SAP Security Engineer

ABOUT THE ROLE:

Functionally reporting to the Head of Security and Privacy Engineering as part of the Security Engineering group. Individuals will contribute to security implementations, technical activities, and as embedded support for the security platform areas. This role will help to ensure security requirements and provide guidance on best practices across a diverse technology stack while ensuring security providence throughout the organization.

 

FUNCTIONAL RESPONSIBILITIES:

• Participate in the design, build, and implementation of security controls across CI/CD pipelines including SAP transport landscapes, ensuring security guardrails and remediation of risk and vulnerabilities in a timely manner.
• Work with platforms to ensure SAP environments including S/4HANA, NetWeaver ECC, and Solution Manager with an emphasis on system hardening, configuration baselines, and continuous validation as part of SSDLC.
• Support with Identity and Access Management governance including role design, segregation, service accounts, and best practices
• Provide guidance and technical understanding on SAP related remediations using tooling like Security bridge including aiding in investigation and risk assessment while validating fixes in collaboration with SAP Security teams.
• Assist in auditing, and continuous improvement of SAP systems.
• Participate actively in the engineer community led by METRO Corporate Information Security to define best practices, align way-of-working, prioritize and execute on the needed activities across SAP platforms, modules, and environments.

- Practical experience in security hardening of SAP applications
- Hands-on experience in SAP applications parametrization (ABAP, JAVA, SAPROUTER, WEBDISPATCHER, etc.)
- Knowledge of basic technical tools e.g. RSPFPAR, RZ10, SM69, SM50/SM51, SM19/SM20, RSAU_*
- Knowledge of SAP HANA DB (Oracle, Sybase is a +), components and security aspects
- basic knowledge of Linux, Windows servers and their security
- basic knowledge of network security and protocols
- Practical experience in security investigations within SAP applications
- Hands-on experience in implementation of security measures within complex SAP landscape based on SAP Security Baseline

SAP security experience in one, or more of the following:

• Hands on experience with various authorization concepts, roles, duties, and privileged access concepts.
• Experience integrating SAP security checks into delivery workflows, including SAP transport pipelines utilizing CI/CD patterns and third-party tooling such as Security Bridge
• Experience designing, refining and teaching security baselines for SAP systems.
• Experience securing SAP workloads in cloud environments, in conjunction with Cloud engineers.
• Experience working with and investigating systems as part of incident response.
• Experience designing and enforcing secure baseline configurations including security parameters, interface hardening, transport and change controls, security alignment and identity and access foundations.

And:

• Experience with LLMs, AI, and agentic coding platforms such as Github Co-pilot, Gemini, or Claude Code.
• Proven experience as a security subject-matter expert, mentoring and raising awareness to security mandates.