability scanners such as Onapsis, SecurityBridge etc
Knowledge and experience of running network and Interface vulnerability scanners
Hands-on experience in validating vulnerability scan reports and prepare reports with recommendations for remediation
Deep understanding on Static Code Analysis and Dynamic Application Security Testing
Experience in running SAP ABAP custom code analysis using tools such as Onapsis Control for Code, SecurityBridge, SAP Code Vulnerability Analyzer etc.,
Experience in validating code analysis reports and prepare reports with recommendations for remediation
Experience in analyzing security alerts and events, and reporting the findings
Deep understanding of SAP patch Management
Deep Understanding of OWASP Top 10 Security Vulnerabilities such as SQL Injections, Broken Access Controls, Security Misconfiguration etc.
Understanding of leading vulnerability scoring standards, such as CVSS, and ability to translate vulnerability severity as security risk
Knowledge on Cyber Security Frameworks such as NIST, ISO 27001 etc.,
Possession of excellent oral and written communication skill
Experience with incident management, problem management, change management process
Experience in SAP ABAP is highly preferred
Experience in SAP Security
Experience with application monitoring, Managed Services business, Threat and Vulnerability Management for Application infrastructure, SAP ABAP code scanning
Solid and demonstrable comprehension of Information Security including OWASP/SANS, Security Test Case development (or mis-use case), emerging threats, attacks, and Vulnerability Management
Understanding of security essentials including, networking concepts, defense strategies, and current security technologies
Ability to research and characterize security threats to include identification and classification of application related threat indicators
Certification such as SANS Secure Coding, Security Engineering, Web Application Security, ISC2
CSSLP, CEH (Certified Ethical Hacker), CISSP etc. are preferred
