Experience Inc. Jobs

Job Information

SAP Lead Application Security Engineer - Cyber Security Europe Job in Prague, Czech Republic

Requisition ID: 233300

Work Area: Software-Design and Development

Expected Travel: 0 - 10%

Career Status: Professional

Employment Type: Regular Full Time


SAP started in 1972 as a team of five colleagues with a desire to do something new. Together, they changed enterprise software and reinvented how business was done. Today, as a market leader in enterprise application software, we remain true to our roots. That’s why we engineer solutions to fuel innovation, foster equality and spread opportunity for our employees and customers across borders and cultures.

SAP values the entrepreneurial spirit, fostering creativity and building lasting relationships with our employees. We know that a diverse and inclusive workforce keeps us competitive and provides opportunities for all. We believe that together we can transform industries, grow economics, lift up societies and sustain our environment. Because it’s the best-run businesses that make the world run better and improve people’s lives.

About this position

This position is part of SAP’s larger global Security structure, an organization that drives the latest best practices around Cyber Threat Intelligence, Incident Response, Crisis Management, Digital Forensics and Vulnerability Management.

For SAP Concur we are looking for a Lead Application Security Engineer to prevent, detect, and correct security flaws in Concur software. SAP Concur is a B2B business that has millions of end users, providing best in class Web based SAAS Applications. Our customers have high expectations of us that the software we deliver them is secure and that SAP Concur protects their data. SAP Concur’s application security team therefore supports security tooling, process, and governance across the secure development lifecycle.

The application Security’s mission is to enable developers to deliver secure products and to evaluate the results of application security tooling. You will be focused on working with teams in Europe across several offices. The ability to travel 10% is preferred, but not required. SAP Concur has a mature, well resourced, application security team. Combine that with a very healthy work life balance that SAP supports, we’ve done an excellent job of constantly supporting engineer growth and continuous development of talent.

What is this team’s tech stack today?

As a team, Application Security has to be somewhat language agnostic as the security engineer will work with many teams across the organization, there will be exposure to: C#, Java, Go Lang, NodeJS among others, in Web environment, based on microservices, and REST APIs.


⦁ Designing and maintaining software security in an Agile and platform-oriented environment is an exciting challenge: your mission is to ensure best-in-class security and data protection for Concur and its customers while enabling fast-paced innovation on Concur SaaS and mobile solutions

⦁ Securing both older and newer web applications, rest APIs and Mobile Apps with process, tooling, and by educating developers.

⦁ Hands-on leadership and take ownership of development support for application security for Concur's SaaS-based financial services and SaaS product.

⦁ Provide subject matter expertise to the various development teams including communicating architectural decisions and mentoring other technical staff around the various development technologies and decisions.


⦁ Development background particularly building enterprise Web applications and working knowledge of securing applications in a cloud environment (mostly AWS)

⦁ Experience in identifying security flaws in current code, ability to evaluate risk, triage and provide remediation solutions

⦁ Strong understanding of Web Application security risks, including but not limited to OWASP top 10

⦁ Proficiency with auditing object-oriented languages and script-based languages for vulnerabilities

⦁ Experience threat modeling at scale - applications and experience securing REST services

⦁ Experience translating threats and business risk to R&D teams and executive leadership and the ability to recognize and address antipatterns at scale.

⦁ Experience with Web security tooling, Static analysis (Source level scans), Dynamics scans (black box web app testing), Interactive testing (grey box testing)


Success is what you make it. At SAP, we help you make it your own. A career at SAP can open many doors for you. If you’re searching for a company that’s dedicated to your ideas and individual growth, recognizes you for your unique contributions, fills you with a strong sense of purpose, and provides a fun, flexible and inclusive work environment – apply now .


To harness the power of innovation, SAP invests in the development of its diverse employees. We aspire to leverage the qualities and appreciate the unique competencies that each person brings to the company.

SAP is committed to the principles of Equal Employment Opportunity and to providing reasonable accommodations to applicants with physical and/or mental disabilities. If you are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team (Americas: Careers.NorthAmerica@sap.com or Careers.LatinAmerica@sap.com , APJ: Careers.APJ@sap.com , EMEA: Careers@sap.com ).

Successful candidates might be required to undergo a background verification with an external vendor.

Additional Locations :