SAP BTP Security Architect

ProCorp Systems Inc.
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English

Job location

Remote

Tech stack

SAP Cloud
Amazon Web Services (AWS)
Software System Penetration Testing
User Authentication
Azure
Cloud Computing
Cloud Computing Security
Cloud Foundry
Computer Security
Continuous Integration
Federated Identity Management
Identity and Access Management
Internet Security
Information Systems Security Architecture Professional
Key Management
Network Security
OAuth
Role-Based Access Control
Openid Connect
Azure
SuccessFactors
Zero Trust Network Access
Security Assertion Markup Language (SAML)
SAP Applications
SAP Security
Secure Coding
Single Sign-On
Systems Integration
Google Cloud Platform
Okta
Software Security
SAP Business Technology Platform
SAP S/4HANA
SAP Ariba
Cloud Integration
REST
Devsecops

Job description

Security Architecture & Design

· Design and maintain secure architecture for SAP BTP services including:

· Cloud Foundry

· Kyma Runtime

· SAP Integration Suite

· SAP Extension Suite

· Define security patterns for multi-account, subaccount, and tenant-based BTP landscapes

· Architect secure cloud-to-cloud and cloud-to-on-premise integrations

· Identity & Access Management (IAM)

Architect and manage authentication and authorization using:

· SAP Identity Authentication Service (IAS)

· SAP Identity Provisioning Service (IPS)

· SAP BTP Authorization concepts (roles, role collections)

· Implement Single Sign-On (SSO) and Federated Identity (SAML 2.0, OAuth 2.0, OpenID Connect)

· Integrate SAP BTP security with corporate IdPs (Azure AD, Okta, etc.)

Application & Integration Security

· Secure REST APIs, events, and integrations within SAP BTP

· Define API security using OAuth scopes, XSUAA, certificates, and token-based authentication

· Ensure secure connectivity using SAP Cloud Connector and mTLS

Platform & Infrastructure Security

· Implement network security controls, trust configuration, and secure connectivity

· Apply secure configuration for BTP services and runtimes

· Define standards for secrets management and certificate lifecycle management

Governance, Risk & Compliance (GRC)

· Establish security standards, policies, and guardrails for SAP BTP

· Ensure compliance with regulatory frameworks (ISO 27001, SOC 2, GDPR, SOX, etc.)

· Support security audits, risk assessments, and penetration testing activities

DevSecOps & Monitoring

· Embed security into CI/CD pipelines for BTP applications

· Define secure coding and deployment guidelines

· Monitor security events using SAP and enterprise security tools and respond to incidents

Advisory & Stakeholder Collaboration

· Act as a trusted security advisor to architects, developers, and business stakeholders

· Provide guidance for secure extensions, custom developments, and modernization initiatives

Requirements

Technical Skills

· Strong expertise in SAP BTP security architecture

· Hands-on experience with:

· SAP IAS / IPS

· XSUAA

· OAuth 2.0, SAML 2.0, OpenID Connect

· Deep understanding of cloud security principles (Zero Trust, least privilege)

· Experience securing SAP landscapes (S/4HANA, SuccessFactors, Ariba, etc.)

· Knowledge of API security, certificates, encryption, and key management

Cloud & Integration Knowledge

· Good understanding of cloud platforms (SAP BTP, Azure, AWS, or Google Cloud Platform)

· Experience with hybrid integrations and SAP Cloud Connector

· Familiarity with DevSecOps practices and CI/CD security

Certifications (Preferred)

· SAP Certified Technology Associate - SAP BTP

· SAP Security or SAP Cloud certifications

· Cloud security certifications (Azure Security Engineer, CISSP, CCSP - a plus)

Apply for this position