Sap Security

Job details

---

Job description

---

Position Summary SAP Security, Senior Analyst About the role:- Deloitte leads with purpose, solving complex issues for our clients and communities. Across disciplines and across borders, Deloitte Touche Tohmatsu Limited (DTTL) Global supports our network of national member firms by developing and driving global strategy, programs, and platforms, and creating new solutions and transformational experiences. Our people share a passion for igniting change and a strong service orientation that shapes our organization and those it supports. The Deloitte Global Cybersecurity function is responsible for the firm’s overall objectives in enhancing data protection, standardizing and securing critical infrastructure and gaining cyber visibility through security operations centres. The Cybersecurity organization delivers a comprehensive set of cybersecurity services to Deloitte member firms through regional delivery hubs and a Global Fusion Centre. This role will oversee regional operational service delivery for the Attack Surface Assessment Group of Services, reporting to the Application Security Lead. The role is targeted to identify and support customer need with security assessment against SAP platforms. Roles & Responsibilities:- Strategic Support the development of SAP/SWIFT assessment services to drive deeper understanding of operating risk Develop strategic service road maps Operational Support operational processes, rules of engagements and methodologies to deliver quality vulnerability analysis, alerting/alarms, security control enforcement and monitoring to Deloitte’s US Firm and any other member firm interested in using Onapsis security tools on SAP/SWIFT systems. Ensure deliverables are of a quality nature and provide practical intelligence to help member firms remediate identified vulnerabilities. Executing automated and scheduled security vulnerability and compliance scans using the Onapsis Vulnerability and Compliance component. Setup and find tune monitoring capabilities with the Onapsis Detection and Response component. If requested by customer, use SMTP for delivery of all alerts and alarms Setup security controls and/or workflows using the Onapsis Enforce and Protect component. This component requires signed certificates on both the Onapsis sensor and each SAP system ID in scope and licensed. Build customized reports with filtering capabilities for identifying proper owners of vulnerabilities. Knowledge required to determine who owns the vulnerabilities either the SAP Basis or SAP Security teams so they can take immediate remediation actions Provide concise and digestible remediation paths for identified vulnerabilities Escalates key risks and issues to Cybersecurity leadership and US Firm SAP stakeholders that require special attention. Work with Onapsis vendor for all vendor related issues including escalations, license issues, product defects, enhancement requests. Collaborate with Onapsis security team for any identified vulnerabilities by penetration testing or dynamic scans on either the Ubuntu operating system and/or any vulnerabilities identified within the web-based console or Onapsis appliances. Basic understanding of the various SAP systems S/4, Fiori, PO, GRC, Sidecar, SLT, SolMan, Redwood, ECC, Gateway/Fiori Relationship Management Works closely with the operations team to ensure appropriate customer facing documentation and communications are present to facilitate effective entry points and service offerings are present Support member firm liaisons with member firm and DTTL management and technical teams to ensure they are consuming all the offered Services within the Risk Management group across the globe and to ensure member firm expectations are being met Collaborates with the Attack Surface Assessment group to understand trends, issues and risks and to exchange expertise Education Bachelor’s degree in Computer Science, Cyber Security, International Cyber Security, or equivalent education experience. Candidates with the essential work experience below would also be considered. Work Experience Minimum of 2 years of combined experience in Cyber Security, Vulnerability Management of Application Testing At least 1 years’ experience in using the Onapsis full suite of tools (all 5 components preferred). Proven track record and experience of the following in a highly complex and global organization: Application Security testing services experience working with both testing tools and manual exploitation techniques. Experience with validation of scan results and/or vulnerabilities identified from any of the 5 Onapsis components. Onapsis product knowledge for how to create, modify, delete alerts, alarms, scans, security controls and workflows. Developer skill knowledge of ABAP and Java in order to support the Onapsis code profiler component. Conduct validation and provide remediation advice to SAP development teams. Risk Management – ability to convey technical risks to business managers and executives Application/Infrastructure/Architecture experience – experience with managing and configuring on-premises scanning tools infrastructure hosted in a cloud environment. Responsibilities for this role include the following: tuning/testing of all Onapsis components, upgrades for both the Onapsis components and Ubuntu Operating System, hardening of servers/appliances, SMTP, OS patching, and consistent management of cloud costs Ability to develop reports, metrics, dashboards and capability to articulate the data presented within the reports to senior management and technical staff. Strong knowledge of SAP and Onapsis full suite of tools including code and transport profilers Experience working with variety of cultures across the globe and have the patience, understanding and empathy to work collaboratively and effective Ability to accurately describe the OWASP Top 10 most common application security vulnerabilities found on most websites or back-end applications. Certification Professional security management certification required (at least 1 active certification from any of the following), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials such as any SANs ethical hacking certifications. Recruiting tips Finding the right job and preparing for the recruitment process can be tricky. Check out tips from our Deloitte recruiting professionals to set yourself up for success. Check out recruiting tips from Deloitte recruiters . Benefits We believe that to be an undisputed leader in professional services, we should equip you with the resources that can make a positive impact on your well-being journey. Our vision is to create a leadership culture focused on the development and well-being of our people. Here are some of our benefits and programs to support you and your family’s well-being needs. Learn more about what working at Deloitte can mean for you . Our people and culture Our people and our culture make Deloitte a place where leaders thrive. Get an inside look at the rich diversity of background, education, and experiences of our people. What impact will you make? Be inspired by the stories of our people . Professional development You want to make an impact. And we want you to make it. We can help you do that by providing you the culture, training, resources, and opportunities to help you grow and succeed as a professional. Learn more about our commitment to developing our people . Requisition code: 53695