SAP Concur - Incident Response Handler

SAP - Newtown Square, PA

Requisition ID: 201414
Work Area: Information Technology
Expected Travel: 0 - 10%
Career Status: Professional
Employment Type: Regular Full Time


SAP started in 1972 as a team of five colleagues with a desire to do something new. Together, they changed enterprise software and reinvented how business was done. Today, as a market leader in enterprise application software, we remain true to our roots. That’s why we engineer solutions to fuel innovation, foster equality and spread opportunity for our employees and customers across borders and cultures.
SAP values the entrepreneurial spirit, fostering creativity and building lasting relationships with our employees. We know that a diverse and inclusive workforce keeps us competitive and provides opportunities for all. We believe that together we can transform industries, grow economics, lift up societies and sustain our environment. Because it’s the best-run businesses that make the world run better and improve people’s lives.

Incident Response Handler

Hiring at all levels


An SAP Incident Response Handler is a crucial front-line defender of SAP’s digital enterprise. Our Incident Handlers are responsible for triaging critical security events detected by security monitoring operations, analyzing all available data to determine if a cyber attack is occurring, scoping the extent of a suspected attack, coordinating efforts to contain attacks, and conducting forensic investigation to determine the details around the attack.


Develops attack remediation strategies
Performs additional analysis of escalations from Incident Analysts and conducts case review
Performs attack scope and root cause analyses
Provides onboarding training and coaching to for junior incident response analysts
Identifies and develops workflow automation to lower response time and eliminate lengthy procedures


BA/BS in Computer Science, Information Security, or Information Systems or related work experience
Expert knowledge of TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB
Expert knowledge of the Windows file system, registry functions and memory artifacts and/or expert knowledge of Unix/Linux file systems and memory artifacts
Ability to learn and operate in a dynamic environment
Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and solution orientation and to learn and adapt quickly
Based on nature of work federal law and regulations require hired person(s) are U.S. citizens


5-6 years of experience leading cyber attack investigations
1-2 years of experience working in a 24/7 operational environment

Success is what you make it. At SAP, we help you make it your own.
A career at SAP can open many doors for you. If you’re searching for a company that’s dedicated to your ideas and individual growth, recognizes you for your unique contributions, fills you with a strong sense of purpose, and provides a fun, flexible and inclusive work environment – apply now.

To harness the power of innovation, SAP invests in the development of its diverse employees. We aspire to leverage the qualities and appreciate the unique competencies that each person brings to the company.

SAP is committed to the principles of Equal Employment Opportunity and to providing reasonable accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with SAP and are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team. ( or, APJ:, EMEA: Requests for reasonable accommodation will be considered on a case-by-case basis. Successful candidates might be required to undergo a background verification with an external vendor.

EOE AA M/F/Vet/Disability:
Qualified applicants will receive consideration for employment without regard to their age, race, religion, national origin, gender, sexual orientation, gender identity, protected veteran status or disability.

Successful candidates might be required to undergo a background verification with an external vendor.

Additional Locations: