Sap Security Engineer-BTP

Key Responsibilities
Security Architecture & Design
* Design and maintain secure architecture for SAP BTP services including:
o Cloud Foundry
o Kyma Runtime
o SAP Integration Suite
o SAP Extension Suite
* Define security patterns for multi-account, subaccount, and tenant-based BTP landscapes
* Architect secure cloud-to-cloud and cloud-to-on-premise integrations
Identity & Access Management (IAM)
* Architect and manage authentication and authorization using:
o SAP Identity Authentication Service (IAS)
o SAP Identity Provisioning Service (IPS)
o SAP BTP Authorization concepts (roles, role collections)
* Implement Single Sign-On (SSO) and Federated Identity (SAML 2.0, OAuth 2.0, OpenID Connect)
* Integrate SAP BTP security with corporate IdPs (Azure AD, Okta, etc.)
Application & Integration Security
* Secure REST APIs, events, and integrations within SAP BTP
* Define API security using OAuth scopes, XSUAA, certificates, and token-based authentication
* Ensure secure connectivity using SAP Cloud Connector and mTLS
Platform & Infrastructure Security
* Implement network security controls, trust configuration, and secure connectivity
* Apply secure configuration for BTP services and runtimes
* Define standards for secrets management and certificate lifecycle management
Governance, Risk & Compliance (GRC)
* Establish security standards, policies, and guardrails for SAP BTP
* Ensure compliance with regulatory frameworks (ISO 27001, SOC 2, GDPR, SOX, etc.)
* Support security audits, risk assessments, and penetration testing activities
DevSecOps & Monitoring
* Embed security into CI/CD pipelines for BTP applications
* Define secure coding and deployment guidelines
* Monitor security events using SAP and enterprise security tools and respond to incidents
Advisory & Stakeholder Collaboration
* Act as a trusted security advisor to architects, developers, and business stakeholders
* Provide guidance for secure extensions, custom developments, and modernization initiatives
* Stay current on SAP BTP security roadmap and emerging threats
______________
Required Skills & Qualifications
Technical Skills
* Strong expertise in SAP BTP security architecture
* Hands-on experience with:
o SAP IAS / IPS
o XSUAA
o OAuth 2.0, SAML 2.0, OpenID Connect
* Deep understanding of cloud security principles (Zero Trust, least privilege)
* Experience securing SAP landscapes (S/4HANA, SuccessFactors, Ariba, etc.)
* Knowledge of API security, certificates, encryption, and key management
Cloud & Integration Knowledge
* Good understanding of cloud platforms (SAP BTP, Azure, AWS, or Google Cloud Platform)
* Experience with hybrid integrations and SAP Cloud Connector
* Familiarity with DevSecOps practices and CI/CD security
Certifications (Preferred)
* SAP Certified Technology Associate – SAP BTP
* SAP Security or SAP Cloud certifications
* Cloud security certifications (Azure Security Engineer, CISSP, CCSP – a plus)