Title :: SAP BTP Security Architect
Location :: Remote
Responsibilities
Security Architecture & Design
· Design and maintain secure architecture for SAP BTP services including:
· Cloud Foundry
· Kyma Runtime
· SAP Integration Suite
· SAP Extension Suite
· Define security patterns for multi-account, subaccount, and tenant-based BTP landscapes
· Architect secure cloud-to-cloud and cloud-to-on-premise integrations
· Identity & Access Management (IAM)
Architect and manage authentication and authorization using:
· SAP Identity Authentication Service (IAS)
· SAP Identity Provisioning Service (IPS)
· SAP BTP Authorization concepts (roles, role collections)
· Implement Single Sign-On (SSO) and Federated Identity (SAML 2.0, OAuth 2.0, OpenID Connect)
· Integrate SAP BTP security with corporate IdPs (Azure AD, Okta, etc.)
Application & Integration Security
· Secure REST APIs, events, and integrations within SAP BTP
· Define API security using OAuth scopes, XSUAA, certificates, and token-based authentication
· Ensure secure connectivity using SAP Cloud Connector and mTLS
Platform & Infrastructure Security
· Implement network security controls, trust configuration, and secure connectivity
· Apply secure configuration for BTP services and runtimes
· Define standards for secrets management and certificate lifecycle management
Governance, Risk & Compliance (GRC)
· Establish security standards, policies, and guardrails for SAP BTP
· Ensure compliance with regulatory frameworks (ISO 27001, SOC 2, GDPR, SOX, etc.)
· Support security audits, risk assessments, and penetration testing activities
DevSecOps & Monitoring
· Embed security into CI/CD pipelines for BTP applications
· Define secure coding and deployment guidelines
· Monitor security events using SAP and enterprise security tools and respond to incidents
Advisory & Stakeholder Collaboration
· Act as a trusted security advisor to architects, developers, and business stakeholders
· Provide guidance for secure extensions, custom developments, and modernization initiatives
· Stay current on SAP BTP security roadmap and emerging threats
Required Skills & Qualifications
Technical Skills
· Strong expertise in SAP BTP security architecture
· Hands-on experience with:
· SAP IAS / IPS
· XSUAA
· OAuth 2.0, SAML 2.0, OpenID Connect
· Deep understanding of cloud security principles (Zero Trust, least privilege)
· Experience securing SAP landscapes (S/4HANA, SuccessFactors, Ariba, etc.)
· Knowledge of API security, certificates, encryption, and key management
Cloud & Integration Knowledge
· Good understanding of cloud platforms (SAP BTP, Azure, AWS, or Google Cloud Platform)
· Experience with hybrid integrations and SAP Cloud Connector
· Familiarity with DevSecOps practices and CI/CD security
Certifications (Preferred)
· SAP Certified Technology Associate – SAP BTP
· SAP Security or SAP Cloud certifications
· Cloud security certifications (Azure Security Engineer, CISSP, CCSP – a plus)
Never miss an opportunity! Create an alert based on the job you applied for.
