Lieu : MOUGINS · Contrat : Stage · Rémunération : depending on the length of the internship and your diploma €
Founded in 1972, SAP has grown to become the world's leading provider of business software solutions. SAP is market leader in enterprise application software. The company is also the fastest-growing major database company. Globally, more than 77% of all business transactions worldwide touch an SAP software system. With more than 347.000 customers in more than 180 countries, SAP includes subsidiaries in all major countries. SAP is the world's largest inter-enterprise software company and the world's third-largest independent software supplier, overall. SAP solutions help enterprises of all sizes around the world to improve customer relationships, enhance partner collaboration and create efficiencies across their supply chains and business operations. SAP employs more than 98.600 people.
Security Testing at SAP Labs France
The Security Testing team enables SAP development teams to build secure software by providing a service for automated source code scans complemented by other test methods, such as dynamic checks, fuzzing, and penetration testing. This automated security analysis of potentially large software products allows to detect and eliminate security flaws at an early stage in the development cycle before the products are shipped to SAP customers. The team also provides central education and consulting to develop security awareness in SAP and help development teams make effective use of these tools.
INTERNSHIP TOPIC 1: WEB APPLICATIONS FOR HEALTH MONITORING
We operate many static analysis tools (SAST) and dynamic analysis tools (DAST) within our team. The successful intern will develop two web applications and associated REST services for these tools:
- One web application that returns the availability and status of a given tool based on its mains services response time and its queue load
- One web application that given a project and a tool returns the health state of this project by checking its configuration, the regularity of audits, the quality of audits, existence of warnings or errors, etc.
Get experience in building software from scratch!
INTERNSHIP TOPIC 2: HIGH-AVAILABILITY AND ARCHIVING OF EXTREMELY LARGE DATABASES
Within our team, we operate many servers in order to enable SAP developers run static and dynamic analysis on their code with Security Testing tools. These servers have endless growing databases that become performance bottlenecks. On the other hand, deleting data from these servers is not an option as scan history needs to be kept for 10 years for audit and legal reasons. The successful intern will design, implement, test and deploy productively an efficient archiving solution for our multiple production systems. The archiving solution shouldn’t affect the performance or accessibility of the production systems. The archived data, limited to the strict necessary, should remain searchable and reportable. Archived data should be restored on production systems on demand and data archived for more than 10 years should be automatically deleted. Managing high availability is also very important to maintaining high uptime and strong operational performance of our databases. The candidate will compare different approaches to configure high availability of our databases and based on this will implement the best solution on our production servers.
Learn how to overcome the biggest challenge of any application with a large customer base1
INTERNSHIP TOPIC 3: SOFTWARE DEVELOPMENT TO BUILD TECHNICAL DOCUMENTATION
Good documentation is key to the success of any professional project. In Security Testing, we have a mix of not so well-structured wiki pages and community pages that describe installation steps and usage of Security Testing tools. We are looking for a developer and technical writer who could improve the current documentation and the processes used in Security Testing for documentation. We are expecting the successful intern to:
• Gather requirements, compare and select appropriate documentation tools and frameworks. Examples of platforms include: Read the Docs, MkDocs, Ascii Doc, GitHub pages, static site generators such as Hugo, Jekyll, Sphinx, and more.
• Set up a process including a versioning system for the content
• Collaborate with team members to identify areas of improvements in existing documentation
• Refactor existing documentation to provide an improved user experience and a more accessible information structure
• Build a documentation site and publish new content
Learn how to bring agility and effectiveness in your company documentation
INTERNSHIP TOPIC 4: MIGRATION OF SERVERS TO HYPERSCALERS
Our team maintains and operates 120+ servers that run in the internal corporate network. The successful intern will work on the migration of these servers to one of the following hyperscalers: GCP, AWS or Azure. His/her tasks will be the following:
- Gather requirements
- Run proof of concepts to determine which hyperscaler matches best the requirements
- Work on a migration plan
- Proceed with the migration
• Acquisition of knowledge in application security and security testing tools
• Diversity of tasks (design, development, devops)
• High visibility and recognition of the work as the applications/documentation will be consumed by 30.000+ developers in SAP
• Contact with security experts (pentesters, static and dynamic tools experts, and tools consultants)
• Work with a great team in a nice location (Sophia-Antipolis/south of France)
In addition to a strong scientific and technical background, the position requires strong problem-solving capabilities with the ability to communicate effectively. The ideal candidate will have/be:
• Good technical/development skills
• Willingness and proven ability to quickly acquire development proficiency in new technologies
• Fluent in English (working language)
• Good oral and written communication skills
Knowledge in Security is a plus.
CONTACTS AND PROCEDURE
Please candidate by clicking on this link:
UPLOAD (all documents must be in English):
• Your CV
• Cover letter
• Any relevant documents