SA

Senior Incident Response Specialist

Job summary

Newtown Square

Work model

Hybrid · 3 days home
4 days ago
Job description

Requisition ID: 429203

Work Area: Information Technology

Expected Travel: 0%

Career Status: Professional

Employment Type: Regular Full Time

Career Level: T3-2

Original Posting Date: 06/09/2025

Location: Newtown Square, PA

Work Model: Hybrid work model

Purpose and Objective

SAP America, Inc. seeks a Senior Incident Response Specialist at our Newtown Square, PA location to triage security alerts detected by Enterprise Detection and SIEM, analyzing all available data to determine if a cyber-attack is occurring, scoping the extent of a suspected attack, coordinating efforts to contain attacks, and providing guidance on remediation actions.

Expectations and Tasks

  • Perform Incident Response Tier III duties as a part of a 24/7 cyber incident response team.
  • Leverage SAP's security tools to monitor, triage, and respond to security event alerts.
  • Communicate updates to stakeholders both within and outside security.
  • Perform forensic analysis and present evidence to stakeholders.
  • Observe proper evidence custody and control procedures; document procedures and findings suitable for courtroom presentation.
  • Partner with SAP groups to review monitoring requirements and create detection alerts.
  • Develop automated workflows that will reduce response times.
  • Develop and implement intrusion remediation and strategy.
  • Perform additional analysis of escalations from junior Incident Response Analysts and conduct case review.
  • Conduct proactive Cyber Hunting exercises based on threat intelligence from Response Analysts.
  • Provide onboarding training and coaching to junior Incident Response Analysts.
  • Collect intrusion artifacts and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
  • Conduct digital evidence analysis and gather evidence against network and host-based intrusions.
  • Identify and document case relevant file-system artifacts, including browser histories, account usage, and USB histories.
  • Ensure communication and escalation of security activities to leadership and senior-level team members.
  • Provide guidance in developing incident handling processes, standard operating procedures, playbooks, and runbooks.
  • Monitor and review incident response tools, procedures, and workflows, to develop strategy to increase efficiency and reduce response time.

Education and Occupational Experience

Bachelor's degree or foreign equivalent in Computer Science, Mathematics, Engineering, or a related field of study and six (6) years of progressive post-baccalaureate experience in the job offered or related occupation. Alternatively, a Master's degree or foreign equivalent in Computer Science, Mathematics, Engineering, or a related field of study and four (4) years of experience in the job offered or related occupation.

Qualifications/Skills and Competencies Experience

Experience must involve four (4) years in the following:

  • RSA SA, Cellbrite, and Open source digital forensics;
  • SNOW and RSA eCat;
  • Network Security, Intrusion Detection and Prevention, Netwitness implementation and design, and forensics;
  • Operate system installation, patching, and configuration in Windows, Linux and OSX;
  • Security Management and Incident Response operations, including Analysis and Reverse engineering, and forensics;
  • Automate full forensics capture and triage collection; and
  • Programming languages including, C++, Assembly, Scripting, or Python.

Compensation Range Transparency

The annual base salary range for this position is $147,805 - $200,200. The targeted combined range for this position is $147,805 - $227,500. The actual amount to be offered to the successful candidate will be within that range, dependent upon the key aspects of each case which may include education, skills, experience, scope of the role, location, etc.

Inclusion and Equal Opportunity

We win with inclusion. SAP is committed to the values of Equal Employment Opportunity and provides accessibility accommodations to applicants with physical and/or mental disabilities.