SAP NS2 Cloud Information System Security Engineer (ISSE) - Herndon, VA 20171 Job

Employer
SAP
Location
Herndon, VA
Posted
Mar 20, 2017
Closes
Mar 21, 2017
Industry
Engineering, Security
Hours
Full Time
Requisition ID: 134490Work Area: Information TechnologyExpected Travel: 0 - 10%Career Status: ProfessionalEmployment Type: Regular Full Time COMPANY DESCRIPTION As market leader in enterprise application software, SAP helps companies of all sizes and industries innovate through simplification. From the back office to the boardroom, warehouse to storefront, on premise to cloud, desktop to mobile device a€“ SAP empowers people and organizations to work together more efficiently and use business insight more effectively to stay ahead of the competition. SAP applications and services enable customers to operate profitably, adapt continuously, and grow sustainably. SAP NS2 Cloud Information System Security Engineer (ISSE) a€“ Herndon, VA 20171COMPANY DESCRIPTIONSAP is the global market leader for business software and related services, and SAP National Security Services Inc. (R) (SAP NS2 (R)) is an independent US subsidiary, offering SAP solutions with specialized levels of security and support to meet the requirements of US national security and critical infrastructure customers.Must be a US CitizenMust be Dept. of Defense Directive 8570.1 compliant (CISSP or equivalent certification for acceptance)All internals must have managera€™s approval to transfer.Position SummaryThe Security Team Engineer will be responsible for the Enterprise Security Management, maintenance, and architecture of the IT Security Infrastructure for Public-Sector SaaS/IaaS Cloud-Computing platforms in our Herndon, VA 20171 location. Including the installation, configuration, upgrade, patching, maintenance & monitoring, DDoS mitigation, intrusion prevention and detection lifecycles.All Security Team participants will ensure proper configuration of all Firewalla€™s, IDS/IPS, Identity Management, SIEM and Security Forensics landscapes, including, but not limited to Cisco Sourcefire/TippingPoint or relevant enterprise IDS/IPS experience, Splunk, Tripwire, Encryption and Monitoring Tools to support the requirements of FedRAMP compliant cloud.This role serves as a "hands-on" technical staff person who provides technical cyber and information security architecture expertise and guidance to team members and collaborates with other IT teams to address and resolve security issues.General ResponsibilitiesExpert & Consultation: Functions as a consultant to other Infrastructure groups as an Infrastructure Cyber Security expert.Forecasts system capacity needs, prioritizes work based on departmental priorities and system criticality, functions as an inter/intra-group liaison, performs complex analysis, proactively identifies problems and makes recommendations regarding solutions, and maintains responsibility for end-user (customer) satisfaction.Create and maintain documentation as it relates to infrastructure systems, design, configuration, support and processes.Provide 24x7 L4/L5 escalation support for all Security Infrastructure platforms on a rotational basis.Maintains reports on Security Systems utilization, availability and growth patterns.Experience developing, evaluating, and implementing cyber and information security architectures, technologies, standards, and practices to secure applications and IT systems.Plans, and performs comprehensive systems analysis and design activities including development of detailed functional requirements for new information technology systems, applications or softwareProvides the in-depth knowledge of leading edge security tools and techniques for mitigating system vulnerabilities to include designing and deploying HIDS, NIDS, and various related tool sets.Responsible for deploying and managing a network and security operations command center to include operation of firewalls, Intrusion Detection Systems, and 24x7 monitoring of these networksReviews system architecture for system development , computes and estimates resources needed to prepare and manage Service Level Agreements (SLA)Serves as an expert and consultant to higher management officials and executive level management within and outside the organization to provide advice on integrating information security technology programs and functions to meet the needs of the CloudDemonstrated experience and subject matter knowledge in cyber and information security for applications, web architectures, operating systems, databases, and networks (not all required).Understand the security development lifecycle (SDL) processes for internally developed applications, including the web-based and Internet facing components.Assess application and web architectures and operating systems for vulnerabilities and develop appropriate security countermeasures.Assess, configure, and test security applications and systems, such as Cisco Sourcefire firewalls, security appliances, IDS/IPS, SSL or TLS, IPSec, and web services security.Demonstrated leadership ability.Conduct research, cost-benefit and return-on-investment analysis on proposed hardware, software and systems to justify recommendations, support purchasing efforts and in making infrastructure design and architecture decisions.Investigation of failures to find the root cause and drive resolution. Promotes teamwork through effective communication which includes but not limited to, encouraging others participation in problem resolution and project oriented tasks.Responsible for Security-related and maintainability audit of all new environments or environmental updatesPreparing written and oral presentations of complex technical and program management information to all levels involvedAbility to conduct assessments of the system for compliance with applicable security frameworks (such as NIST 800-53, NIST 800-171, etc.) Qualifications: BA/BS in Computer Science, Information Technology, Business, or any other applicable field with at least 3 years or equivalent experience in Information Security, Information Technology, or related technical disciplineStrong organizational skills and prior experience in a similar role as an Engineer, Lead or ArchitectProficient level UNIX computer skills; Basic Scripting: Perl, Python, ShellInfrastructure and Orchestration/Automation Experience preferred: Tripwire, IDS and IPS sensor tuning, Splunk, TrendMicro, McAfee ePO, HSM, and WAF.Must possess at least two professional industry certifications in area of expertise. These include but are not limited to:CISSP (Preferred)AWS Certificate (Preferred)Cloud Security CertificationVendor certification (CCNA, etc)Mastery of Encryption Mechanisms/Techniques and state-of-art applications; Security Controls; Network Intrusion Detection; Configuration Management; Firewall Management; System Security Configurations; Patch management; and Network Infrastructure SecurityAbility to meet stringent deadlines; manage and prioritize tasks appropriately.Advanced ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff. SAP'S DIVERSITY COMMITMENT To harness the power of innovation, SAP invests in the development of its diverse employees. We aspire to leverage the qualities and appreciate the unique competencies that each person brings to the company. SAP is committed to the principles of Equal Employment Opportunity and to providing reasonable accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with SAP and are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team (Americas: Careers.NorthAmerica@sap.com or Careers.LatinAmerica@sap.com, APJ: Careers.APJ@sap.com, EMEA: Careers@sap.com). Requests for reasonable accommodation will be considered on a case-by-case basis. EOE AA M/F/Vet/Disability: Qualified applicants will receive consideration for employment without regard to their age, race, religion, national origin, gender, sexual orientation, gender identity, protected veteran status or disability.Additional Locations:.