NS2 Sr. Platform Security Engineer

We help the world run better At SAP, we keep it simple: you bring your best to us, and we'll bring out the best in you. We're builders touching over 20 industries and 80% of global commerce, and we need your unique talents to help shape what's next. The work is challenging – but it matters. You'll find a place where you can be yourself, prioritize your wellbeing, and truly belong.

What's in it for you? Constant learning, skill growth, great benefits, and a team that wants you to grow and succeed.

SAP is the global market leader for business software and related services.

SAP National Security Services Inc.® (SAP NS2®) is an independent U.S. subsidiary of SAP.At SAP NS2, we leverage best-in-breed technologies engineered by SAP to protect the lives, assets, and information of Americans.

Weoffer SAP solutions with specialized levels of security and support to meet the requirements of U.S. national security and critical infrastructure customers.

This position requires access to customer data.
Must be a U.S. citizen; SAP NS2 does not offer Visa sponsor ships for this role.

All internal must have manager’s approval to transfer.

We are seeking a Senior Platform Security Engineer with a strong Dev Ops/Dev Sec Ops  background to lead security efforts across our cloud infrastructure, CI/CD pipelines, and production workloads. You will be hands-on, conducting threat modeling, driving vulnerability management, building security automation, and hardening multi-cloud environments.

This role partners closely with Dev Ops, Platform Engineering, and Product teams to embed security into the development lifecycle. You’ll contribute to security tooling strategy, build policy-as-code frameworks, and drive detection and response capabilities across cloud-native infrastructure. A key requirement for this position is deep, demonstrated expertise with the Wiz platform — not surface-level familiarity, but production-level experience architecting deployments, tuning policies, building integrations, and using Wiz as a core pillar of a cloud security program.

This role requires substantive, production-level experience with the Wiz platform as well as other security toling. Candidates should be prepared to demonstrate depth across multiple Wiz capabilities during the interview process.

• Deployed and administered Wiz CNAPP in production across AWS, Azure, and/or GCP environments
• Configured and tuned Wiz security policies, rules, and risk scoring to align with organizational risk appetite and compliance frameworks
• Built custom Wiz integrations using the Wiz API, including automated workflows for ticket creation, alert routing, CI/CD gating, and reporting
• Leveraged Wiz’s CSPM, CIEM, vulnerability scanning, container/Kubernetes security, and IaC scanning capabilities in production
• Experience with EDR/XDR platforms such as Crowd Strike Falcon for endpoint detection, threat hunting, and incident response across cloud and hybrid environments
• Ability to design and operate vulnerability management programs including scan scheduling, prioritization, SLA enforcement, and remediation tracking
• Experience with Dynatrace or equivalent APM/observability platforms for infrastructure monitoring, application performance analysis, and security-relevant telemetry
• Ability to correlate observability data with security findings to improve detection, triage, and incident response workflows

• Cloud Security Architecture: Lead threat modeling and security reviews across cloud infrastructure, CI/CD pipelines, and Kubernetes-based workloads. Develop scalable mitigation strategies and secure baselines.
• Dev Sec Ops  Integration: Build automation, policy-as-code, and security tooling that enables development teams to shift left. Integrate security findings into CI/CD workflows, IaC pipelines, and developer feedback loops.
• Vulnerability Management: Drive vulnerability management and remediation across cloud and container environments. Prioritize issues using risk context, implement mitigations, and design preventative controls across software supply chains.
• Detection & Response: Extend detection and response capabilities across cloud environments. Build scalable solutions for alert triage, investigation, and incident remediation.
• Infrastructure Hardening: Design and implement secure baselines for cloud resources, Kubernetes clusters (EKS/GKE/AKS), IAM, and network architecture. Enforce guardrails through policy-as-code.
• Security Tooling & Wiz Platform: Support the configuration, optimization, and integration of the Wiz platform as a core component of our cloud security stack. Drive adoption, tune policies, build API integrations, leverage Wiz Code for vulnerability remediation, and ensure Wiz capabilities are fully leveraged across the organization.
• Cross-Functional Partnership: Build deep partnerships with Dev Ops, Platform Engineering, Security Engineering, Product, and Sec Ops teams. Enable…