SAP Security Engineering; Penetration Tester), IS&T Enterprise Systems

Austin Metro Area, Texas, United States Software and Services

In a fast-evolving digital world, our team seeks a Security Researcher with an offensive security mindset to tackle emerging cyber threats within Apple’s critical ERP environment. You will play a pivotal role in safeguarding our dynamic, hybrid enterprise systems, which underpin Apple’s supply chain, treasury, and customer experiences. This unique opportunity focuses on shifting security left by relentlessly pursuing and identifying vulnerabilities early and often within the development lifecycle.

You will apply cutting-edge offensive security techniques, code analysis, and penetration testing to generate meaningful data that drives the evolution of secure development standards.

You’ll be joining a spirited and supportive team of security experts that are passionate about protecting Apple’s most valuable asset—it’s customers.

This role offers an unparalleled opportunity for an early-career offensive security professional to become a recognized expert in a highly specialized and critical domain, with significant impact on a global scale.

If you possess the vital offensive security skills, an insatiable desire to find vulnerabilities in sophisticated systems, a passion for ethical hacking, and a strong curiosity for how enterprise systems function, we would love to meet you.

AS A SECURITY RESEARCHER, YOU CAN EXPECT TO:

Conduct advanced offensive security testing across Apple’s hybrid SAP landscape, including:

Manual penetration testing of custom ABAP & Java applications, SAP Fiori apps, web applications, APIs, and mobile interfaces.

Vulnerability research and testing within SAP S/4

HANA, ECC, BTP services, Ariba, Commerce Cloud, Signavio, LeanIX, and other integrated cloud-native systems.

Security assessments of underlying infrastructure and cloud environments supporting SAP.Perform deep-dive source code reviews of sophisticated applications to identify security flaws and architectural weaknesses.

Develop custom scripts, tools, and proof-of-concept exploits to augment penetration testing activities, automate vulnerability discovery, and demonstrate impact.

Proactively identify and research emerging threats and attack vectors relevant to enterprise systems and the SAP ecosystem.

Document findings in high-quality, actionable reports and presentations, clearly communicating technical vulnerabilities, their business impact, and recommended remediations to engineering teams across the organization.

Collaborate closely with engineering and development teams to provide security advice, improve secure coding practices, and integrate security early into the development lifecycle (shift-left).Assemble and analyze threat & vulnerability data to highlight issues and trends, and author enhanced development standards and security requirements.

Contribute to the team’s security knowledge base, sharing expertise, developing technical documentation, and shaping testing methodologies.

Continuously learn and develop expertise in offensive security techniques and the intricacies of the SAP ecosystem.

• 0-2 years of experience in offensive security, penetration testing, vulnerability research, or a related field
• 0-2 years of experience in web application security, API security, system and infrastructure security, and common attack techniques.
• Bachelor’s degree or equivalent in Computer Science, Cybersecurity, Information Systems, or a related technical field.

• Relevant offensive security certifications (e.g., OSCP, OSWE, OSWP, eJPT) are highly regarded.
• Experience with CTFs, hacking labs, bug bounty programs, or public security research/CVEs.
• Knowledge of cloud architecture and security principles (e.g., AWS, Azure, GCP, SAP BTP).
• Familiarity with modern cybersecurity concepts including AI/ML applications in security, cryptography, and prompt engineering for security tasks.
• Experience with data visualization and communication tools (e.g., Keynote, draw.io ((Use the "Apply for this Job" box below).), Miro, Adobe Illustrator) to heighten the storytelling impact of your…