Expert DevSecOps Engineer - Propel

Requisition ID # 164813 

Job Category: Information Technology 

Job Level: Individual Contributor

Business Unit: Information Technology

Work Type: Hybrid

Job Location: Oakland

Department Overview

Information Systems Technology Services is a unified organization comprised of various departments which collaborate effectively in order to deliver high quality technology solutions.

Position Summary

We are seeking an experienced and proactive DevSecOps SAP Engineer to join our Cybersecurity Application Platform Security Team.  This role combines expertise in SAP security with a strong foundation in DevSecOps practices to ensure the ‘secure by design’, ‘secure by default’ principles throughout development, deployment, and operation of SAP systems. The ideal candidate will have hands-on experience with Cybersecurity platforms, with a deep understanding of SAP. This position plays a critical role in assisting large IT transformation initiative – Propel, to move SAP platform to cloud; operate securely. maintaining compliance, enhancing security postures, and supporting our SAP ecosystem.

The ideal candidate will be passionate about security, have a proactive mindset, and be able to balance security requirements with business needs. They should be comfortable working in a fast-paced environment and be able to adapt to evolving security threats and technologies

This position is hybrid, working from your remote office and your assigned work location based on business need. The assigned work location will be within the PG&E Service Territory. 

PG&E is providing the salary range that the company in good faith believes it might pay for this position at the time of the job posting. This compensation range is specific to the locality of the job. The actual salary paid to an individual will be based on multiple factors, including, but not limited to, specific skills, education, licenses or certifications, experience, market value, geographic location, and internal equity. Although we estimate the successful candidate hired into this role will be placed between the entry point and the middle of the range, the decision will be made on a case-by-case basis related to these factors.

This job is also eligible to participate in PG&E’s discretionary incentive compensation programs.

A reasonable salary range is:

Bay Area Minimum: $132,000.00
Bay Area Maximum: $226,000.00

Job Responsibilities

• Work with SAP RISE integration partners to bake-in security controls part of design, implementation, across SAP platforms, including SAP S/4HANA, BusinessObjects (BOBJ), Business Warehouse (BW), Governance, Risk, and Compliance (GRC), and NetWeaver Gateway.
• Integrate security best practices into CI/CD pipelines to ensure secure code deployment and infrastructure-as-code for SAP environments.
• Collaborate with development, operations, and peer cybersecurity teams to enforce the shared responsibility model for cloud and on-premises SAP deployments.
• Ensure compliance with SOX regulations and other industry standards (NERC CIP where applicable) by implementing and monitoring SAP security policies and procedures.
• Ensure IAM specific controls like user access management, role design, and segregation of duties (SoD) analysis are implemented according to PG&E standards and best practices.
• Implement and support Single Sign-On (SSO) solutions for SAP systems to enhance authentication security.
• Conduct security assessments, vulnerability scans, and penetration testing on SAP applications and infrastructure.
• Be an integral part of SAP team and provide expertise in securing SAP RISE deployments, leveraging cloud-native security tools and practices (experience with SAP RISE is a plus).
• Develop and maintain documentation for security processes, security architecture patterns relevant to the emerging SAP environments.
• Stay updated on emerging threats, vulnerabilities, and security trends related to SAP and DevSecOps practices.
• Promote cybersecurity awareness among developers and stakeholders.

Qualifications

Minimum:

• Bachelor’s degree in computer science, Information Security, or a related field (or equivalent experience).
• 8 years of experience in IT security, with at least 3 years focused on SAP security engineering.

Desired:

• Proven expertise in SAP platforms, including SAP HANA, BOBJ, BW, GRC, and NetWeaver Gateway.
• Strong understanding of DevSecOps principles, including CI/CD pipeline security and automation tools (e.g., Jenkins, Git, Ansible, or similar).
• Familiarity with the shared responsibility model in cloud environments (AWS, Azure, GCP) and hybrid SAP deployments.
• Familiarity with SAP Cloud ALM (Application Lifecycle Management), clean core a plus.
• Experience with SOX compliance and auditing processes in SAP environments.
• Hands-on knowledge of SAP security modules, role administration, and SSO implementation (e.g., SAML, OAuth, Kerberos).
• Experience with SAP RISE or other SAP cloud transformation initiatives is highly desirable.
• Relevant certifications such as SAP Certified Technology Associate – Security, CISSP, CISM, or DevSecOps-specific credentials are a plus.
• Strong analytical and problem-solving skills with excellent communication and teamwork abilities.

Soft Skills  

• Excellent Communication Skills: Ability to clearly articulate security concepts to diverse audiences, including engineers, product managers, and executives.  
• Collaboration & Influence: Proven ability to work cross-functionally with teams to align on security priorities and influence roadmaps.  

#featuredjob