Strong SAP security skill set required.
As the IVC program transitions into the SAP phase, it has been identified that there is a need for a dedicated security resource with a strong SAP security skill set. The expectation is that this person would serve as a security leader supporting the program. In this capacity, they would lead the security assessment activities, as well as facilitate other security services and needs (e.g., adversarial testing, security architecture consulting, collaboration with security teams in consortia, etc.).
Serve as the lead cybersecurity architect for the global SAP program, developing a comprehensive security strategy, roadmap, and reference architectures.
Define and enforce security standards, controls, and best practices throughout the project lifecycle, from design and development to deployment and operations.
Own and create key technical deliverables, including security architecture diagrams, threat models, secure configuration guides, and risk assessment reports.
Partner with cross-functional teams including enterprise architecture, business process owners, compliance, and internal audit to embed security requirements into the core solution.
Provide strategic guidance and expert advice to senior leadership and project stakeholders on SAP-related security risks, compliance, and mitigation strategies.
Act as the firm's subject matter expert on all aspects of SAP security, including Governance, Risk, and Compliance (GRC), Identity and Access Management (IAM), and data protection.
Requirements:
BS in Computer Science or related field, or equivalent work experience
Minimum of 10 years of experience with at least three of the following: threat modelling experience, secure coding,
identity management and authentication, software development, cryptography, penetration testing, cloud security,
mobile security, and network security
Advanced knowledge and understanding of security engineering, system and network security, authentication and
security protocols, cryptography, or application security.
Experience reading and writing in at least one programming language.
Certifications such as CISSP, CISM, Azure Cybersecurity Expert, or equivalent are highly desirable.
Experience integrating security into the SAP software development lifecycle (SDLC) and transport management processes, including static/dynamic code analysis (SAST/DAST) for ABAP and other custom developments.
Deep experience in the security testing of custom SAP objects (WRICEF) and modern SAP applications, including Fiori apps and APIs connecting SAP to the wider enterprise technology stack.
Background in programming and scripting, with a strong preference for experience in ABAP. Familiarity with JavaScript (for Fiori/UI5) and Java is also highly beneficial for securing modern SAP platforms.
Working knowledge of applying application security standards, such as the OWASP Top 10, specifically to the SAP ecosystem (e.g., Fiori applications, NetWeaver Gateway, Internet Communication Manager).
Proven ability to perform comprehensive risk analysis of the SAP landscape, leading to the documentation of specific risks and the design of mitigating controls within the SAP application and infrastructure layers, ideally utilizing tools like SAP GRC.
Deep understanding and practical application of threat modeling frameworks (e.g., STRIDE) to secure the end-to-end SAP architecture, from the core ERP to custom extensions and critical system integrations.
Expert knowledge of security design principles and architecture patterns for building and maintaining secure, large-scale SAP systems. Act as a role model for security excellence, promoting a culture of secure development and proactive risk management within the SAP technical and functional teams.
Demonstrate proactivity, transparency, and clear accountability for the identification, assessment, and management of security risks across the global SAP environment.
A fast learner and critical thinker with excellent problem-solving skills and the ability to present complex SAP security topics clearly to both technical and executive audiences.
Exceptional communication skills, both written and oral, with the ability to effectively convey security requirements and risks to a diverse group of global stakeholders.
By applying for this job, you agree to receive calls, AI-generated calls, text messages, or emails from Benchmark IT, LLC and its affiliates, and contracted partners. Frequency varies for text messages. Message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You can reply STOP to cancel and HELP for help. You can access our privacy policy here: bmarkits.com/privacy-policy
Never miss an opportunity! Create an alert based on the job you applied for.
.jpg?format=webp)