Requisition ID: 237225
Work Area: Information Technology
Expected Travel: 0 - 10%
Career Status: Professional
Employment Type: Regular Full Time
Career Level: T3
Hiring Manager: Richard Puckett
Recruiter Name: Maxx Snow
SAP started in 1972 as a team of five colleagues with a desire to do something new. Together, they changed enterprise software and reinvented how business was done. Today, as a market leader in enterprise application software, we remain true to our roots. Thats why we engineer solutions to fuel innovation, foster equality and spread opportunity for our employees and customers across borders and cultures.
SAP values the entrepreneurial spirit, fostering creativity and building lasting relationships with our employees. We know that a diverse and inclusive workforce keeps us competitive and provides opportunities for all. We believe that together we can transform industries, grow economics, lift up societies and sustain our environment. Because its the best-run businesses that make the world run better and improve peoples lives.
Lead Incident Responder
PURPOSE AND OBJECTIVES
An SAP Lead Incident Responder is a crucial front-line defender, leader of SAP’s digital enterprise. Our Incident Handlers are responsible for triaging critical security events detected by security monitoring operations, analyzing all available data to determine if a cyber-attack is occurring, scoping the extent of a suspected attack, coordinating efforts to contain attacks, and conducting forensic investigation to determine the details around the attack.
EXPECTATIONS AND TASKS
• Provide leadership, mentoring, and training to Cyber Fusion Team personnel and to other SAP stakeholders and the SAP Global Security Team.
• Performs IR leadership duties as a part of a 24/7 cyber incident watch team
• Performs attack scope and root cause analyses
• Develops attack remediation strategies
• Ensures communication and escalation of security activities to leadership
• Performs additional analysis of escalations from Incident Analysts and conducts case review
• Identifies and develops workflow automation to lower response time and eliminate lengthy response times
• Development of incident handling processes, standard operating procedures, playbooks and runbooks
• Provides onboarding training and coaching to for junior incident response analysts
• Support FISMA, FedRamp, SOC and PCI audit activities for CFC incident response
EDUCATION AND QUALIFICATIONS / SKILLS AND COMPETENCIES
• BA/BS in Computer Science, Information Security, Information Systems, Engineering or related work experience
• Security certification (e.g. Security+, GCIA, GCIH, CISSP)
• Provide leadership, mentoring, and training to Cyber Fusion Team personnel and to other SAP stakeholders and the SAP Global Security Team
• Comprehensive knowledge APT actors; their tools, techniques, and procedures (TTPs)
• Knowledge of TTP methods and frameworks
• Expert knowledge of TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB
• Expert knowledge of the Windows file system, registry functions and memory artifacts and/or expert knowledge of Unix/Linux file systems and memory artifacts
• Experience managing cases with enterprise SIEM or Incident Management systems
• Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and solution orientation and to learn and adapt quickly
• Excellent written and oral communication skills
• Ability to learn and operate in a dynamic environment
• Proven experience leading multi-functional teams
• Proactive, self-managed, and able to interface well with sponsor personnel and inter-disciplinary teams across an organization
• Ensures communication and escalation of security activities to leadership, and assists in the development of incident handling processes, standard operating procedures, playbooks and runbooks
• Experience with information security compliance audit frameworks and requirements e.g. PCI, FISMA, FedRAMP, SOC, SOX, PCI, GDPR and Data Privacy
• 5-8 years’ experience leading cyber-attack investigations
• 1-3 years’ experience working in a 24/7 operational environment (Cyber Intelligence Fusion Center, SOC, NOC, Operations Center)
• Ability to possess and maintain a U.S. Government/DoD Clearance
• Newtown Square, PA, USA
SAP'S DIVERSITY COMMITMENT
To harness the power of innovation, SAP invests in the development of its diverse employees. We aspire to leverage the qualities and appreciate the unique competencies that each person brings to the company.
SAP is committed to the principles of Equal Employment Opportunity and to providing reasonable accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with SAP and are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team (Americas: Careers.NorthAmerica@sap.com or Careers.LatinAmerica@sap.com, APJ: Careers.APJ@sap.com, EMEA: Careers@sap.com). Requests for reasonable accommodation will be considered on a case-by-case basis.
EOE AA M/F/Vet/Disability:
Qualified applicants will receive consideration for employment without regard to their age, race, religion, national origin, gender, sexual orientation, gender identity, protected veteran status or disability.
Additional Locations :
It's easy, and free! Add jobs from any website! Get recommendations from your friends! Start by adding this job...