SAP Security Analyst/Engineer

Title: SAP Security Analyst/Engineer

Location: USA Remote

Description of Project and Tasks:

Key responsibilities

• Design, build, and maintain role based access and authorization concepts across ECC or S/4HANA, BW/4HANA, SAP PI/PO, Solution Manager, and BusinessObjects, with scalable patterns for business roles
• Administer user provisioning, deprovisioning, access reviews, and SoD analysis; define mitigating controls and custom authorizations when necessary.
• Create and maintain roles, profiles, and authorization objects; manage transports and promote changes through QA to production per change control.
• Implement and operate SAP GRC Access Control (ARA, ARM, EAM, BRM) for request, approval, firefighter, and ruleset governance.
• Govern HANA security including analytic privileges and role design for developers, modelers, DBAs, and end users.
• Support SAP project lifecycles (blueprint, testing, cutover, go live) and system upgrades with security design, testing, and remediation.
• Integrate SAP security with enterprise IAM and SSO; coordinate identity lifecycle and role mappings with central directories.
• Monitor and respond to security events; integrate with SIEM and vulnerability management to detect anomalies and drive remediation.
• Conduct periodic risk assessments, internal audits, and evidence collection
• Provide production support and root cause analysis for authorization failures; deliver training and knowledge transfer to end users and support teams.
• Maintain documentation for security designs, rulesets, procedures, and change records aligned to internal policies and external standards.

Minimum qualifications

• Bachelor s degree in information security, Computer Science, Information Systems, or related field, or equivalent experience.
• 5 8+ years in SAP Security with deep knowledge of role design, profiles, authorization objects, and SoD risk analysis.
• Hands-on experience with S/4HANA or ECC, HANA DB security, and at least one reporting/analytics platform (e.g., BW/4HANA or BusinessObjects).
• Proficiency with SAP GRC Access Control and familiarity with SAP IDM and SSO patterns.
• Strong communication, documentation, and cross functional collaboration skills with audit and business stakeholders.

Preferred qualifications

• Understanding of security frameworks and ITGCs such as ISO 27000, NIST 800, and COBIT.
• Experience with BRF+ and MSMP configuration in GRC, and complex access workflows.
• Background in upgrades, OS/DB or HANA migrations, and large multi system landscapes.
• Exposure to Security Bridge or similar SAP vulnerability/patch monitoring solutions.
• Familiarity with Fiori role design alongside classic authorization concepts. velvetjobs
• Tools and technologies
• SAP GRC Access Control (ARA, ARM, EAM, BRM), SAP IDM, SSO, and directory services for IAM integration.
• HANA database security and analytic privileges; BW/4HANA and BusinessObjects authorizations.
• SIEM and vulnerability management integrations supporting monitoring and incident