Product Security Engineer Associate (f/m/d) with focus on Pentesting for SAP Signavio

Solution and Product Management

We help the world run better. At SAP, we keep it simple: you bring your best to us, and we'll bring out the best in you. We're builders touching over 20 industries and 80% of global commerce, and we need your unique talents to help shape what's next. The work is challenging – but it matters. You'll find a place where you can be yourself, prioritize your wellbeing, and truly belong. What's in it for you? Constant learning, skill growth, great benefits, and a team that wants you to grow and succeed.

The SAP Signavio Security, Compliance and Governance team is looking for a motivated Product Security Engineer Associate with focus on Pentesting for the SAP Signavio cloud application portfolio.

What You'll Do

• Work with internal and external partners for hacking simulations
• Assess reports and findings from customers and external vendors
• Operating Signavios Bug Bounty Program
• Handling Product Security Vulnerabilities
• Consult Engineering Teams on mitigation of penetration test findings
• Performing retests for mitigations implemented by engineering teams
• Perform own pentests for internal tooling and create pentest reports
• Engage in product security engineering activities
• Perform threat modellings

What You'll Bring

• Bachelors’s degree in Computer Science or related Science, Technology, Engineering, and Mathematics (STEM) disciplines with a specialization in security
• At least 1.5 years’ experience in security engineering, particularly with focus on pentesting
• Previous experience in software development and product security vulnerability resolution
• Demonstrated experience in AI pentesting
• Hands on experience with tools such as Kali Linux, and with retests of pentest findings
• You’re an open-minded team player
• Fluent spoken and written English communication skills
• Programming skills in at least one programming language

Beneficial skills

• Experience in customer interactions
• Demonstrated expertise in managing projects or work streams in security
• Experience with SAP Signavio application portfolio
• German language skills are a plus.
• Experience in performing (internal) pentests as lead, or coordinating external pentests and making findings resolution actionable

Meet your team

SAP Signavio is the owner of SAP’s process management and analytics product portfolio, and we are the responsible security, compliance and governance team. Our international experts cover almost every security, compliance and engineering governance aspect for SAP Signavio products and services from multiple locations, such as Berlin, St. Leon Rot, Dresden and Sofia. Taking a risk-based approach to the aforementioned topics, we support thousands of colleagues and customers within and outside of SAP Signavio. We team up with others in SAP (e.g., SAP SGSC, SAP BTP) to plan, implement, and operate technically effective and trade-off efficient security, compliance and governance solutions.