KATBOTZ LLC is an Equal Opportunity Employer. We provide equal employment opportunities to all qualified individuals, regardless of race, religion, gender, gender identity, age, marital status, national origin, sexual orientation, citizenship status, veteran status, disability, or any other legally protected status. As an organization, we are unwavering in our commitment to maintaining a discrimination-free work environment, and fostering a culture of inclusivity, belonging and equal opportunity for all employees and applicants.
SAP Security & Authorization Consultant
Location
Worldwide
Posted
8 days ago
Salary
0
Seniority
Mid Level
Job Description
SAP Security & Authorization Consultant
KATBOTZ LLC
Role Description This is a remote position. KATBOTZ LLC is seeking an experienced SAP Security & Authorization Consultant to support SAP GROW (SAP S/4HANA Public Cloud) implementation and transformation initiatives. The ideal candidate will possess deep expertise in SAP security design, role-based access control, authorization concepts, segregation of duties (SoD), identity management, and compliance requirements within SAP cloud environments. The consultant will work closely with: - Business stakeholders - Functional consultants - Project teams - Auditors - Security architects Key Responsibilities: - Security Design & Authorization Management - Design and implement SAP security and authorization frameworks for SAP S/4HANA Public Cloud. - Define role-based access control (RBAC) models aligned with business processes. - Configure and maintain: - Business Roles - Business Catalogs - Business Spaces - Authorization Assignments - Fiori Launchpad Access - User Access Controls - Ensure secure access to SAP applications and business processes. - SAP GROW Security Implementation - Support security design during Fit-to-Standard workshops. - Define authorization concepts aligned with SAP Best Practices. - Support SAP Central Business Configuration (CBC) security requirements. - Implement security models that support SAP clean-core strategies. - Compliance & Risk Management - Perform Segregation of Duties (SoD) assessments. - Identify and mitigate security and compliance risks. - Support audit and compliance requirements. - Ensure adherence to internal controls and governance policies. - Develop security documentation and access control procedures. - Identity & Access Management - Support integration with: - SAP Identity Authentication Service (IAS) - SAP Identity Provisioning Service (IPS) - Corporate Identity Providers - Single Sign-On (SSO) Solutions - Manage user provisioning, deprovisioning, and access reviews. - Support role testing and user acceptance activities. - Support & Optimization - Troubleshoot authorization and access-related issues. - Support quarterly SAP Public Cloud releases and regression testing. - Conduct security reviews and role optimization exercises. - Provide post-go-live support and hypercare. Qualifications - Bachelor's degree in Information Technology, Cybersecurity, Computer Science, Business Systems, or related field. - 5+ years of SAP Security and Authorization experience. - Experience supporting SAP S/4HANA or SAP GROW implementations. - Strong expertise in: - SAP Security & Authorizations - Role Design - Fiori Security - Role-Based Access Control (RBAC) - Segregation of Duties (SoD) - User Access Management - Strong understanding of SAP Public Cloud security concepts. - Experience working with auditors and compliance teams. - Excellent analytical and problem-solving skills. - Strong communication and stakeholder management abilities. Preferred Qualifications - SAP Security Certification. - Experience with: - SAP GROW - SAP S/4HANA Public Cloud - SAP Identity Authentication Service (IAS) - SAP Identity Provisioning Service (IPS) - SAP Cloud Identity Services - SAP GRC Access Control - SAP BTP Security - Single Sign-On (SSO) - Experience supporting global and multi-country deployments. - Knowledge of compliance frameworks and audit controls. Key Skills - SAP Security & Authorizations - SAP GROW - SAP S/4HANA Public Cloud - Role-Based Access Control (RBAC) - Segregation of Duties (SoD) - SAP Fiori Security - SAP Identity Authentication Service (IAS) - SAP Identity Provisioning Service (IPS) - User Access Management - SAP Cloud Identity Services - Compliance & Audit Controls - Security Governance Benefits - Competitive compensation package - Opportunities for professional development and career advancement. - Flexible working conditions, with remote options available. - Dynamic and supportive work environment. Company Description KATBOTZ LLC is an Equal Opportunity Employer. We provide equal employment opportunities to all qualified individuals, regardless of race, religion, gender, gender identity, age, marital status, national origin, sexual orientation, citizenship status, veteran status, disability, or any other legally protected status. As an organization, we are unwavering in our commitment to maintaining a discrimination-free work environment, and fostering a culture of inclusivity, belonging and equal opportunity for all employees and applicants.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Act as the bridge between architectural intent and operational reality; mediate conflicts between security requirements and feasible implementation, propose compensating controls where gaps exist and help register, track and remediate residual risks. • Implement preventive, default-on security controls across cloud and enterprise environments, codified as policy- and infrastructure-as-code so security is enforced by design, including controls that govern how AI tools and models may be used. • Implement and enforce identity and access controls to an agreed standard, including access boundaries for AI systems and non-human/agent identities by partnering with Platform Engineering and IT to align tooling and policy to the architecture. • Assist in maintaining the InfoSec risk register; track emerging threats and translate them into actionable guidance for engineering teams. • Support third-party and vendor risk assessments, with a focus on vendors who process data through AI pipelines. • Automate repetitive security workflows (evidence collection, access reviews, alert enrichment) and build or operate AI-assisted security agents — with human-in-the-loop approval gates, least-privilege credentials, and explicit attention to each agent's own blast radius. • Integrate security tooling (SIEM, CSPM, DAST/SAST, vulnerability scanners) with LLM layers to surface actionable insight and automated responses. • Define and enforce security requirements for AI-powered features: model access controls, prompt-injection mitigations, output validation, and data-handling boundaries. • Conduct threat modelling on agentic and LLM-based systems, accounting for novel attack surfaces such as tool misuse, indirect prompt injection, and supply chain risk.
• Act as the bridge between architectural intent and operational reality; mediate conflicts between security requirements and feasible implementation, propose compensating controls where gaps exist and help register, track and remediate residual risks. • Implement preventive, default-on security controls across cloud and enterprise environments, codified as policy- and infrastructure-as-code so security is enforced by design, including controls that govern how AI tools and models may be used. • Implement and enforce identity and access controls to an agreed standard, including access boundaries for AI systems and non-human/agent identities by partnering with Platform Engineering and IT to align tooling and policy to the architecture. • Assist in maintaining the InfoSec risk register; track emerging threats and translate them into actionable guidance for engineering teams. • Support third-party and vendor risk assessments, with a focus on vendors who process data through AI pipelines. • Automate repetitive security workflows (evidence collection, access reviews, alert enrichment) and build or operate AI-assisted security agents — with human-in-the-loop approval gates, least-privilege credentials, and explicit attention to each agent's own blast radius. • Integrate security tooling (SIEM, CSPM, DAST/SAST, vulnerability scanners) with LLM layers to surface actionable insight and automated responses. • Define and enforce security requirements for AI-powered features: model access controls, prompt-injection mitigations, output validation, and data-handling boundaries. • Conduct threat modelling on agentic and LLM-based systems, accounting for novel attack surfaces such as tool misuse, indirect prompt injection, and supply chain risk.
• Act as the bridge between architectural intent and operational reality; mediate conflicts between security requirements and feasible implementation, propose compensating controls where gaps exist and help register, track and remediate residual risks. • Implement preventive, default-on security controls across cloud and enterprise environments, codified as policy- and infrastructure-as-code so security is enforced by design, including controls that govern how AI tools and models may be used. • Implement and enforce identity and access controls to an agreed standard, including access boundaries for AI systems and non-human/agent identities by partnering with Platform Engineering and IT to align tooling and policy to the architecture. • Assist in maintaining the InfoSec risk register; track emerging threats and translate them into actionable guidance for engineering teams. • Support third-party and vendor risk assessments, with a focus on vendors who process data through AI pipelines. • Automate repetitive security workflows (evidence collection, access reviews, alert enrichment) and build or operate AI-assisted security agents — with human-in-the-loop approval gates, least-privilege credentials, and explicit attention to each agent's own blast radius. • Integrate security tooling (SIEM, CSPM, DAST/SAST, vulnerability scanners) with LLM layers to surface actionable insight and automated responses. • Define and enforce security requirements for AI-powered features: model access controls, prompt-injection mitigations, output validation, and data-handling boundaries. • Conduct threat modelling on agentic and LLM-based systems, accounting for novel attack surfaces such as tool misuse, indirect prompt injection, and supply chain risk.
• Act as the bridge between architectural intent and operational reality; mediate conflicts between security requirements and feasible implementation, propose compensating controls where gaps exist and help register, track and remediate residual risks. • Implement preventive, default-on security controls across cloud and enterprise environments, codified as policy- and infrastructure-as-code so security is enforced by design, including controls that govern how AI tools and models may be used. • Implement and enforce identity and access controls to an agreed standard, including access boundaries for AI systems and non-human/agent identities by partnering with Platform Engineering and IT to align tooling and policy to the architecture. • Assist in maintaining the InfoSec risk register; track emerging threats and translate them into actionable guidance for engineering teams. • Support third-party and vendor risk assessments, with a focus on vendors who process data through AI pipelines. • Automate repetitive security workflows (evidence collection, access reviews, alert enrichment) and build or operate AI-assisted security agents — with human-in-the-loop approval gates, least-privilege credentials, and explicit attention to each agent's own blast radius. • Integrate security tooling (SIEM, CSPM, DAST/SAST, vulnerability scanners) with LLM layers to surface actionable insight and automated responses. • Define and enforce security requirements for AI-powered features: model access controls, prompt-injection mitigations, output validation, and data-handling boundaries. • Conduct threat modelling on agentic and LLM-based systems, accounting for novel attack surfaces such as tool misuse, indirect prompt injection, and supply chain risk.
