Lead Analyst, Application Security

Overview

HanesBrands (NYSE: HBI) makes everyday apparel that is known and loved by consumers around the world for comfort, quality and value. Among the company’s iconic brands are Hanes, the leading basic apparel brand in the United States; Bonds, which is setting new standards for design and sustainability; Maidenform, America’s number one shapewear brand; and Bali, America’s number one bra brand. HBI employs 48,000 associates in 29 countries and has built a strong reputation for workplace quality and ethical business practices. The company, a longtime leader in sustainability, has set aggressive 2030 goals to improve the lives of people, protect the planet and produce sustainable products. 

In the role of Lead Analyst Application Security, you will be responsible for ensuring the security of both SAP and non-SAP applications, managing the security of web and enterprise applications, and driving secure development practices across the software lifecycle. The ideal candidate will possess a deep understanding of application security risks, best practices, and tools, specifically in the context of SAP and non-SAP environments.

He/She will responsible for projects, day to day support and continuous improvements. This role will also proactively identify and implement improvements in the security design and processes to optimize the environment, improve responsiveness and provide excellent customer experience. This position would also work closely with audit/sox team and requires exposure to industry best practices, technology trends and the ability to balance security with business enabling capabilities.

Responsibilities

· Supports maintenance, role development, authorization management in SAP landscape (S/4, HANA, MDG, FIORI, ECC, BW, BTP, IBP, GRC, Datasphere, Solution Manager, IAS/IPS etc)

· Conduct security assessments and penetration testing on SAP applications, systems, and landscapes to identify and mitigate security vulnerabilities.

· Implement and enforce SAP-specific security best practices, such as user role management, authorization profiles, and segregation of duties.

· Work with Audit teams to ensure SOX compliance with regulatory standards and internal security policies.

· Be the owner and performer of the controls, such as reviewing user access and critical roles, and perform annual control testing

· Research ERP security technologies and trends to maintain subject matter expertise and always seeks to improve processes and approach to security

· Perform security on non SAP applications like Lawson, WMS in maintaining security roles, data level, classes and groupings and maintaining SOD controls.

· Access Control: Ensure proper authentication and authorization mechanisms are in place, including role-based access control (RBAC), identity and access management (IAM), and multi-factor authentication (MFA).

· Perform application security assessments on non-SAP web and enterprise applications (e.g., custom web applications, mobile applications, cloud-based apps).

· Review and analyze application code (source code and binaries) for vulnerabilities, ensuring compliance with secure coding practices.

· Develop threat models and risk assessments to guide secure application design and architecture.

· Evaluate, recommend, and implement security tools and technologies to improve application security.

· Knowledge of cloud service providers (e.g., Azure, Google Cloud) and their security tools for securing cloud-based applications and infrastructure.

Qualifications

· Bachelor’s degree in Computer Science or related field

· Minimum of eight years progressive SAP and non SAP applications security experience

· Proven track record in managing SAP Security within various applications like S4/HANA,MDG, FIORI etc, Cloud applications like BTP, Datasphere, SF, IBP etc and non SAP applications like Lawson, WMS etc.

· Strong desire to build, improve and maintain a pristine SAP and non SAP applications

· Demonstrated understanding of Segregation of Duties concepts and Sarbanes-Oxley framework

· Highly responsive with a strong sense of ownership in building and maintaining positive customer relationships

· Ability to collaborate and influence IT and business stakeholders

· Able to quickly learn new concepts and technology

To qualify, applicants must be legally authorized to work in the United States and should not require now, or in the future, sponsorship for employment visa status.

EOE/AA: Minorities/Females/Veterans/Disabled.

Applicants requiring reasonable accommodation for any part of the application and hiring process should contact us directly by:

Telephone: 877.999.5553

Email: HBI_TA@hanes.com.