Job Description
- Design and implement SAP Identity Authentication Service (IAS) and Identity Provisioning Service (IPS) architectures
- Integrate SAP BTP with corporate IdPs (Azure AD, Entra ID, AD, LDAP, SAML, OAuth2, OpenID Connect) - Configure Single Sign-On (SSO), MFA, Conditional Access, and Trust configurations
- Manage user lifecycle, role mapping, and automated provisioning/de-provisioning across SAP systems Security & Compliance
- Implement and govern SAP Cloud Identity Services (CIS) best practices
- Define security standards for BTP applications, APIs, AI services, and integrations
- Support compliance requirements (ISO 27001, GDPR, SOC, internal security policies)
- Conduct security reviews, risk assessments, and audits for SAP BTP landscapes BTP & AI Enablement
- Secure AI-enabled SAP services (., SAP AI Core, AI Launchpad, Joule, custom AI apps on BTP)
- Ensure secure access to APIs, data, and AI models using OAuth2, XSUAA, and service bindings
- Collaborate with SAP architects, AI teams, and developers to embed security by design Operations & Governance
- Monitor and troubleshoot authentication, provisioning, and authorization issues
- Establish identity governance, access reviews, and logging/monitoring strategies
- Create security documentation, standards, and operational runbooks
Qualifications
- At least 6 years in SAP Security with strong hands-on experience in SAP BTP
- Deep expertise in IAS, IPS, and SAP Cloud Identity Services (CIS)
- Strong knowledge of SAML 2.0, OAuth 2.0, OpenID Connect, JWT, X.509
- Experience integrating SAP with Azure AD / Entra ID
- Solid understanding of BTP security services (XSUAA, Destination Service, API Management)
- Familiarity with SAP GRC, audit processes, and regulatory frameworks
