SAP Security Consultant

The SAP Security Production Support Contractor provides operational backfill support for SAP security across SAP ECC, BW, and SAP HANA Database environments. This role ensures secure, compliant, and uninterrupted access to SAP systems while supporting modern and hybrid platforms, including SAP S/4HANA, SAP Business Data Cloud (BDC), SAP BTP, SAP Cloud ALM, and SAP Cloud Identity Services.
 
Key Responsibilities
Production Support
Provide day‑to‑day SAP security production support for on-premise applications including ECC, BW, Solution Manager, GRC Access Control, and HANA
Perform non-production user administration (create, modify, terminate, lock/unlock users)
Maintain and troubleshoot SAP roles and authorizations (single, composite, derived)
Analyze and resolve authorization issues (SU53, authorization traces)
Support security transports, post‑refresh access validation, and cutover activities
Provide audit, SOX, and access review support and evidence
Support SAP HANA database security
Resolve SAP security incidents in alignment with SLAs
ERP Modernization Project
Provide security input during S/4HANA security model design including business roles, catalogs, and Fiori authorization concepts
Support security and access enablement during SAP BDC onboarding and implementation
Provide guidance on data access controls and least‑privilege principles aligned with data governance strategy
Support SAP BTP security setup during implementation, including subaccount access, role collections, and entitlements
Assist with identity federation and access integration between BTP, SAP Cloud Identity Services, and backend SAP systems
Support secure enablement of BTP services and custom applications from an authorization and access perspective
Support SSO and federation setup for S/4HANA, BTP, BDC, and Cloud ALM
Support Cloud Identity Services design and implementation activities, including authentication and provisioning models
Assist with user lifecycle strategy across SAP cloud systems
Support cutover and go‑live security readiness, including access provisioning, validation, and hypercare support
Provide access troubleshooting and stabilization during cloud onboarding, go‑live, and post‑implementation phases
Maintain operational documentation and knowledge transfer materials