Security Consultant-Application Security
IBM
Security Consultant-Application Security
Job Description
Security Consultant-Application Security
📋 Job Overview
As a Security Consultant-Application Security at IBM, you will work in our Consulting Client Innovation Centers, focusing on SAP ABAP development and application security. Your role involves designing, developing, and securing SAP custom code across various modules, ensuring compliance with security standards and regulatory requirements. You will collaborate with SAP developers, security architects, and business stakeholders to mitigate and prevent security vulnerabilities within SAP systems.
📍 Location: BANGALORE, IN (Remote/Hybrid)
💼 Career Level: Professional
🎯 Key Responsibilities
- Design, develop, and maintain custom SAP ABAP objects in a secure and efficient manner
- Apply secure coding practices to mitigate common ABAP vulnerabilities
- Perform peer code reviews and enforce secure development guidelines
- Conduct security assessments of ABAP code using tools like SAP Code Vulnerability Analyzer (CVA), Virtual Forge/Onapsis, and manual review techniques
- Collaborate with SAP Security and Basis teams to identify and remediate application-level risks
- Support threat modeling and risk analysis activities for SAP custom applications and interfaces
- Monitor and manage security notes, patches, and vulnerability disclosures relevant to SAP applications and ABAP components
- Provide guidance on authorization design and ensure proper enforcement in custom code
- Work closely with the Information Security team to align with security policies, regulatory requirements, and internal controls
- Contribute to the definition of secure coding standards and development lifecycle processes for SAP projects
✅ Required Qualifications
- SAP ABAP Development & Code Security
- Experience in identifying, mitigating, and preventing application-layer security vulnerabilities within SAP systems
- Strong understanding of SAP application security concepts including roles/authorizations, RFC security, code-level security controls, and transport-level controls
- Experience with SAP CVA, Virtual Forge/Onapsis, SCI/SLIN, or other static code analysis tools
⭐ Preferred Qualifications
- Familiarity with OWASP Top 10, SANS Top 25, and how they apply to SAP environments
- Experience with ECC, S/4HANA, or industry-specific solutions (SAP IS modules)
🛠️ Required Skills
- SAP ABAP
- Secure coding practices
- Code injection mitigation
- SQL injection mitigation
- Unauthorized access prevention
- RFC misuse prevention
- Insecure authorization checks prevention
- Peer code reviews
- SAP Code Vulnerability Analyzer (CVA)
- Virtual Forge/Onapsis
- Manual review techniques
- Threat modeling
- Risk analysis
- Security notes management
- PFCG roles
- Object-level control
- Information Security
- Regulatory compliance (SOX, GDPR)
- Internal controls
- Secure coding standards
- Development lifecycle processes
- Roles/authorizations
- RFC security
- Code-level security controls
- Transport-level controls
- SCI/SLIN
- Static code analysis
- OWASP Top 10
- SANS Top 25
- ECC
- S/4HANA
- SAP IS modules
🎁 Benefits & Perks
- Opportunity to learn and develop career
- Encouragement to be courageous and experiment
- Continuous trust and support in an inclusive environment
- Growth-minded culture with openness to feedback and learning
- Opportunity to collaborate and drive exceptional outcomes
- Equal-opportunity employment
- Commitment to compliance with fair employment practices
Locations
- BANGALORE, IN, India (Remote)
Salary
Estimated Salary Rangemedium confidence
2,500,000 - 4,200,000 INR / yearly
Source: ai estimated
* This is an estimated range based on market data and may vary based on experience and qualifications.
Skills Required
- SAP ABAPintermediate
- Secure coding practicesintermediate
- Code injection mitigationintermediate
- SQL injection mitigationintermediate
- Unauthorized access preventionintermediate
- RFC misuse preventionintermediate
- Insecure authorization checks preventionintermediate
- Peer code reviewsintermediate
- SAP Code Vulnerability Analyzer (CVA)intermediate
- Virtual Forge/Onapsisintermediate
- Manual review techniquesintermediate
- Threat modelingintermediate
- Risk analysisintermediate
- Security notes managementintermediate
- PFCG rolesintermediate
- Object-level controlintermediate
- Information Securityintermediate
- Regulatory compliance (SOX, GDPR)intermediate
- Internal controlsintermediate
- Secure coding standardsintermediate
- Development lifecycle processesintermediate
- Roles/authorizationsintermediate
- RFC securityintermediate
- Code-level security controlsintermediate
- Transport-level controlsintermediate
- SCI/SLINintermediate
- Static code analysisintermediate
- OWASP Top 10intermediate
- SANS Top 25intermediate
- ECCintermediate
- S/4HANAintermediate
- SAP IS modulesintermediate
Required Qualifications
- SAP ABAP Development & Code Security (experience)
- Experience in identifying, mitigating, and preventing application-layer security vulnerabilities within SAP systems (experience)
- Strong understanding of SAP application security concepts including roles/authorizations, RFC security, code-level security controls, and transport-level controls (experience)
- Experience with SAP CVA, Virtual Forge/Onapsis, SCI/SLIN, or other static code analysis tools (experience)
Preferred Qualifications
- Familiarity with OWASP Top 10, SANS Top 25, and how they apply to SAP environments (experience)
- Experience with ECC, S/4HANA, or industry-specific solutions (SAP IS modules) (experience)
Responsibilities
- Design, develop, and maintain custom SAP ABAP objects in a secure and efficient manner
- Apply secure coding practices to mitigate common ABAP vulnerabilities
- Perform peer code reviews and enforce secure development guidelines
- Conduct security assessments of ABAP code using tools like SAP Code Vulnerability Analyzer (CVA), Virtual Forge/Onapsis, and manual review techniques
- Collaborate with SAP Security and Basis teams to identify and remediate application-level risks
- Support threat modeling and risk analysis activities for SAP custom applications and interfaces
- Monitor and manage security notes, patches, and vulnerability disclosures relevant to SAP applications and ABAP components
- Provide guidance on authorization design and ensure proper enforcement in custom code
- Work closely with the Information Security team to align with security policies, regulatory requirements, and internal controls
- Contribute to the definition of secure coding standards and development lifecycle processes for SAP projects
Benefits
- general: Opportunity to learn and develop career
- general: Encouragement to be courageous and experiment
- general: Continuous trust and support in an inclusive environment
- general: Growth-minded culture with openness to feedback and learning
- general: Opportunity to collaborate and drive exceptional outcomes
- general: Equal-opportunity employment
- general: Commitment to compliance with fair employment practices
Tags & Categories
Security Consultant-Application Security
IBM
Security Consultant-Application Security
Job Description
Security Consultant-Application Security
📋 Job Overview
As a Security Consultant-Application Security at IBM, you will work in our Consulting Client Innovation Centers, focusing on SAP ABAP development and application security. Your role involves designing, developing, and securing SAP custom code across various modules, ensuring compliance with security standards and regulatory requirements. You will collaborate with SAP developers, security architects, and business stakeholders to mitigate and prevent security vulnerabilities within SAP systems.
📍 Location: BANGALORE, IN (Remote/Hybrid)
💼 Career Level: Professional
🎯 Key Responsibilities
- Design, develop, and maintain custom SAP ABAP objects in a secure and efficient manner
- Apply secure coding practices to mitigate common ABAP vulnerabilities
- Perform peer code reviews and enforce secure development guidelines
- Conduct security assessments of ABAP code using tools like SAP Code Vulnerability Analyzer (CVA), Virtual Forge/Onapsis, and manual review techniques
- Collaborate with SAP Security and Basis teams to identify and remediate application-level risks
- Support threat modeling and risk analysis activities for SAP custom applications and interfaces
- Monitor and manage security notes, patches, and vulnerability disclosures relevant to SAP applications and ABAP components
- Provide guidance on authorization design and ensure proper enforcement in custom code
- Work closely with the Information Security team to align with security policies, regulatory requirements, and internal controls
- Contribute to the definition of secure coding standards and development lifecycle processes for SAP projects
✅ Required Qualifications
- SAP ABAP Development & Code Security
- Experience in identifying, mitigating, and preventing application-layer security vulnerabilities within SAP systems
- Strong understanding of SAP application security concepts including roles/authorizations, RFC security, code-level security controls, and transport-level controls
- Experience with SAP CVA, Virtual Forge/Onapsis, SCI/SLIN, or other static code analysis tools
⭐ Preferred Qualifications
- Familiarity with OWASP Top 10, SANS Top 25, and how they apply to SAP environments
- Experience with ECC, S/4HANA, or industry-specific solutions (SAP IS modules)
🛠️ Required Skills
- SAP ABAP
- Secure coding practices
- Code injection mitigation
- SQL injection mitigation
- Unauthorized access prevention
- RFC misuse prevention
- Insecure authorization checks prevention
- Peer code reviews
- SAP Code Vulnerability Analyzer (CVA)
- Virtual Forge/Onapsis
- Manual review techniques
- Threat modeling
- Risk analysis
- Security notes management
- PFCG roles
- Object-level control
- Information Security
- Regulatory compliance (SOX, GDPR)
- Internal controls
- Secure coding standards
- Development lifecycle processes
- Roles/authorizations
- RFC security
- Code-level security controls
- Transport-level controls
- SCI/SLIN
- Static code analysis
- OWASP Top 10
- SANS Top 25
- ECC
- S/4HANA
- SAP IS modules
🎁 Benefits & Perks
- Opportunity to learn and develop career
- Encouragement to be courageous and experiment
- Continuous trust and support in an inclusive environment
- Growth-minded culture with openness to feedback and learning
- Opportunity to collaborate and drive exceptional outcomes
- Equal-opportunity employment
- Commitment to compliance with fair employment practices
Locations
- BANGALORE, IN, India (Remote)
Salary
Estimated Salary Rangemedium confidence
2,500,000 - 4,200,000 INR / yearly
Source: ai estimated
* This is an estimated range based on market data and may vary based on experience and qualifications.
Skills Required
- SAP ABAPintermediate
- Secure coding practicesintermediate
- Code injection mitigationintermediate
- SQL injection mitigationintermediate
- Unauthorized access preventionintermediate
- RFC misuse preventionintermediate
- Insecure authorization checks preventionintermediate
- Peer code reviewsintermediate
- SAP Code Vulnerability Analyzer (CVA)intermediate
- Virtual Forge/Onapsisintermediate
- Manual review techniquesintermediate
- Threat modelingintermediate
- Risk analysisintermediate
- Security notes managementintermediate
- PFCG rolesintermediate
- Object-level controlintermediate
- Information Securityintermediate
- Regulatory compliance (SOX, GDPR)intermediate
- Internal controlsintermediate
- Secure coding standardsintermediate
- Development lifecycle processesintermediate
- Roles/authorizationsintermediate
- RFC securityintermediate
- Code-level security controlsintermediate
- Transport-level controlsintermediate
- SCI/SLINintermediate
- Static code analysisintermediate
- OWASP Top 10intermediate
- SANS Top 25intermediate
- ECCintermediate
- S/4HANAintermediate
- SAP IS modulesintermediate
Required Qualifications
- SAP ABAP Development & Code Security (experience)
- Experience in identifying, mitigating, and preventing application-layer security vulnerabilities within SAP systems (experience)
- Strong understanding of SAP application security concepts including roles/authorizations, RFC security, code-level security controls, and transport-level controls (experience)
- Experience with SAP CVA, Virtual Forge/Onapsis, SCI/SLIN, or other static code analysis tools (experience)
Preferred Qualifications
- Familiarity with OWASP Top 10, SANS Top 25, and how they apply to SAP environments (experience)
- Experience with ECC, S/4HANA, or industry-specific solutions (SAP IS modules) (experience)
Responsibilities
- Design, develop, and maintain custom SAP ABAP objects in a secure and efficient manner
- Apply secure coding practices to mitigate common ABAP vulnerabilities
- Perform peer code reviews and enforce secure development guidelines
- Conduct security assessments of ABAP code using tools like SAP Code Vulnerability Analyzer (CVA), Virtual Forge/Onapsis, and manual review techniques
- Collaborate with SAP Security and Basis teams to identify and remediate application-level risks
- Support threat modeling and risk analysis activities for SAP custom applications and interfaces
- Monitor and manage security notes, patches, and vulnerability disclosures relevant to SAP applications and ABAP components
- Provide guidance on authorization design and ensure proper enforcement in custom code
- Work closely with the Information Security team to align with security policies, regulatory requirements, and internal controls
- Contribute to the definition of secure coding standards and development lifecycle processes for SAP projects
Benefits
- general: Opportunity to learn and develop career
- general: Encouragement to be courageous and experiment
- general: Continuous trust and support in an inclusive environment
- general: Growth-minded culture with openness to feedback and learning
- general: Opportunity to collaborate and drive exceptional outcomes
- general: Equal-opportunity employment
- general: Commitment to compliance with fair employment practices
Tags & Categories