We help the world run better
At SAP, we enable you to bring out your best. Our company culture is focused on collaboration and a shared passion to help the world run better. How? We focus every day on building the foundation for tomorrow and creating a workplace that embraces differences, values flexibility, and is aligned to our purpose-driven and future-focused work. We offer a highly collaborative, caring team environment with a strong focus on learning and development, recognition for your individual contributions, and a variety of benefit options for you to choose from.
About SAP Labs Network and SAP Labs Vietnam
SAP Labs Network is the global R&D setup where over 55,000 engineers around the world create, operate and support the most innovative enterprise solutions for SAP’s customers worldwide. SAP Labs Vietnam aims to become one of the key locations within the SAP Labs Network to support the engineering growth for SAP.
Meet the team
SAP is looking for candidates to fill the role of Technology Legal Compliance (TLC) Analyst. This position offers a unique opportunity for individuals who are passionate about software quality – ideal candidates will possess a strong background in software testing or auditing and have a genuine interest in expanding their career and experience into the areas of development governance and compliance.
Acting as a key contributor to the company’s Global Technology Legal Compliance group, participation in SAP’s 3rd party intellectual property management initiatives is a significant part of the role. Critically, this involves monitoring and controlling open source intake across SAP by executing code audits using our source code scanning technologies: the review and assessment of the code scanner output represents a central area of responsibility.
The successful candidate will have an inherent passion for research and investigations – in addition to having a very high level of attention to detail, candidates must enjoy doing research to find answers to complex questions. Working closely with product development, release management, legal, licensing, and other stakeholder teams, the TLC Analyst will drive to support SAP’s Intellectual Property due diligence processes, ensuring consistent compliance to open source licensing.
What you will do:
Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). Review and validate automated testing results and prioritize actions that resolve issues based on overall risk. Perform application security tests using binary analysis. Perform manual source code review for security vulnerabilities. Analyze source code to mitigate identified weaknesses and vulnerabilities within the system. Identify opportunities to automate and standardize information security controls and for the supported groups. Participate in conference calls with engineering team to ensure proper scan coverage and effective results. Write formal security assessment report for each application, using our company's standard reporting format. Direct the development and delivery of secure solutions by coordinating with business and technical contacts. Collaborate with application teams to ensure that any identified security vulnerabilities are remediated in a timely manner. Manage and execute security assessments for multiple projects simultaneously and ensure project timelines are met. Research and explore new testing tools and methodologies. Act as a mentor to the junior team members. Actively participate in research and knowledge sharing discussions with broader Vulnerability Assessments organization. Reduce risk by analyzing the root cause of issues, their impact, and required corrective actions.
What you should bring
B.S. (degree in Computer Science, Engineering, Information Technology or equivalent) At least 3 years of relevant experience in web development, source code review, or application security testing. Basic understanding of application security and associated vulnerabilities Development background in Java/J2EE, C#, .NET in an enterprise environment Development experience with modern JavaScript frameworks, Python, JSON, Lambda Good understanding of the Software Development Life Cycle – including unit testing, code scanning Experience using ALM and CICD tools like Bitbucket, TFS, Jenkins, udeploy, BMC RLM or related tools in an agile methodology. Familiarity with static analysis (source code review) and application pen-testing techniques Candidates who have experience using and contributing to open source software projects will be highly favored. Experience using commercial enterprise automated security testing tools such as Checkmarx, Snyk, AppScan Source, Fortify, Veracode, Blackduck, Sonatype, Contrast, Seeker is a plus. Experience using or testing cloud platforms (AWS, Google, Azure, etc.) is a plus. Proven influencing and relationship management skills. Consistently demonstrates clear and concise written and verbal communication. Professional certifications, such as CISSP, CSSLP, GIAC, CEH, or willingness to obtain.
Bring out your best
SAP innovations help more than four hundred thousand customers worldwide work together more efficiently and use business insight more effectively. Originally known for leadership in enterprise resource planning (ERP) software, SAP has evolved to become a market leader in end-to-end business application software and related services for database, analytics, intelligent technologies, and experience management. As a cloud company with two hundred million users and more than one hundred thousand employees worldwide, we are purpose-driven and future-focused, with a highly collaborative team ethic and commitment to personal development. Whether connecting global industries, people, or platforms, we help ensure every challenge gets the solution it deserves. At SAP, you can bring out your best.
We win with inclusion
SAP’s culture of inclusion, focus on health and well-being, and flexible working models help ensure that everyone – regardless of background – feels included and can run at their best. At SAP, we believe we are made stronger by the unique capabilities and qualities that each person brings to our company, and we invest in our employees to inspire confidence and help everyone realize their full potential. We ultimately believe in unleashing all talent and creating a better and more equitable world.
SAP is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to the values of Equal Employment Opportunity and provide accessibility accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with SAP and are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team: Careers@sap.com.
For SAP employees: Only permanent roles are eligible for the SAP Employee Referral Program, according to the eligibility rules set in the SAP Referral Policy. Specific conditions may apply for roles in Vocational Training.
EOE AA M/F/Vet/Disability
Qualified applicants will receive consideration for employment without regard to their age, race, religion, national origin, ethnicity, age, gender (including pregnancy, childbirth, et al), sexual orientation, gender identity or expression, protected veteran status, or disability.
Requisition ID: 404267 | Work Area: Software-Design and Development | Expected Travel: 0 - 10% | Career Status: Professional | Employment Type: Regular Full Time | Additional Locations: #LI-Hybrid