Senior Cyber Security Incident Responder

**What we offer**

**Summary**

As an investigator in SAP's Global Security Operations team you will join a global team of security practitioners to mature SAP's security. You will be located in Singapore, one of the global security hubs, and reporting directly to the Head of Security Operations APJ. The main work will be to develop the SOC and DFIR functions as well as conducting and leading investigations and analysis.

This role will have the opportunity to work within SAP's Global Security functions and interacting in a complex and challenging environment to detect, react to and remediate cyber security incidents as well as to drive detection use case development forward.

**The Role**
- Conducts investigations and forensics on internal and cloud assets for SAP and its line of businesses
- Leads incidents of local and regional scale, sets investigations goals and prioritizes tasks
- Drives continuous improvement and increases efficiency through standardization and automation
- Works independently and with management on highly visible and complex projects
- Contributes to major, global scale incidents and crisis situations by conducting analysis and writing summaries or reports
- Designs, implements and verifies new detection mechanisms and queries
- Mentors analysts and helps develop skills
- Is part of a 24/7 follow-the-sun organisation

**Requirements**:

- Degree in Computer Science or equivalent experience
- Experience working in a 24/7 operational environment (Cyber Intelligence Fusion Center, SOC, NOC, Operations Center).Has Security certification (e.g. Security+, GCIA, GCIH, CISSP)
- Knowledge in the area of creation and maintenance of detection use cases and design of playbooks
- Experience managing cases with enterprise SIEM or Incident Management systems (Information Security, Information Systems, Engineering or related work experience)
- Technology: Good knowledge of one or more of the following: Windows/AD file system, registry functions and memory artifacts, Unix/Linux file systems and memory artifacts, Mac file systems and memory artifacts, Cybersecurity automation, SIEM tools (Splunk, Loggly, Sumo Logic, LogZilla, jKool, QRadar)
Experience in network security and network systems including LANs/WANs/VPNs/Firewalls and IDS’s
- Experience with one or more scripting languages (PowerShell, Python, Bash, etc.)
- Knowledge of APT actors; their tools, techniques, and procedures (TTPs), TTP methods and frameworks
- Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and solution orientation and to learn and adapt quickly
- Ability to summarize and communicate findings and issues concise and clearly.

**#SAPSecurity #IncidentResponse #SecurityOperations #SAPSecurityCareersSGS**

**We are SAP**

**Our inclusion promise**
SAP’s culture of inclusion, focus on health and well-being, and flexible working models help ensure that everyone - regardless of background - feels included and can run at their best. At SAP, we believe we are made stronger by the unique capabilities and qualities that each person brings to our company, and we invest in our employees to inspire confidence and help everyone realize their full potential. We ultimately believe in unleashing all talent and creating a better and more equitable world.

EOE AA M/F/Vet/Disability:
Qualified applicants will receive consideration for employment without regard to their age, race, religion, national origin, ethnicity, age, gender (including pregnancy, childbirth, et al), sexual orientation, gender identity or expression, protected veteran status, or disability.

Requisition ID:301208 | Work Area: Information Technology | Expected Travel: 0 - 10% | Career Status: Professional | Employment Type: Regular Full Time |