DevSecOps Engineer Propel Platform at Remote

DevSecOps Engineer Propel Platform

Duration 1 Year+

Non locals will also work. (work on PST time zone 9-5)

We are seeking an experienced and proactive DevSecOps SAP Engineer to join our Cybersecurity Application Platform Security Team. This role combines expertise in SAP security with a strong foundation in DevSecOps practices to ensure the 'secure by design', 'secure by default' principles throughout development, deployment, and operation of SAP systems. The ideal candidate will have hands-on experience with Cybersecurity platforms, with a deep understanding of SAP. This position plays a critical role in assisting large IT transformation initiative Propel, to move SAP platform to cloud; operate securely. maintaining compliance, enhancing security postures, and supporting our SAP ecosystem.

Key Responsibilities:

• Work with SAP RISE integration partners to bake-in security controls part of design, implementation, across SAP platforms, including SAP S/4HANA, BusinessObjects (BOBJ), Business Warehouse (BW), Governance, Risk, and Compliance (GRC), and NetWeaver Gateway.
• Integrate security best practices into CI/CD pipelines to ensure secure code deployment and infrastructure-as-code for SAP environments.
• Collaborate with development, operations, and peer cybersecurity teams to enforce the shared responsibility model for cloud and on-premises SAP deployments.
• Ensure compliance with SOX regulations and other industry standards (NERC CIP where applicable) by implementing and monitoring SAP security policies and procedures.
• Ensure IAM specific controls like user access management, role design, and segregation of duties (SoD) analysis are implemented according to PG&E standards and best practices.
• Implement and support Single Sign-On (SSO) solutions for SAP systems to enhance authentication security.
• Conduct security assessments, vulnerability scans, and penetration testing on SAP applications and infrastructure.
• Be an integral part of SAP team and provide expertise in securing SAP RISE deployments, leveraging cloud-native security tools and practices (experience with SAP RISE is a plus).
• Develop and maintain documentation for security processes, security architecture patterns relevant to the emerging SAP environments.
• Stay updated on emerging threats, vulnerabilities, and security trends related to SAP and DevSecOps practices.
• Promote cybersecurity awareness among developers and stakeholders.

Qualifications:

• Bachelor's degree in computer science, Information Security, or a related field (or equivalent experience).
• 5+ years of experience in IT security, with at least 3 years focused on SAP security engineering.
• Proven expertise in SAP platforms, including SAP HANA, BOBJ, BW, GRC, and NetWeaver Gateway.
• Strong understanding of DevSecOps principles, including CI/CD pipeline security and automation tools (e.g., Jenkins, Git, Ansible, or similar).
• Familiarity with the shared responsibility model in cloud environments (AWS, Azure, Google Cloud Platform) and hybrid SAP deployments.
• Familiarity with SAP Cloud ALM (Application Lifecycle Management), clean core a plus.
• Experience with SOX compliance and auditing processes in SAP environments.
• Hands-on knowledge of SAP security modules, role administration, and SSO implementation (e.g., SAML, OAuth, Kerberos).
• Experience with SAP RISE or other SAP cloud transformation initiatives is highly desirable.
• Relevant certifications such as SAP Certified Technology Associate Security, CISSP, CISM, or DevSecOps-specific credentials are a plus.
• Strong analytical and problem-solving skills with excellent communication and teamwork abilities.