Product Security Sr Specialist
SAP
Requisition ID: 427952
Work Area: Software-Design and Development
Expected Travel: 0%
Career Status: Professional
Employment Type: Regular Full Time
Career Level: T3-3
Original Posting Date: 06/30/25
Job Title: Product Security Sr Specialist
Location: Bellevue, WA
Work Model: Hybrid work model
Purpose and Objective:
Concur Technologies, Inc. seeks a Product Security Sr Specialist at our Bellevue, WA location to ensure consistent security of the product(s)/application(s)/service(s) you are assigned to (including both on premise and cloud computing i.e. IaaS, SaaS, PaaS, etc.).
Expectations and Tasks:
Responsible for various technical and administrative activities depending on where in the secure product(s)/application(s)/service(s) lifecycle you support (e.g. planning the security measures during the initial phase, security review and testing during the development phase, or maintaining, monitoring, and incident response support during the utilization phase, etc.). Lead security operations pertaining to your realm of responsibilities, e.g. threat modeling, planning security measures, security review, security testing, security validation, compliance validation, security maintenance, vulnerability patching, incident response, etc.; provide support and guidance to junior team members. Translate requirements into security design and provide consulting to cross functional teams such as developers, security architects, testing & validation teams, etc. with their security related questions. Ensure that the technical security measures necessary to support policies are implemented and prove compliance standards are in place. Support security audits as applicable for your product(s)/application(s)/service(s); review/audit/ensure compliance to secure development lifecycle checkpoints. Drive security assessment/testing/validation activities, define and research security testing strategy and technologies. Review security scan findings to find patterns, and collaborate with relevant stakeholders such as security architects, developers, etc. for resolution. Perform analysis of complex vulnerability findings in your product(s)/application(s)/service(s); collaborate across functional teams to develop and implement patches/solutions as required to resolve/mitigate the vulnerabilities. Collaborate across functional teams to implement solutions during incident response efforts; ensure that incidents are handled within defined SLAs and quality standards. Develop and maintain relevant documentations such as plans, process workflows, and playbooks. Develop and maintain processes, guidelines, and frameworks that enable developers to build secure codes efficiently and integrate security into the continuous integration / continuous delivery and deployment pipeline. Enhance tools and processes by developing advanced/automated security checkpoints & solutions, and implementing new tools and techniques. Assist leadership in developing and tracking program metrics. Contribute to extending and improving the security knowledge base in the organization. Proactively research latest trends and emerging technologies in security and development, and recommend solution upgrades. Mentor junior team members with day to day activities.
Education and Occupational Experience:
Bachelor’s degree or foreign equivalent in Computer Science, Cybersecurity, Software Engineering, Risk Management or a related field of study and six (6) years of progressive post-baccalaureate experience in the job offered or related occupation. Employer will accept a 3 or 4 years Bachelor’s degree. Alternatively, a Master’s degree or foreign equivalent in Computer Science, Cybersecurity, Software Engineering, Risk Management or a related field of study and four (4) years of experience in the job offered or related occupation.
Qualifications/Skills and Competencies Experience:
Experience must involve four (4) years in the following:
-
Assessment and management of vulnerabilities, SAST/DAST scans, penetration testing, Security Response, OWASP, and CVSS;
-
Strategic threat modeling methodology: STRIDE;
-
Secure Software Development Lifecycle;
-
Product Security in Coding and Architecture: SAST and OWASP;
-
Cross-Product Security: OWASP, NIST, CERT.cc, FIRST;
-
Cloud Security: SAP Cloud Platform, AWS Security, OWASP, Zero Trust Framework, and NIST; and
-
Architecture Modeling and Documentation, Best Practice and Architecture Pattern: SAST and OWASP.
This position is eligible for the Employee Referral Program subject to the eligibility criteria outlined in the SAP Internal Employee Referral Policy.
Internal use only: reference code lhrs4262
SAP:SAIL
EX:OUT
We win with inclusion
SAP’s culture of inclusion, focus on health and well-being, and flexible working models help ensure that everyone – regardless of background – feels included and can run at their best. At SAP, we believe we are made stronger by the unique capabilities and qualities that each person brings to our company, and we invest in our employees to inspire confidence and help everyone realize their full potential. We ultimately believe in unleashing all talent and creating a better world.
SAP is committed to the values of Equal Employment Opportunity and provides accessibility accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with SAP and are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team: Careers@sap.com.
For SAP employees: Only permanent roles are eligible for the SAP Employee Referral Program, according to the eligibility rules set in the SAP Referral Policy. Specific conditions may apply for roles in Vocational Training.
Qualified applicants will receive consideration for employment without regard to their age, race, religion, national origin, ethnicity, gender (including pregnancy, childbirth, et al), sexual orientation, gender identity or expression, protected veteran status, or disability, in compliance with applicable federal, state, and local legal requirements.
Compensation Range Transparency: The annual base salary range for this position is $180,274 - $243,584. SAP believes the value of pay transparency contributes towards an honest and supportive culture and is a significant step toward demonstrating SAP’s commitment to pay equity. SAP provides the annualized compensation range inclusive of base salary and variable incentive target for the career level applicable to the posted role. The targeted combined range for this position is $180,274 - $276,800. The actual amount to be offered to the successful candidate will be within that range, dependent upon the key aspects of each case which may include education, skills, experience, scope of the role, location, etc. as determined through the selection process. Any SAP variable incentive includes a targeted dollar amount and any actual payout amount is dependent on company and personal performance. Please reference this link for a summary of SAP benefits and eligibility requirements: SAP North America Benefits.