Sap Security Engineer-BTP

Summary: The role of SAP Security Engineer-BTP focuses on designing and maintaining secure architecture for SAP BTP services, ensuring compliance with security standards, and integrating security measures across various platforms. The position requires collaboration with stakeholders to provide security guidance and embed security practices within development processes. The engineer will also be responsible for managing identity and access, application security, and governance related to SAP BTP. This role is remote and emphasizes a strong technical background in SAP security architecture and cloud security principles.

Key Responsibilities:

• Design and maintain secure architecture for SAP BTP services including Cloud Foundry, Kyma Runtime, SAP Integration Suite, and SAP Extension Suite.
• Define security patterns for multi-account, subaccount, and tenant-based BTP landscapes.
• Architect secure cloud-to-cloud and cloud-to-on-premise integrations.
• Architect and manage authentication and authorization using SAP Identity Authentication Service (IAS), SAP Identity Provisioning Service (IPS), and SAP BTP Authorization concepts.
• Implement Single Sign-On (SSO) and Federated Identity (SAML 2.0, OAuth 2.0, OpenID Connect).
• Integrate SAP BTP security with corporate IdPs (Azure AD, Okta, etc.).
• Secure REST APIs, events, and integrations within SAP BTP.
• Define API security using OAuth scopes, XSUAA, certificates, and token-based authentication.
• Ensure secure connectivity using SAP Cloud Connector and mTLS.
• Implement network security controls, trust configuration, and secure connectivity.
• Apply secure configuration for BTP services and runtimes.
• Define standards for secrets management and certificate lifecycle management.
• Establish security standards, policies, and guardrails for SAP BTP.
• Ensure compliance with regulatory frameworks (ISO 27001, SOC 2, GDPR, SOX, etc.).
• Support security audits, risk assessments, and penetration testing activities.
• Embed security into CI/CD pipelines for BTP applications.
• Define secure coding and deployment guidelines.
• Monitor security events using SAP and enterprise security tools and respond to incidents.
• Act as a trusted security advisor to architects, developers, and business stakeholders.
• Provide guidance for secure extensions, custom developments, and modernization initiatives.
• Stay current on SAP BTP security roadmap and emerging threats.

Key Skills:

• Strong expertise in SAP BTP security architecture.
• Hands-on experience with SAP IAS / IPS, XSUAA, OAuth 2.0, SAML 2.0, OpenID Connect.
• Deep understanding of cloud security principles (Zero Trust, least privilege).
• Experience securing SAP landscapes (S/4HANA, SuccessFactors, Ariba, etc.).
• Knowledge of API security, certificates, encryption, and key management.
• Good understanding of cloud platforms (SAP BTP, Azure, AWS, or Google Cloud Platform).
• Experience with hybrid integrations and SAP Cloud Connector.
• Familiarity with DevSecOps practices and CI/CD security.
• SAP Certified Technology Associate – SAP BTP (preferred).
• SAP Security or SAP Cloud certifications (preferred).
• Cloud security certifications (Azure Security Engineer, CISSP, CCSP – a plus).

Salary (Rate): undetermined

City: undetermined

Country: undetermined

Working Arrangements: remote

IR35 Status: undetermined

Seniority Level: undetermined

Industry: IT