Senior DevOps Engineer Security, Observability & Incident Response

We help the world run better
At SAP we keep it simple: you bring your best to us and well bring out the best in you. Were builders touching over 20 industries and 80% of global commerce and we need your unique talents to help shape whats next. The work is challenging but it matters. Youll find a place where you can be yourself prioritize your wellbeing and truly belong. Whats in it for you Constant learning skill growth great benefits and a team that wants you to grow and succeed.

Please note: This position will be based from our San Ramon office following our hybrid working model of in-office 3 days a week. There is no relocation assistance available for this role.

We are seeking a highly skilled and proactive Security & Observability Engineer to join our Cloud Operations Tools team. This role is integral in maintaining optimizing and managing our Observability and Security toolsets with a strong focus on improving endtoend visibility enhancing system reliability strengthening detection capabilities and reducing MTTR. The ideal candidate will have deep hands-on expertise with Observability platformsespecially Dynatracealongside SIEM tools strong incident response capabilities and a passion for automation and continuous improvement.

What youll do

Observability

• Own and administer the enterprise Dynatrace environment including configuration tuning tagging dashboards alerting and synthetic monitoring.
• Develop and maintain service-level dashboards distributed tracing views and health analytics to support SRE DevOps and app teams.
• Optimize observability coverage across infrastructure applications APIs and cloud platforms to reduce blind spots and improve MTTR.
• Partner with application and operations teams to drive rootcause analysis using Dynatrace insights and AIOps capabilities.
• Ensure observability best practices around instrumentation ingest pipelines tagging standards and anomaly detection models.
• Strong understanding ofOpenTelemetry architecture including Traces Metrics and Logs.
• Understanding of OTels data model context propagation sampling and exporters.

Security Monitoring & SIEM Operations

• Manage and tune SIEM solutions such asSplunkto ensure effective threat detection.

• Build and enhance detection rules alerts and dashboards.
• Perform log source onboarding and parsing improvements.

Incident Response

• Support SAP & LOB IR teams during security incidents.

• Conduct triage investigation containment eradication and recovery activities.
• Coordinate with internal and external stakeholders during and after incidents.

Endpoint Security

• Administer and monitor endpoint security tools such as CrowdStrike TrendMicro.

• Review threat detections and drive remediation efforts.

Vulnerability Management

• Support vulnerability management processes by correlating scanner output with asset context and threat intelligence.

• Partner with IT and development teams to prioritize and remediate vulnerabilities.

Automation & Scripting

• Build automation workflows using SOAR platforms or scripting (Python PowerShell Bash etc.).

• Streamline repetitive IR and security operations tasks.

Documentation & Reporting

• Maintain accurate documentation for operations procedures configurations and incident records.

• Create regular reporting on security posture observability health and response metrics.

Collaboration & Continuous Improvement

• Collaborate with IT DevOps SRE and Compliance teams.

• Provide input into architecture tool selection observability strategy and security initiatives.

Must have Qualifications

• 6 years of experience in security operations observability engineering or incident response.
• Expert-level hands-on experience with Dynatrace (required)including configuration dashboards tagging integrations service flows and alerting.
• Strong expertise with SIEM platforms (especially Splunk).
• Solid understanding of IR lifecycle and best practices.
• Experience with endpoint protection platforms (CrowdStrike TrendMicro McAfee etc.).
• Familiarity with vulnerability scanning solutions (Tenable Rapid7 Qualys).
• Strong scripting and automation skills (Python PowerShell Bash).
• Strong knowledge of Windows Linux and network security fundamentals.
• Familiarity with cloud platforms (Azure GCP AWS) and associated security/monitoring tools.

Preferred Qualifications

• Experience with SOAR tools (Splunk SOAR Palo Alto XSOAR etc.).
• Security or Observability certifications such as Dynatrace Associate/Professional GCIA GCIH CEH CISSP or Splunk certifications.
• Experience with APM RUM or distributed tracing beyond Dynatrace (e.g. New Relic AppDynamics OpenTelemetry)

Bring out your best
SAP innovations help more than four hundred thousand customers worldwide work together more efficiently and use business insight more effectively. Originally known for leadership in enterprise resource planning (ERP) software SAP has evolved to become a market leader in end-to-end business application software and related services for database analytics intelligent technologies and experience management. As a cloud company with two hundred million users and more than one hundred thousand employees worldwide we are purpose-driven and future-focused with a highly collaborative team ethic and commitment to personal development. Whether connecting global industries people or platforms we help ensure every challenge gets the solution it deserves. At SAP you can bring out your best.

We win with inclusion
SAPs culture of inclusion focus on health and well-being and flexible working models help ensure that everyone regardless of background feels included and can run at their best. At SAP we believe we are made stronger by the unique capabilities and qualities that each person brings to our company and we invest in our employees to inspire confidence and help everyone realize their full potential. We ultimately believe in unleashing all talent and creating a better world.

SAP is committed to the values of Equal Employment Opportunity and provides accessibility accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with SAP and are in need of accommodation or special assistance to navigate our website or to complete your application please send an e-mail with your request to Recruiting Operations Team:

For SAP employees: Only permanent roles are eligible for the SAP Employee Referral Program according to the eligibility rules set in the SAP Referral Policy. Specific conditions may apply for roles in Vocational Training.

Qualified applicants will receive consideration for employment without regard to their age race religion national origin ethnicity age gender (including pregnancy childbirth et al) sexual orientation gender identity or expression protected veteran status or disability.

Compensation Range Transparency: SAPbelieves the value of pay transparency contributes towards an honest and supportive culture and is a significant step toward demonstrating SAPs commitment to pay equity. SAP provides the annualized compensation range inclusive of base salary and variable incentive target for the career level applicable to the posted role. The targeted combined range for this position is 148600 - 252600(USD) actual amount to be offered to the successful candidatewill be within that range dependent upon the key aspects of each case which may include education skillsexperience scope ofthe role location etc. as determinedthrough theselection process. Any SAP variable incentive includes a targeted dollar amount and any actual payout amount is dependent on company and personal performance. Please reference this link for a summary of SAP benefits and eligibility requirements: SAP North America Benefits.

AI Usage in the Recruitment Process

For information on the responsible use of AI in our recruitment process please refer to our Guidelines for Ethical Usage of AI in the Recruiting Process.

Please note that any violation of these guidelines may result in disqualification from the hiring process.

Requisition ID: 434519 Work Area: Software-Development Operations Expected Travel: 0 - 10% Career Status: Professional Employment Type: Regular Full Time Additional Locations: #LI-Hybrid