DevSecOps SAP Engineer

• Work with SAP RISE integration partners to bake-in security controls part of design, implementation, across SAP platforms, including SAP S/4HANA, BusinessObjects (BOBJ), Business Warehouse (BW), Governance, Risk, and Compliance (GRC), and NetWeaver Gateway.
• Integrate security best practices into CI/CD pipelines to ensure secure code deployment and infrastructure-as-code for SAP environments.
• Collaborate with development, operations, and peer cybersecurity teams to enforce the shared responsibility model for cloud and on-premises SAP deployments.
• Ensure compliance with SOX regulations and other industry standards (NERC CIP where applicable) by implementing and monitoring SAP security policies and procedures.
• Ensure IAM specific controls like user access management, role design, and segregation of duties (SoD) analysis are implemented according to our standards and best practices.
• Implement and support Single Sign-On (SSO) solutions for SAP systems to enhance authentication security.
• Conduct security assessments, vulnerability scans, and penetration testing on SAP applications and infrastructure.
• Be an integral part of SAP team and provide expertise in securing SAP RISE deployments, leveraging cloud-native security tools and practices (experience with SAP RISE is a plus).
• Develop and maintain documentation for security processes, security architecture patterns relevant to the emerging SAP environments.
• Stay updated on emerging threats, vulnerabilities, and security trends related to SAP and DevSecOps practices.
• Promote cybersecurity awareness among developers and stakeholders.

Qualifications:

• Bachelor's degree in computer science, Information Security, or a related field (or equivalent experience).
• 5+ years of experience in IT security, with at least 3 years focused on SAP security engineering.
• Proven expertise in SAP platforms, including SAP HANA, BOBJ, BW, GRC, and NetWeaver Gateway.
• Strong understanding of DevSecOps principles, including CI/CD pipeline security and automation tools (e.g., Jenkins, Git, Ansible, or similar).
• Familiarity with the shared responsibility model in cloud environments (AWS, Azure, Google Cloud Platform) and hybrid SAP deployments.
• Familiarity with SAP Cloud ALM (Application Lifecycle Management), clean core a plus.
• Experience with SOX compliance and auditing processes in SAP environments.
• Hands-on knowledge of SAP security modules, role administration, and SSO implementation (e.g., SAML, OAuth, Kerberos).
• Experience with SAP RISE or other SAP cloud transformation initiatives is highly desirable.
• Relevant certifications such as SAP Certified Technology Associate Security, CISSP, CISM, or DevSecOps-specific credentials are a plus.
• Strong analytical and problem-solving skills with excellent communication and teamwork abilities.

Preferred Technical Skills:

• Experience with scripting languages (e.g., Python, PowerShell) for automation of security tasks.
• Knowledge of container security (Docker, Kubernetes) in SAP environments.
• Familiarity with secure software development lifecycle (SDLC) practices.
• Understanding of identity and access management (IAM) tools integrated with SAP systems.