SAP Security Engineer, Ford Energy

Ford Motor Company
Dearborn, United States of America
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate

Job location

Dearborn, United States of America

Tech stack

SAP Cloud
User Authentication
Cloud Computing Security
Cloud Engineering
Computer Security
Databases
System Configuration
Multi-Factor Authentication
Federated Identity Management
Identity and Access Management
Information Systems Security Architecture Professional
Network Security
Azure
SAP Applications
SAP Business Suiteing
SAP GRC
SAP HANA
SAP Project System
SAP Security
Security Information and Event Management
Single Sign-On
User Provisioning Software
Enterprise Software Applications
RISE with SAP
SAP Business Technology Platform
SAPBasis
Information Technology
SAP S/4HANA
Microsoft Sentinel
SAP Enterprise Threat Detection (ETD)
Vulnerability Analysis

Job description

We are seeking an SAP Security Specialist (GSR Level) with deep expertise in SAP Identity Access Governance (IAG) and public cloud SAP deployments. In this role, you will be responsible for designing, implementing, and maintaining robust security architectures and access controls across our SAP landscape, ensuring secure migration and operations of critical enterprise systems hosted in public cloud environments., SAP Cloud Security & Governance: Design, configure, and maintain secure access controls and segregation of duties (SoD) policies using SAP Identity Access Governance (IAG) and SAP Cloud Identity Services (IAS/IPS).

Public Cloud SAP Deployments: Partner with infrastructure and cloud engineering teams to secure SAP landscapes (such as SAP S/4HANA, BTP, and RISE with SAP) hosted on public cloud platforms.

Identity & Access Management (IAM): Implement and optimize user provisioning, single sign-on (SSO), multi-factor authentication (MFA), and federated identity flows between SAP systems, public clouds, and enterprise identity providers (e.g., Microsoft Entra ID).

Vulnerability & Compliance Monitoring: Conduct regular vulnerability assessments, security audits, and configuration reviews of public cloud SAP infrastructure and database layers (HANA security).

Policy & Control Enforcement: Translate corporate cybersecurity requirements into concrete SAP security baselines, ensuring compliance with internal policies and external regulatory standards (e.g., SOC 2, ISO 27001).

Role Design & Administration: Define, build, and audit SAP business roles, authorization objects, and emergency access management (Firefighter) procedures to maintain a least-privilege security posture.

Incident Support & Remediation: Act as the subject matter expert for SAP-related security incidents, assisting in rapid investigation, forensic analysis, and the implementation of permanent remediation measures.

Collaboration: Work closely with SAP functional teams, enterprise GRC analysts, cloud architecture teams, and external integration partners to ensure secure-by-design SAP deployments.

Requirements

Experience: Minimum of 3-5 years of dedicated experience in SAP Security, including hands-on experience with SAP GRC or SAP Identity Access Governance (IAG).

Cloud Security: Demonstrated experience securing SAP workloads deployed in public cloud environments, including a strong understanding of cloud infrastructure security, network security groups, and IAM policies.

Access Management Tools: Practical experience implementing and configuring SAP Cloud Identity Services (Identity Authentication / Identity Provisioning) and enterprise IAM solutions.

SAP Authorization Concepts: Deep technical knowledge of SAP security architectures, authorization objects, role design (single, composite, and derived roles), and Segregation of Duties (SoD) analysis.

Education: Bachelor's or Master's degree in Computer Science, Information Technology, Cybersecurity, or a related technical field, or equivalent related work experience.

Preferred

SAP Certified Technology Associate - SAP System Security and Authorizations, or cloud-specific security certifications.

Hands-on experience with SAP Business Technology Platform (BTP) security configurations and RISE with SAP compliance frameworks.

Experience in highly regulated industries such as Renewable Energy, Automotive, or manufacturing operations.

Experience configuring SAP Enterprise Threat Detection (ETD) or integrating SAP security logs with enterprise SIEM platforms (e.g., Microsoft Sentinel, SCC, Elastic).

Leadership Attributes

A collaborative, detail-oriented technical expert capable of navigating complex enterprise systems and driving secure cloud modernization strategies.

Location & Travel

Location: Dearborn, MI- This position is hybrid-friendly for candidates with a proven ability to deliver results in a flexible environment.

Benefits & conditions

Travel Expectations: Occasional travel to support suppliers, test houses, and customer sites

Company: As Ford establishes a wholly owned subsidiary focused on Battery Energy Storage Systems, this role will initially be employed by Ford and is expected to transition to the subsidiary within one year.

Why Ford Energy? At Ford Energy, you have the backing of an industrial manufacturing powerhouse with the agility of a dedicated energy startup offering industry-leading technology. We offer a competitive compensation package including performance-based bonuses, Ford vehicle discounts, and the opportunity to shape the energy strategy of one of the world's most iconic brands.

About the company

At Ford, you'll work on ideas that matter, alongside passionate people who want to make a global impact. Together, we're shaping the next era of transportation-grounded in purpose, driven by progress. Make your move.

Apply for this position