Senior Product Security Engineer

We Help the World Run Better

At SAP, we believe you bring your best, and we'll bring out the best in you. We are builders, impacting over 20 industries and 80% of global commerce, and we need your unique talents to help shape what's next. The work is challenging yet meaningful. You'll find a place where you can be yourself, prioritize your wellbeing, and truly belong. What's in it for you? Constant learning, skill growth, great benefits, and a team dedicated to your success.

What You'll Do

We are seeking an experienced Senior Product Security Engineer to join the security team of SAP LeanIX. In this role, you will work closely with the Product and Engineering organizations, reporting directly to the Director of Information Security.

The Role

As a Senior Product Security Engineer, you will be responsible for the application and infrastructure security of the SAP LeanIX enterprise architecture solution. This position can be based in Bonn, Walldorf, Berlin, Dresden, or Munich.

Your Key Tasks Shall Include

• Conducting secure requirements review, architecture and design review, threat modeling, secure code review, and penetration testing.
• Reviewing security scan findings to identify patterns, and collaborating with stakeholders like developers for resolution.
• Performing complex vulnerability analysis; partnering with cross-functional teams to develop and implement patches/solutions.
• Providing expert consulting to cross-functional teams, including developers and product managers, on security-related questions.
• Supporting security audits; reviewing, auditing, and ensuring compliance with secure development lifecycle checkpoints.
• Integrating secure development best practices and methodologies throughout the development and deployment processes.
• Collaborating across functional teams to implement solutions during incident response efforts.
• Continuously monitoring product infrastructure security via automated configuration management tools for component updates and security.
• Enhancing tools and processes by developing advanced/automated security checkpoints, solutions, and implementing new techniques.
• Assisting leadership in developing and tracking program metrics.
• Contributing to extending and improving the security knowledge base within the organization.
• Proactively researching the latest trends and emerging technologies in security and development, recommending solution upgrades.
• Providing support and guidance to junior team members.

What You Bring

• Minimum 8 years of industry experience with application security, secure code reviews, DevSecOps (SAST, SCA), and infrastructure security.
• Experience with common web application and network vulnerability scanning tools (e.g., Tenable, Qualys).
• Proficiency with security frameworks such as OWASP Top 10, NIST, CIS, SANS CWE.
• Experience with cloud security testing (e.g., for Azure, AWS, GCP), including penetration testing and posture management.
• Experience with security testing of AI products.
• Proven experience in performing or leading threat modeling sessions.
• Knowledge of programming languages such as JS/TypeScript, Kotlin, Java, Python.
• Relevant Security Certifications (e.g., CREST CRT, CREST CPSA, OSCP, OSWE, CEH, CHFI) are a plus.
• Fluent in spoken and written English.

Meet Your Team

The Information Security team manages the security of the SAP LeanIX enterprise architecture solution, collaborating closely with the Product and Engineering organization as well as SAP’s central security team.

Key skills/competency

• Application Security
• Secure Code Review
• DevSecOps
• Threat Modeling
• Penetration Testing
• Cloud Security
• Vulnerability Management
• Incident Response
• SAST (Static Application Security Testing)
• SCA (Software Composition Analysis)