Role Description ESO’s teams are growing, and our software is in demand globally by firefighters, paramedics, hospitals, and governments. To meet this demand, we are building an industry-leading cyber security team in Belfast to protect our customers and data from a variety of fast moving and constantly evolving threats. We are looking for a Security Engineering Team Leader to join our UK team, working alongside teams in Belfast, Denmark, Czechia, and the United States. Work alongside our fire, hospital, and EMS Engineering teams to secure our mission-critical applications. These applications are used to help our customers go about their daily job of protecting their communities and saving lives. You’ll lead our team of Security Engineers, supporting and directing our Product & Technology team to ensure our products and systems are designed and implemented with a priority on security. You’ll collaborate closely with our Product & Technology teams, contributing to application architecture and steering system implementation. Your team's work will draw on principles like defence in depth and leverage practices such as threat modelling and zero trust across a multi-cloud environment - with focus on best practice, security by design and implementation of standards and frameworks across our portfolio. Our Security Engineers have a high degree of autonomy and are part of a high functioning, motivated and forward-thinking team. You have the chance to join a diverse, growing and passionate team, working on critical products, whilst being supported with training opportunities and mentoring. Qualifications - At least 5 years’ experience in securing software or infrastructure in cloud platforms (e.g. Microsoft Azure, AWS, GCP) - Your experience should include: - Securing systems in line with ‘Well Architected Frameworks’ e.g. Azure Well Architected Framework - Network experience – whether designing and building, managing or troubleshooting - Applying security to networks, hosts, web applications and cloud native deployments - Working with toolsets from one or more of: asset management, vulnerability management, firewalls, SIEM, PAM, IDS/IPS, EDR/XDR, DLP, SWG, WAF, CSPM, CNAPP - A solid understanding and ideally experience in the design, implementation or run of one or more of: SAST / DAST / IAST / RASP - Having knowledge of Continuous Integration / Continuous Deployment best practices, and securing pipelines - Understand current attack tactics, techniques and procedures along with the use of MITRE Attack framework and associated MITRE security research - Be inquisitive, have a passion for what you do and understanding how your work impacts and contributes to ESO’s success Requirements - Exposure to Infrastructure as Code and Azure native technologies - Experience with threat modelling, NIST and CIS frameworks - Knowledge of application security standards such as OWASP Top 10, SANS / CWE 25 Benefits - Life insurance (4 x base salary) - Income protection insurance - A generous pension contribution - Private medical insurance including optical and dental - A health cash plan - Modern City Centre office in Belfast - Northern Ireland, and a flexible hybrid working policy (this role is Remote within UK) - AwardCo Recognition Program - Enhanced paternity leave and pay, enhanced adoptive pay, enhanced maternity pay - 12 weeks full pay after 6 months' service - Enhanced short and long-term sick pay - 25 days holiday which increases year on year until you reach 5 years of service + 14 additional days Company Description ESO is a fast-paced, growing data, technology and research company passionate about improving community health and safety through the power of data. We pioneer innovative, user-friendly software to meet the changing needs of today’s EMS agencies, fire departments, and hospitals. We serve thousands of customers out of our offices across the US, Canada and Northern Ireland. ESO is committed to creating a diverse and inclusive work environment and is proud to be an equal opportunity employer. We invite you to consider opportunities at ESO regardless of your gender; gender identity; gender reassignment; age; religious or similar philosophical belief; race; national origin; political opinion; sexual orientation; disability; marital or civil partnership status or other non-merit factor.

Lead endpoint and security engineering initiatives, managing assessment-to-remediation workflows, device lifecycle, and patch orchestration while ensuring compliance and integration with various systems and technologies.

Title: SAP Security Engineer (GRC – Technical) Job Description: Bright Vision Technologies is a forward-thinking software development company dedicated to building innovative solutions that help businesses automate and optimize their operations. We leverage cutting-edge technologies to create scalable, secure, and user-friendly applications. As we continue to grow, we’re looking for a skilled SAP Security Engineer (GRC – Technical) to join our dynamic team and contribute to our mission of transforming business processes through technology. This is a fantastic opportunity to join an established and well-respected organization offering tremendous career growth potential. Location: 100% Remote (Continental United States) Position Type: In-house Bright Vision Technologies SOW engagement (no third-party client or vendor) Salary: $100K - $150K Experience: 5+ years Sponsorship: No new H1B sponsorship available. H1B transfers welcomed for qualified candidates. Employment Type: Full-time, direct W2 with Bright Vision Technologies (no C2C, no 1099, no third-party) Engagement: Long-term, multi-year, aligned to the Bright Vision SOW delivery roadmap Compensation: Competitive base salary commensurate with experience, plus benefits. Employment Terms & Visa Policy This is a 100% remote, full-time, direct W2 position with Bright Vision Technologies. This role is part of Bright Vision Technologies’ in-house Statement of Work (SOW) engagement. The client, end customer, and employer for this position is Bright Vision Technologies — there is no third-party client, vendor, or implementation partner involved. We do not engage in C2C, 1099, or third-party arrangements for this role. BUT STRICTLY NO C2C/1099/3RD PARTY COMPANIES. ALL OUR ROLES ARE W2 AND NO 3RD PARTY BROKERING PLEASE. Candidates must be willing to work directly as a full-time W2 employee of Bright Vision Technologies and contribute to our in-house SOW deliverables. No new H1B sponsorship is available for this role. However, candidates who are currently on a valid H1B visa and require a transfer are welcome to apply. We will support H1B transfers for qualified candidates. For every role, a technical coding assessment is mandatory. Please apply only if you are confident in your technical abilities and hands-on experience. Job Summary We are seeking an experienced SAP Security and GRC (Governance, Risk, and Compliance) Engineer to design, implement, and operate security and access-control frameworks for complex SAP landscapes, including S/4HANA, ECC, BW/4HANA, Fiori, BTP, and SuccessFactors. In this role you will be responsible for SAP role design, user provisioning, segregation-of-duties analysis, audit support, and the technical operation of SAP GRC suites. The ideal candidate will combine deep expertise in SAP authorization concepts with strong hands-on experience operating SAP GRC Access Control and Process Control, and will partner closely with audit, compliance, and business teams to deliver a secure, auditable SAP environment. Key Responsibilities - Design and maintain SAP authorization concepts and role structures aligned with business processes and least-privilege principles. - Build and maintain master, derived, composite, and business roles for S/4HANA, ECC, and Fiori applications. - Configure and operate SAP GRC Access Control (ARA, ARM, BRM, EAM), including ruleset management, mitigating controls, and emergency access management. - Perform segregation-of-duties analysis and remediation in collaboration with business process owners and internal audit. - Configure user provisioning workflows in SAP GRC ARM, including request types, approval paths, and integration with IDM/IAM platforms. - Operate SAP GRC Process Control for continuous controls monitoring and policy management. - Implement security for Fiori applications, including catalogs, groups, and front-end authorizations. - Configure and operate security for SAP BTP and cloud applications using XSUAA, IAS, and IPS. - Support SAP audits (SOX, GxP, PCI) and respond to audit findings with documented remediation plans. - Implement transport security, table logging, and audit logging in line with internal security policies. - Monitor and remediate SAP Security Notes in coordination with Basis and DBA teams. - Maintain comprehensive, current technical documentation — including architecture diagrams, design decisions, configuration references, runbooks, and operational procedures — so that the system remains supportable, auditable, and easy to onboard new engineers onto over time. - Mentor junior team members and support knowledge transfer across the security team. Required Qualifications - Bachelor’s degree in Computer Science, Engineering, or a related technical discipline. - Five or more years of SAP Security / GRC experience in enterprise landscapes. - Strong hands-on experience with SAP authorization concepts and role design. - Deep experience operating SAP GRC Access Control (ARA, ARM, BRM, EAM). - Experience supporting SAP audits and remediation activities. - Hands-on experience securing Fiori, BTP, and cloud SAP applications. - Familiarity with SAP IDM or third-party IGA tooling. - Working knowledge of SAP Process Control. - Strong understanding of regulatory frameworks such as SOX, GxP, and PCI. - Excellent communication and documentation skills. Preferred Qualifications - SAP-certified Security or GRC credentials. - Experience with SAP Cloud Identity services (IAS, IPS) and SCIM-based integrations. - Familiarity with HANA security and analytic privileges. - Experience with continuous controls monitoring frameworks. - Exposure to SAP RISE / Grow security operating models. Position offered by “No Fee Agency.” Equal Employment Opportunity (EEO) Statement Bright Vision Technologies (BV Teck) is committed to equal employment opportunity (EEO) for all employees and applicants without regard to race, color, religion, sex, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, veteran status, or any other protected status as defined by applicable federal, state, or local laws. This commitment extends to all aspects of employment, including recruitment, hiring, training, compensation, promotion, transfer, leaves of absence, termination, layoffs, and recall. BV Teck expressly prohibits any form of workplace harassment or discrimination. Any improper interference with employees' ability to perform their job duties may result in disciplinary action up to and including termination of employment.

Design and maintain SAP authorization concepts, configure SAP GRC Access Control, and perform segregation-of-duties analysis while collaborating with business and audit teams to ensure a secure SAP environment.