Security Incident Response Investigator (m/f/d)

We help the world run better At SAP, we keep it simple: you bring your best to us, and we'll bring out the best in you. We're builders touching over 20 industries and 80% of global commerce, and we need your unique talents to help shape what's next. The work is challenging – but it matters. You'll find a place where you can be yourself, prioritize your wellbeing, and truly belong. What's in it for you? Constant learning, skill growth, great benefits, and a team that wants you to grow and succeed.

Job Description

The Security Incident Response Investigator role will be dedicated to the real time analysis, lead investigation and escalation coordination of detected cyber threat events and intelligence, supporting operational efforts around the Security Detection and remediation to various system owners and other stakeholders and ensuring real time capability enhancement to respond to evolving threats.

The Security Incident Response Investigator role will be responsible for providing timely situational analysis of Security Alerts, escalation and tracking of potential attacks for remediation to system owners and provide information for potential impact to the environments’ security posture, and the development of actionable remediation steps where relevant.

Your Role and Responsibilities

The Security Incident Response Investigator role will work as an integrated part of the Security Incident Response Team, working in a follow the sun model with members across the globe. Candidates in this role will review and analyze and lead investigations on identified security event alerts, information and security intelligence relevant to threats facing the systems, infrastructure, and resources critical to our clients.

They will use this information to determine validity, severity, provide remediation recommendations and communicate this security event analysis to the system owners for remediation on a real time basis as well as tracking and reporting of these activities. Candidates should be experienced in analyzing cyber-attack attempts threats and security intelligence analysis, event tracking and escalation management and reporting.

The ideal candidate would be expected to stay current with the latest security related news, attack techniques, understand current vulnerabilities, and their respective countermeasures.

What you bring:

• At least 4 years experience in the field of security analysis, intelligence, engineering, architecture, operations and/or assurance functions;
• A degree from a recognized university in the sciences, engineering, information security, or related studies
• Demonstrable experience in the area of time critical Cyber attack event analysis, threat intelligence application, vulnerability analysis and event escalation.
• Demonstrable experience using monitoring tools to identify cyber security events or alerts of potential/active threats, intrusions, and/or compromises.

Core Security Incident Response Skills:

• Strong verbal, written communication skills with high level of detail accuracy
• Lead cybersecurity investigations and analysis during critical time sensitive incidents.
• Strong security background performing review and analysis of cyber-attacks and developing remediation recommendations.
• Creative problem-solving skills and can apply knowledge to new and never before encountered scenarios, often working under pressure situations.
• Takes an active part in the gathering, analysis, and communication of Attack alerts identified by monitoring teams
• Present actionable analysis and recommendations of identified cyber alerts to system owners and leadership across business lines as necessary
• Develop and modify documentation detailing new and improved run-books for the processes of threat analysis capability and eventual cataloging of the indicators of attack by assessed impact to the environment
• Ability to work easily with diverse and dynamic teams
• Understanding of Network, System and Application Architectures and attack methodologies

Security Operations Domain Skills:

• Depth of knowledge in two or more of the core Security Operations and Incident Response domains such as Security Triage, Cyber Threat Hunting, Security operations management, incident investigation and response process and procedures.
• Depth of knowledge in contemporary and legacy security technologies used within the Security Operations domain (such as SIEM technologies, ticketing and workflow orchestration, Threat-Intelligence Platforms, active defense, UseCase construction, Cloud based operations, etc)
• Knowledge in and current knowledge of security threat intelligence and recent attack vectors including network, application and social methods.
• Knowledge in and an understanding or proficiency in information security and compliance regulations, frameworks and leading practices

Bring out your best SAP innovations help more than four hundred thousand customers worldwide work together more efficiently and use business insight more effectively. Originally known for leadership in enterprise resource planning (ERP) software, SAP has evolved to become a market leader in end-to-end business application software and related services for database, analytics, intelligent technologies, and experience management. As a cloud company with two hundred million users and more than one hundred thousand employees worldwide, we are purpose-driven and future-focused, with a highly collaborative team ethic and commitment to personal development. Whether connecting global industries, people, or platforms, we help ensure every challenge gets the solution it deserves. At SAP, you can bring out your best.

We win with inclusion SAP’s culture of inclusion, focus on health and well-being, and flexible working models help ensure that everyone – regardless of background – feels included and can run at their best. At SAP, we believe we are made stronger by the unique capabilities and qualities that each person brings to our company, and we invest in our employees to inspire confidence and help everyone realize their full potential. We ultimately believe in unleashing all talent and creating a better world.

SAP is committed to the values of Equal Employment Opportunity and provides accessibility accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with SAP and are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team: [email protected].

For SAP employees: Only permanent roles are eligible for the SAP Employee Referral Program, according to the eligibility rules set in the SAP Referral Policy. Specific conditions may apply for roles in Vocational Training.

AI Usage in the Recruitment Process

For information on the responsible use of AI in our recruitment process, please refer to our Guidelines for Ethical Usage of AI in the Recruiting Process.

Please note that any violation of these guidelines may result in disqualification from the hiring process.