Publiée le 29 mai
Description de l'offre
Requisition ID: 252133
Work Area: Administration
Expected Travel: 0 - 10%
Career Status: Student
Employment Type: Limited Full Time
SAP started in 1972 as a team of five colleagues with a desire to do something new. Together, they changed enterprise software and reinvented how business was done. Today, as a market leader in enterprise application software, we remain true to our roots. That’s why we engineer solutions to fuel innovation, foster equality and spread opportunity for our employees and customers across borders and cultures.
SAP values the entrepreneurial spirit, fostering creativity and building lasting relationships with our employees. We know that a diverse and inclusive workforce keeps us competitive and provides opportunities for all. We believe that together we can transform industries, grow economics, lift up societies and sustain our environment. Because it’s the best-run businesses that make the world run better and improve people’s lives.
PURPOSE AND OBJECTIVES
Cyber-attacks can disrupt and cause considerable financial and reputational damage to even the most resilient organizations. If an organization suffers a cyber-attack, it stands to lose assets, reputation and business, and potentially face regulatory fines and litigation. Most cyber-attacks are automated, indiscriminate and evolve at an alarming rate.
Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from damage or unauthorized access from cyber-attacks. Ensuring cybersecurity requires coordinated efforts throughout the development lifecycle of products. An important element in this lifecycle is Security Testing. Security Testing reveals flaws in the security mechanisms of products during development and helps prevent attacks such as SQL injection, XSS, DoS.
Within SAP Global Security (SGS), the Security Testing team enables SAP development teams to build secure software by providing a service for automated source code scans complemented by other test methods, such as dynamic checks, fuzzing, and penetration testing. This automated security analysis of potentially large software products allows to detect and eliminate security flaws at an early stage in the development cycle before the products are shipped to SAP customers. The team also provides central education and consulting to develop security awareness in SAP and help development teams make effective use of these tools. Finally, the team carries out research projects in white spot areas and develop its own security testing tools for specific configurations that are not well supported by standard static analysis tools (SAST) or dynamic analysis tools (DAST).
Our strengths rely on an international and multicultural team. The team is made up of highly skilled and passionate individuals who together bring many years of experience from various areas of application security. We are looking for a passionate and collaborative intern with a hands-on mindset.
EXPECTATIONS AND TASKS
The internship will take place in the context of the security testing training delivered in SAP worldwide. With this internal training for SAP developers, each SAP trainee learns: which testing tools to use, how to use the tools and when to test. The goal of this training is to present an overview of the security testing strategy describing the security testing tools (Fortify, Checkmarx, WebInspect, Zap, etc.) and give to any SAP developer best practices and recommendations to follow. The training comes into two flavors: an online training where the trainees can learn by themselves and a classroom training where two trainers deliver the training onsite. The classroom training runs over two days and is made of security theory and hands-on exercises. Each participant of the training can connect to a virtual machine with all the testing tools already installed and pre-configured. For each training, we set up this technical infrastructure for the participants.
We have developed internally two applications which need to be enhanced and maintained
- SAPGoat store developed by the Security Testing team
During the training, the participants are using SAPGoat store, a vulnerable application to learn the types of security vulnerabilities that exist and how to detect them with the testing tools. The application is an online shop with vulnerabilities available like challenges on the website.
It has various components:
- Store, a vulnerable shop written in Java (JSP)
- Mobile Store, a mobile application (multi OS) with the same functionalities than the Store
- Mobile Backoffice, an Android mobile application with the same functionalities than the back office
- ATMan, which stands for Auto Training Manager, is an automation platform for trainings that has been
created to automate the tasks that need to be done prior, during and after a training. For example, it creates Virtual Machines and assign them to the participants. This web application is meant to be used by all actors involved in a training (participants and trainers).
The material which is used during the training requires also to be updated regularly with new security challenges and exercise. There is a need to adapt the material for a e-learning version with the possibility to make some security challenges remotely.
As examples, the candidate could have to:
- Ramp-up on Security Testing Tools (Static and Dynamic)
- E-learning material: development of a new module to create on-demand pre-configured virtual machines for online Security Testing trainings
- Improve the automation of the exercises setup environment like remove manual configuration database access, simplify the tool credentials, clean automatically tools environments
- Development and support for the two applications
- Improvement of SAPgoat Store: continue developing SAPGoat and its different components
- Create new challenges
- Add new vulnerabilities
- Refresh the UI
- New development, Maintenance and Use of ATMan application
- Contribution to the material for the classroom and online trainings (e.g. creation of new security challenges and exercises)
- Technical coordination of the infrastructure for the trainings
The intern/apprentice will have the opportunity:
- To discuss with security experts and she/he will gain expertise in the area of static and dynamic security analysis
- To be fully part of a Security Team in SAP and improve her/his knowledge in Security
- To work mainly on devops tasks, however she/he will have the opportunity to tackle diverse type of tasks (like support, testing, design and communication about the Security Testing training)
You should bring
- Development skills
- Knowledge in Security or really strong interest in the domain
You will learn
- Applied Security
- Security Testing Tools
- SAP Secure SDL
- Hackers’ techniques
- Contact with security experts (pentesters, static and dynamic tools experts, and tools consultants)
- High visibility of the work (the application will be used in the training and will be consumed by 30 000+ developers)
- Diversity of tasks (development, devops, support, design)
- Work with a great team in a nice location (Sophia-Antipolis/south of France)
PROFILE/EDUCATION/SKILLS AND COMPETENCIES
The ideal candidate will have/be:
- Good technical/development skills
- Willingness and proven ability to quickly acquire development proficiency in new technologies
- Fluent in English (working language)
- Good oral and written communication skills
- Knowledge in Docker and Nagios is a plus
- Knowledge in Security is a plus
WHAT YOU GET FROM US
Success is what you make it. At SAP, we help you make it your own. A career at SAP can open many doors for you. If you’re searching for a company that’s dedicated to your ideas and individual growth, recognizes you for your unique contributions, fills you with a strong sense of purpose, and provides a fun, flexible and inclusive work environment – apply now.
SAP'S DIVERSITY COMMITMENT
To harness the power of innovation, SAP invests in the development of its diverse employees. We aspire to leverage the qualities and appreciate the unique competencies that each person brings to the company.
SAP is committed to the principles of Equal Employment Opportunity and to providing reasonable accommodations to applicants with physical and/or mental disabilities. If you are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team (Americas: Careers.NorthAmerica@sap.com or Careers.LatinAmerica@sap.com, APJ: Careers.APJ@sap.com, EMEA: Careers@sap.com).
Successful candidates might be required to undergo a background verification with an external vendor.