Duties & Responsibilites : | -Work under the supervision of the Division of Information Security to enhance the security posture of the state-wide SAP ERP environment.
-Provide detailed recommendations and a plan for security improvements, including a risk-based prioritization of improvement efforts. Work with multiple teams to implement and validate security improvements.
-Provide architectural, engineering and configuration support regarding both the ongoing and strategic security configuration of a large SAP environment including underlying systems and third party applications.
-Work with business and technical teams to advise and develop best business practices around SAP security for all SAP platform technologies.
-Define SAP Role Matrix with Functional Leads, ??configuration of control environment, and creation of SAP Roles, profiles, and authorizations.
-Work with functional/process teams to refine requirements and develop solutions to application security issues including segregation of duties (SOD).
-Providing input and feedback on security decisions regarding the SAP infrastructure and architecture.?
-Validate systems, applications, and operations are in compliance with established standards.
-Develop and maintain operational documentation where needed for the proper secure administration and operation of the system, to directly support security standards, architecture, and design.
-Use and refine appropriate and effective incident response measures for network security alerts.
-Work with members of agency and DIS staff to support the enterprise approach to security.
-Interface with vendors and development teams resolving technical challenges and providing clarity on product security features and requirements.
-Consider and foresee first, second, and third order impacts on the system, product, feature, or work flow as a result of any new change introduced.
-Actively participate in technical discussions related to idea conceptualization, product or feature development and security impact.
REQUIRED SKILLS (RANK IN ORDER OF IMPORTANCE):
-Minimum of 5 years of hands-on \ application security experience
-Minimum of 4 years of hands on experience with web-based applications
REQUIRED EDUCATION:
-Bachelor’s degree or 8 to 10 years experience.
PREFERRED:
-CISSP, CEH, MCSE, CCSP, GCIH, APPLICATION SECURITY/SECURE SOFTWARE PROFESSIONAL CERTIFICATIONS (E.G. CSSLP, GSSP, GWEB, GWAPT, ETC.)
-At least 2 years experience in development, configuration or support with SAP Security including leading design changes and improvements to SAP role structure
-Strong understanding of SAP Integration Security including system interfaces and Third Party Applications
-Proven experience developing SAP information security architectures and solutions
-Experienced with SAP Security authorization concept across SAP components??
-Proven experience in managing segregation of duties, sensitive access and mitigating controls.
-Strong understanding of Internal Controls and Segregation of Duties Framework
-Understand the security requirements of client and security implications of new business decisions
-Expert understanding of SAP's authorization concepts and profile generator
-Information Security experience with subject-matter expertise on a range of information security topics including application security, host security and network security.
-Expert understanding of web application, middleware and database security
-Extensive knowledge of software security threat vectors and vulnerabilities
-Understanding of commonly used web and inter-system communications protocols
-Understanding of database administrator fundamentals
PREFERRED SKILLS (RANK IN ORDER OF IMPORTANCE):
-4 years experience in development, configuration or support with SAP Security including leading design changes and improvements to SAP role structure
-Experience collaborating with auditors to demonstrate compliance with internal and external standards.
-Good understanding of SQL and Relational Database support and administration (e.g. Oracle, Sybase, DB2, SQL Server, etc.)
-Support or administration experience with Windows, Linux, Solaris, HP-UX, and AIX
-Working knowledge of web services frameworks (i.e. SOAP)
-Hands on experience with Secure Software Development Lifecycle (S-SDLC) methodologies and best practices / Knowledge of secure coding principles and practices.
-Static analysis, dynamic analysis and manual code reviews.
-Understanding of _javascript_, HTML5, Java, .NET, C++, SQL and other modern programming languages
|