SAP Cyber Security Analyst

SAP Cyber Security Analyst – English Speaking. Porto, Portugal. 40% Remote (work from home). Permanent Job. Flexible Start Date from June 2022 Onwards. Very Generous International Expat Salary Package + 15% Bonus + Benefits + Great Family Relocation Package. END-CLIENT!


  • The salary on offer is highly competitive and fully open to discussion.  Our client is very interested to receive your CV and to have an open and transparent discussion about what your current salary is in your current country and what your expectations are in order to relocate to Porto, Portugal.
  • An annual bonus of 15% is paid on top of your fixed basic salary
  • The company offers a fantastic financial relocation package for international candidates to help you and your family to relocate to Porto, Portugal. Full details of this will be discussed during your interview.


  • Health Insurance
  • Food allowance
  • Mobile phone
  • Company staff discounts on products
  • 26 days of holiday per year (25 + 1 day for birthday)


  • During the Covid Pandemic you will work 100% remotely.
  • After the pandemic passes the company will employ a hybrid working model: 60% onsite / 40% Remote.

Our end-client based in Porto, Portugal, is looking for an English speaking SAP Cyber Security Analyst to join their expanding team.  This is a fantastic opportunity to join the company as they are just beginning the migration to S/4HANA, a very large programme that will continue for the next few years.  Now is the perfect time to join the S/4HANA migration project at an early stage.  You will be part of a strategic program with a lot of opportunities to grow and reach your goals. You will be working in a flexible and family friendly environment with open culture.

The selection, design, justification, implementation and operation of controls and management strategies to maintain the security, confidentiality, integrity, availability, accountability and relevant compliance of information systems with legislation, regulation and relevant standards.

The candidate will be recruited for the Application Security team, which is part of the Information Security team; therefore, there is an expectation for a certain level of cyber-security knowledge combined with SAP.  Security is our main strength. A vulnerability is eventually referring to a security vulnerability and it is the team’s job to explain to the stakeholders from a security perspective the impact, risk, exploitation and mitigation recommendations of a certain finding. This will usually require cyber security knowledge.

SAP is knowledge is mandatory because these findings/vulnerabilities will be in the SAP system/application context.


  • Provides advice and guidance on Cyber Security strategies to manage identified risks and ensure adoption and adherence to standards.
  • Contributes to development of the vulnerability mitigations of the products that are in the Product Area.
  • Oversees and coordinates Application Security Services in the Product area.
  • Coordinates Penetrations tests in the Product Area.
  • Provides Information Security Consultancy in the Product Area.
  • Triages registered vulnerabilities and facilitates the process towards mitigation.
  • Conducts Manual code reviews on Demand
  • Analyze and plan the field of Security trainings in the Product Area.
  • Evaluate and improve the respective InfoSec KPIs in the Domain.
  • Evaluate and adopt new technologies
  • Invest time in coaching teammates on technical and leadership skills
  • Lead technical discussions with technical and non-technical stakeholders, and take responsibility for making decisions that balance long- and short-term objectives


  • You will bring your ideas to life in a buzzing environment of highly engaged, multinational agile teams, who at their core build game-changing software products. Right there with you!
  • You will understand the full Secure SDLC process
  • You will work on the pipelines to implement Global Infosec Standards
  • You will work hands on with static and dynamic security scanners.
  • You will perform code reviews for critical code change to ensure code quality and security standards
  • You will fix confirmed vulnerabilities in alignment with the product teams
  • You will engage with key stakeholders (Devops teams, product owners, Product leads)
  • You will transfer the technical depth Information Security and Devops Teams
  • You will consult and coordinate Information Security related consultancies in the product.
  • You will coordinate Penetration tests in the product and support mitigations.
  • You will understand your product and its area with all integrations
  • You will be continuously learning the latest tech from internal trainings, experienced colleagues, conferences, and trainings
  • You will attend Scrum ceremonies, including daily stand ups, refinements and retrospectives
  • You will follow existing release process to enable developed features in live systems
  • You will ensure team code is compliant with code quality and standards


  • 5+ Years of experience in Information Security with focus on SAP security
  • 3+ Years of experience in ABAP
  • Must have solid Cyber Security experience
  • Must have experience with SAP Application Security
  • Must have experience searching for potential security vulnerabilities in ABAP source code using any type of code scanner, for example:
    • SAP ATC (ABAP Test Cockpit)
    • SAP CVA (Code Vulnerability Analyzer)
    • Onapsis
    • Virtual forge (acquired by Onapsis)
    • ERPScan
    • SecurityBridge
    • or any other similar solution/tool
  • Experience with SAP Penetration testing is nice to have
  • Striving towards security in development (ABAP, Node.Js, Javascript)
  • Proven track record in working with agile methodologies
  • Familiarity with Atlassian Jira or similar software bug tracking tools
  • Strong DevOps and CI/CD experience
  • Willingness to learn and improve in the area of Information security with a focus on SAP application security
  • Ability to work in a fast-paced environment with different international cultures.
  • Willingness to train and improve in Information security
  • Motivation to never stop learning in Cyber Security and digital domain.
  • Strong interpersonal and communication skills.


  • Experience with setting up secure environments for coding e.g. access, source code repositories and pipelines is a big plus
  • Experience with continuous integration (toolset) and cloud platforms is a big plus
  • Experience with bug bounty programs is a plus


  • Fluent in English (reading, writing, speaking)


  • SAP – Frameworks and languages: SAPUI5, CAP (Node.js), ABAP, SAP Fiori
  • CI/CD: Jenkins
  • Cloud platforms: AWS
  • Agile Methodologies: Scrum/Kanban


Not a problem. The company, is keen to increase their team’s diversity of backgrounds and skills.  They are more interested in the work you will produce with them than that work you’ve already produced in the past. If this role sounds of interest to you then we look forward to receiving your application!


  • Very flexible work pattern.  You can start anytime between 07:00 – 10:00 am
  • Casual dress code
  • Continuous education and working with internal and external consultancies
  • Expertise is all areas of H2R to learn from
  • Diverse team and all levels of expertise


  • The company is a multi-cultural organisation and welcomes candidates from all parts of the globe.  The company is open to sponsoring a work permit for the right candidate.

Related keywords: SAP Security, SAPUI5, CAP (Node.js), SAP ABAP, SAP Fiori, CI/CD: Jenkins, Cloud platforms: AWS, Agile Methodologies: Scrum/Kanban, Market leader static and dynamic code scanners, S&A, Authorisation, Authorisation, Authorization, Authorizations, Roles, Administration, Admin