Senior DevOps Engineer - Security, Observability & Incident Response

Job Description

We help the world run better
At SAP, we keep it simple: you bring your best to us, and we'll bring out the best in you. We're builders touching over 20 industries and 80% of global commerce, and we need your unique talents to help shape what's next. The work is challenging – but it matters. You'll find a place where you can be yourself, prioritize your wellbeing, and truly belong. What's in it for you? Constant learning, skill growth, great benefits, and a team that wants you to grow and succeed.

Please note: This position will be based from our San Ramon office following our hybrid working model of in-office 3 days a week. There is no relocation assistance available for this role.

We are seeking a highly skilled and proactive Security & Observability Engineer to join our Cloud Operations Tools team. This role is integral in maintaining, optimizing, and managing our Observability and Security toolsets, with a strong focus on improving end‑to‑end visibility, enhancing system reliability, strengthening detection capabilities, and reducing MTTR. The ideal candidate will have deep hands-on expertise with Observability platforms—especially Dynatrace—alongside SIEM tools, strong incident response capabilities, and a passion for automation and continuous improvement.

What you’ll do

Observability

• Own and administer the enterprise Dynatrace environment including configuration, tuning, tagging, dashboards, alerting, and synthetic monitoring.
• Develop and maintain service-level dashboards, distributed tracing views, and health analytics to support SRE, DevOps, and app teams.
• Optimize observability coverage across infrastructure, applications, APIs, and cloud platforms to reduce blind spots and improve MTTR.
• Partner with application and operations teams to drive root‑cause analysis using Dynatrace insights and AIOps capabilities.
• Ensure observability best practices around instrumentation, ingest pipelines, tagging standards, and anomaly detection models.
• Strong understanding of OpenTelemetry architecture, including Traces, Metrics, and Logs.
• Understanding of OTel's data model, context propagation, sampling, and exporters.

Security Monitoring & SIEM Operations

• Manage and tune SIEM solutions such as Splunk to ensure effective threat detection.

• Build and enhance detection rules, alerts, and dashboards.
• Perform log source onboarding and parsing improvements.

Incident Response

• Support SAP & LOB IR teams during security incidents.

• Conduct triage, investigation, containment, eradication, and recovery activities.
• Coordinate with internal and external stakeholders during and after incidents.

Endpoint Security

• Administer and monitor endpoint security tools such as CrowdStrike, TrendMicro.

• Review threat detections and drive remediation efforts.

Vulnerability Management

• Support vulnerability management processes by correlating scanner output with asset context and threat intelligence.

• Partner with IT and development teams to prioritize and remediate vulnerabilities.

Automation & Scripting

• Build automation workflows using SOAR platforms or scripting (Python, PowerShell, Bash, etc.).

• Streamline repetitive IR and security operations tasks.

Documentation & Reporting

• Maintain accurate documentation for operations, procedures, configurations, and incident records.

• Create regular reporting on security posture, observability health, and response metrics.

Collaboration & Continuous Improvement

• Collaborate with IT, DevOps, SRE, and Compliance teams.

• Provide input into architecture, tool selection, observability strategy, and security initiatives.

Must have Qualifications

• 6+ years of experience in security operations, observability engineering, or incident response.
• Expert-level hands-on experience with Dynatrace (required)—including configuration, dashboards, tagging, integrations, service flows, and alerting.
• Strong expertise with SIEM platforms (especially Splunk).
• Solid understanding of IR lifecycle and best practices.
• Experience with endpoint protection platforms (CrowdStrike, TrendMicro, McAfee, etc.).
• Familiarity with vulnerability scanning solutions (Tenable, Rapid7, Qualys).
• Strong scripting and automation skills (Python, PowerShell, Bash).
• Strong knowledge of Windows, Linux, and network security fundamentals.
• Familiarity with cloud platforms (Azure, GCP, AWS) and associated security/monitoring tools.

Preferred Qualifications

• Experience with SOAR tools (Splunk SOAR, Palo Alto XSOAR, etc.).
• Security or Observability certifications such as Dynatrace Associate/Professional, GCIA, GCIH, CEH, CISSP, or Splunk certifications.
• Experience with APM, RUM, or distributed tracing beyond Dynatrace (e.g., New Relic, AppDynamics, OpenTelemetry)

Bring out your best
SAP innovations help more than four hundred thousand customers worldwide work together more efficiently and use business insight more effectively. Originally known for leadership in enterprise resource planning (ERP) software, SAP has evolved to become a market leader in end-to-end business application software and related services for database, analytics, intelligent technologies, and experience management. As a cloud company with two hundred million users and more than one hundred thousand employees worldwide, we are purpose-driven and future-focused, with a highly collaborative team ethic and commitment to personal development. Whether connecting global industries, people, or platforms, we help ensure every challenge gets the solution it deserves. At SAP, you can bring out your best.

We win with inclusion
SAP’s culture of inclusion, focus on health and well-being, and flexible working models help ensure that everyone – regardless of background – feels included and can run at their best. At SAP, we believe we are made stronger by the unique capabilities and qualities that each person brings to our company, and we invest in our employees to inspire confidence and help everyone realize their full potential. We ultimately believe in unleashing all talent and creating a better world.

SAP is committed to the values of Equal Employment Opportunity and provides accessibility accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with SAP and are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team: Careers@sap.com.

For SAP employees: Only permanent roles are eligible for the SAP Employee Referral Program, according to the eligibility rules set in the SAP Referral Policy. Specific conditions may apply for roles in Vocational Training.

Qualified applicants will receive consideration for employment without regard to their age, race, religion, national origin, ethnicity, age, gender (including pregnancy, childbirth, et al), sexual orientation, gender identity or expression, protected veteran status, or disability.

Compensation Range Transparency: SAP believes the value of pay transparency contributes towards an honest and supportive culture and is a significant step toward demonstrating SAP’s commitment to pay equity. SAP provides the annualized compensation range inclusive of base salary and variable incentive target for the career level applicable to the posted role. The targeted combined range for this position is 148600 - 252600(USD) USD. The actual amount to be offered to the successful candidate will be within that range, dependent upon the key aspects of each case which may include education, skills, experience, scope of the role, location, etc. as determined through the selection process. Any SAP variable incentive includes a targeted dollar amount and any actual payout amount is dependent on company and personal performance. Please reference this link for a summary of SAP benefits and eligibility requirements: SAP North America Benefits.

AI Usage in the Recruitment Process

For information on the responsible use of AI in our recruitment process, please refer to our Guidelines for Ethical Usage of AI in the Recruiting Process.

Please note that any violation of these guidelines may result in disqualification from the hiring process.

Requisition ID: 434519 | Work Area: Software-Development Operations | Expected Travel: 0 - 10% | Career Status: Professional | Employment Type: Regular Full Time | Additional Locations: #LI-Hybrid