SAP Security Consultant

job summary:

Scope of Work

Summary



SAP Consultant with over 12 years of experience architecting and implementing comprehensive security frameworks across SAP ECC, CRM, BW, Portal, S/4HANA, BW/4HANA, and SAP BTP environments. Deeply skilled in Fiori authorization design, GRC Access Control (ARA/EAM/ARM), segregation of duties (SoD) analysis, HANA database security, and integration with enterprise IAM platforms. Demonstrated ability to translate business requirements into secure, scalable, and audit-compliant role designs while collaborating with cross-functional teams through project delivery and support. Adept at ensuring end-to-end governance and compliance across hybrid SAP landscapes.



Required Consultant Experience

• Minimum of 10 years of SAP experience supporting ECC, BW, CRM, and transitioning to S/4HANA, BW/4HANA, and Fiori.



• Expertise in role-based access control for both technical and business end-users in S/4HANA and BW/4HANA.



• Proficient in Fiori/UI5 security design: catalogs, groups, OData services, and business roles.



• Experience troubleshooting Fiori authorization issues using SAP tools and SAP Notes.



• Strong hands-on skills in SAP security tools: SU24, SU25, SUIM, SU53, STAUTHTRACE.



• Implementation of BW/4HANA analysis authorizations and row-level data controls.



• Deep knowledge of SAP HANA DB security (including encryption, audit policies, and SQL-level controls).



• Integration of SAP with third-party IAM tools (e.g., Azure AD, SailPoint, Saviynt) via SCIM, SAML, OAuth, and IPS.



• Extensive experience with SAP BTP security across Launchpad Service, SAP Build Work Zone, CAP, and SAC.



• Configure and manage IAS/IPS for identity provisioning and SSO federation.



• Design secure hybrid architecture integrating on-prem SAP systems with BTP.



• GRC Access Control implementation (ARA, ARM, EAM) including SoD analysis and access review processes.



• Familiarity with IRS 1075 (FTI) and OCSE audit controls and compliance requirements.

Duties and Responsibilities

• Design, develop, and maintain SAP roles and authorizations across S/4HANA, ECC, BW/4HANA, CRM, and Portal systems.



• Perform security readiness and impact assessments for migrations to S/4HANA and HANA DB platforms.



• Provide SAP Security support across all modules and landscapes (on-prem and cloud).



• Implement and support SAP Fiori/UI5 security including catalog, group, OData service, and semantic object configurations.



• Perform backend role design including transaction codes, Web Dynpro, CRM Web UI, and OData.



• Troubleshoot Fiori applications and perform error log analysis for missing services and backend authorizations.



• Configure and manage IAS/IPS for BTP authentication and provisioning and ensure secure identity federation.



• Maintain and support SAP GRC Access Control modules (ARA, ARM, EAM), including provisioning and access reviews.



• Conduct SoD risk analysis, support internal/external audits, and address compliance findings.



• HANA DB security including role design, encryption configuration, and audit policy implementation.



• Support integration with IAM platforms using SCIM, SAML 2.0, OAuth 2.0, and APIs.



• Establish secure trust and connectivity between SAP on-prem systems and BTP environments.



• Design and maintain hybrid identity architecture integrating AD, GRC, IAS/IPS, and SAP systems.



• Configure and support Central User Administration (CUA) and Single Sign-On (SSO).



• Perform system measurements and support SAP licensing audits.



• Review and revise SAP access roles to ensure separation of duties and compliance.



• Create and maintain security-related documentation including technical designs, SOPs, and audit artifacts.



• Support project managers with estimation, ticket tracking, and deliverables.



• Monitor security alerts and participate in remediation of EarlyWatch and security scan reports.



• Provide off-hours, weekend, holiday, and 24/7 on-call SAP Security support as required.

Education and Certifications

• Bachelor's degree in computer science, MIS, or related field (or equivalent work experience).
  
  



• Preferred: SAP System & Security Certifications, ITIL Foundation.



• Preferred Security Certifications: CISA or CISSP.



• Experience with Florida DOR CAMS or SUNTAX projects is a plus.

location: Tallahassee, Florida

job type: Contract

salary: $70 - 80 per hour

work hours: 8am to 5pm

education: No Degree Required



responsibilities:

Scope of Work

Summary



SAP Consultant with over 12 years of experience architecting and implementing comprehensive security frameworks across SAP ECC, CRM, BW, Portal, S/4HANA, BW/4HANA, and SAP BTP environments. Deeply skilled in Fiori authorization design, GRC Access Control (ARA/EAM/ARM), segregation of duties (SoD) analysis, HANA database security, and integration with enterprise IAM platforms. Demonstrated ability to translate business requirements into secure, scalable, and audit-compliant role designs while collaborating with cross-functional teams through project delivery and support. Adept at ensuring end-to-end governance and compliance across hybrid SAP landscapes.



Required Consultant Experience

• Minimum of 10 years of SAP experience supporting ECC, BW, CRM, and transitioning to S/4HANA, BW/4HANA, and Fiori.



• Expertise in role-based access control for both technical and business end-users in S/4HANA and BW/4HANA.



• Proficient in Fiori/UI5 security design: catalogs, groups, OData services, and business roles.



• Experience troubleshooting Fiori authorization issues using SAP tools and SAP Notes.



• Strong hands-on skills in SAP security tools: SU24, SU25, SUIM, SU53, STAUTHTRACE.



• Implementation of BW/4HANA analysis authorizations and row-level data controls.



• Deep knowledge of SAP HANA DB security (including encryption, audit policies, and SQL-level controls).



• Integration of SAP with third-party IAM tools (e.g., Azure AD, SailPoint, Saviynt) via SCIM, SAML, OAuth, and IPS.



• Extensive experience with SAP BTP security across Launchpad Service, SAP Build Work Zone, CAP, and SAC.



• Configure and manage IAS/IPS for identity provisioning and SSO federation.



• Design secure hybrid architecture integrating on-prem SAP systems with BTP.



• GRC Access Control implementation (ARA, ARM, EAM) including SoD analysis and access review processes.



• Familiarity with IRS 1075 (FTI) and OCSE audit controls and compliance requirements.

Duties and Responsibilities

• Design, develop, and maintain SAP roles and authorizations across S/4HANA, ECC, BW/4HANA, CRM, and Portal systems.



• Perform security readiness and impact assessments for migrations to S/4HANA and HANA DB platforms.



• Provide SAP Security support across all modules and landscapes (on-prem and cloud).



• Implement and support SAP Fiori/UI5 security including catalog, group, OData service, and semantic object configurations.



• Perform backend role design including transaction codes, Web Dynpro, CRM Web UI, and OData.



• Troubleshoot Fiori applications and perform error log analysis for missing services and backend authorizations.



• Configure and manage IAS/IPS for BTP authentication and provisioning and ensure secure identity federation.



• Maintain and support SAP GRC Access Control modules (ARA, ARM, EAM), including provisioning and access reviews.



• Conduct SoD risk analysis, support internal/external audits, and address compliance findings.



• HANA DB security including role design, encryption configuration, and audit policy implementation.



• Support integration with IAM platforms using SCIM, SAML 2.0, OAuth 2.0, and APIs.



• Establish secure trust and connectivity between SAP on-prem systems and BTP environments.



• Design and maintain hybrid identity architecture integrating AD, GRC, IAS/IPS, and SAP systems.



• Configure and support Central User Administration (CUA) and Single Sign-On (SSO).



• Perform system measurements and support SAP licensing audits.



• Review and revise SAP access roles to ensure separation of duties and compliance.



• Create and maintain security-related documentation including technical designs, SOPs, and audit artifacts.



• Support project managers with estimation, ticket tracking, and deliverables.



• Monitor security alerts and participate in remediation of EarlyWatch and security scan reports.



• Provide off-hours, weekend, holiday, and 24/7 on-call SAP Security support as required.

Education and Certifications

• Bachelor's degree in computer science, MIS, or related field (or equivalent work experience).
  
  



• Preferred: SAP System &am