SAP Penetration Tester

We are looking for an SAP Penetration tester to work in the Healthcare Cyber Security sector in Bratislava, Žilina or Košice.

With a strong focus on SAP environment your tasks will be the following:

• Identification of security vulnerabilities
• Executing scans, penetration tests, source code analysis, reverse engineering
• Automating vulnerability assessment and penetration testing using scripting
• Provision of security advice with respect to the mitigation and elimination of weaknesses identified in accordance with current Cyber Security Standards by proposing changes from source code to software architecture
• Continuous analysis of threats and weaknesses to develop improved software security concepts
• Creation of application security guidelines and integration of those into the relevant operational and development processes
• Continuous improvement of know how in the field of application security
• Support and oversee the implementation of suggested measures to ensure that Cyber Security is part of the ongoing process
• Analysis of communications security
• Review of roles, profiles and authorization objects to identify potential escalation of privileges

More about our company: https://www.healthcare.siemens.sk/

What are we expecting?  

Education  

Master’s degree in Computer Science (or related field) or equivalent work experience  
  

Skills  

Language skills:  
English - advanced  

Knowledge of German language is highly beneficial  
  
 Professional skills:  

• Multi-year experience in the field of cyber security
• Good understanding of software development and software architecture
• Solid knowledge of technical and organizational aspects of information security
• Scripting in Power Shell
• Experienced with security frameworks NIST, SOX, HIPPA, OWASP
• Experience with using various pentesting tools (BurpSuite, Metasploit, Nessus, SQLmap, etc )
• Understanding of HTTP protocol and analysis of computer networks with Wireshark
• Good understanding of intrusion prevention in IT systems, networks and applications backed up by knowledge of theoretical and practical methods, e.g. threat analysis, penetration test, etc
• Ability to clearly communicate and present technical topics
• Ability to consult in technical and management-related matters
• Experience with threat modeling

SAP specific knowledge on:

• SAP landscape setup & transports
• SAP related communications and SNC
• ABAP programming language
• Usage of authorization objects, profiles, roles and composite roles
• SAP related web services, e.g. ICF
• BAPI interfaces
• User types & authentication mechanisms
• SAP hardening
• SAP BASIS administration

Personality requirements and skills:  

• Good analytical and problem-solving skills   
• Good aptitude for learning new technologies  
• Must be able to work in a team environment  
• Advanced interpersonal and communications skills  
• Good written and verbal communication skills  
• Good organizational skills
• Result oriented
• Self-motivated
• Highly collaborative