SAP NS2 Sr. Incident Response Analyst -Tier 2

Job Description

We help the world run better
At SAP, we keep it simple: you bring your best to us, and we'll bring out the best in you. We're builders touching over 20 industries and 80% of global commerce, and we need your unique talents to help shape what's next. The work is challenging – but it matters. You'll find a place where you can be yourself, prioritize your wellbeing, and truly belong. What's in it for you? Constant learning, skill growth, great benefits, and a team that wants you to grow and succeed.

Company Description

SAP is the global market leader for business software and related services, and SAP National Security Services Inc. ® (SAP NS2®) is an independent U.S. subsidiary, offering SAP solutions with specialized levels of security and support to meet the requirements of U.S. national security and critical infrastructure customers.

Must be a U.S. citizen; this position requires access to customer data. SAP NS2 does not offer Visa sponsorships for this role. All internals must have manager’s approval to transfer.

Please note: This is a hybrid position requiring you to be onsite at our Herndon, VA office 3x week

Job Summary

SAP NS2 is seeking an experienced Senior Incident Response Analyst (Tier 2) to support day-to-day security operations and lead complex investigations across endpoint, network, identity, and cloud environments. This role is focused on hands-on incident investigation and response, acting as a key escalation point from Tier 1 and a bridge to Tier 3. The ideal candidate has strong experience in triaging alerts, conducting deep investigations, and driving incidents through full lifecycle response.

Key Responsibilities:

• Lead investigations and responses for security incidents across EDR, SIEM, cloud, and identity platforms.
• Perform advanced triage of escalated alerts to determine scope, impact, and severity.
• Execute containment, eradication, and recovery actions for confirmed incidents.
• Analyze endpoint, log, and cloud telemetry to identify malicious activity and attacker behavior.
• Investigate threats such as account compromise, malware execution, and unauthorized access.
• Support monitoring and response for cloud and identity-based threats.
• Serve as an escalation point for Tier 1 analyst investigations and escalations, providing feedback, mentoring, and guidance to improve analysis quality, documentation, and incident handling.
• Document findings, timelines, and outcomes within case management systems.
• Contributes to the improvement of incident response processes and detection capabilities.

General Qualifications:

• 4–7+ years of experience in Security Operations / Incident Response
• Strong experience with:
  • Alert triage and investigation workflows
  • Endpoint and log-based investigations
  • EDR, SIEM, and cloud security platforms in a SOC or incident response environment
• Solid understanding of:
  • Windows systems and common forensic artifacts
  • Network traffic and common protocols
  • Identity and authentication mechanisms
• Experience investigating cloud-based security events
• Knowledge of common attacker tactics and techniques
• Ability to analyze large datasets and identify malicious patterns
• Basic scripting or automation skills (e.g., PowerShell, Python)
• Strong analytical thinking and ability to work through complex investigations
• Strong communication skills, including writing clear incident summaries

Preferred Qualifications:

• Knowledge of compliance frameworks such as NIST, ISO 27001, or SOC 2
• Security certifications such as GCIA, GCIH, GCFE, CISSP, or similar.
• Experience working in or with highly regulated environments.
• Ability to integrate AI into your process driven workflow(s).
• Background in threat hunting and developing proactive detections in a SOC or incident response environment.
• Familiarity with SAP software and platforms.
• Bachelor's degree in computer science, Cybersecurity, Information Technology, or a related technical discipline (or equivalent practical experience).

Bring out your best
SAP innovations help more than four hundred thousand customers worldwide work together more efficiently and use business insight more effectively. Originally known for leadership in enterprise resource planning (ERP) software, SAP has evolved to become a market leader in end-to-end business application software and related services for database, analytics, intelligent technologies, and experience management. As a cloud company with two hundred million users and more than one hundred thousand employees worldwide, we are purpose-driven and future-focused, with a highly collaborative team ethic and commitment to personal development. Whether connecting global industries, people, or platforms, we help ensure every challenge gets the solution it deserves. At SAP, you can bring out your best.

We win with inclusion
SAP’s culture of inclusion, focus on health and well-being, and flexible working models help ensure that everyone – regardless of background – feels included and can run at their best. At SAP, we believe we are made stronger by the unique capabilities and qualities that each person brings to our company, and we invest in our employees to inspire confidence and help everyone realize their full potential. We ultimately believe in unleashing all talent and creating a better world.

SAP is committed to the values of Equal Employment Opportunity and provides accessibility accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with SAP and are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team: Careers@sap.com.

For SAP employees: Only permanent roles are eligible for the SAP Employee Referral Program, according to the eligibility rules set in the SAP Referral Policy. Specific conditions may apply for roles in Vocational Training.

Qualified applicants will receive consideration for employment without regard to their age, race, religion, national origin, ethnicity, age, gender (including pregnancy, childbirth, et al), sexual orientation, gender identity or expression, protected veteran status, or disability.

Compensation Range Transparency: SAP believes the value of pay transparency contributes towards an honest and supportive culture and is a significant step toward demonstrating SAP’s commitment to pay equity. SAP provides the annualized compensation range inclusive of base salary and variable incentive target for the career level applicable to the posted role. The targeted annual combined range for this position is 131000-271600USD. The actual amount to be offered to the successful candidate will be within that range, dependent upon the key aspects of each case which may include education, skills, experience, scope of the role, location, etc. as determined through the selection process. Any SAP variable incentive includes a targeted dollar amount and any actual payout amount is dependent on company and personal performance. Please reference this link for a summary of SAP benefits and eligibility requirements: SAP North America Benefits.

AI Usage in the Recruitment Process

For information on the responsible use of AI in our recruitment process, please refer to our Guidelines for Ethical Usage of AI in the Recruiting Process.

Please note that any violation of these guidelines may result in disqualification from the hiring process.

Requisition ID: 453100 | Work Area: Information Technology | Expected Travel: 0 - 10% | Career Status: Professional | Employment Type: Regular Full Time | Additional Locations: #LI-Hybrid