SAP BTP Security Architect

Title :: SAP BTP Security Architect

Location :: Remote

Responsibilities

Security Architecture & Design

· Design and maintain secure architecture for SAP BTP services including:

· Cloud Foundry

· Kyma Runtime

· SAP Integration Suite

· SAP Extension Suite

· Define security patterns for multi-account, subaccount, and tenant-based BTP landscapes

· Architect secure cloud-to-cloud and cloud-to-on-premise integrations

· Identity & Access Management (IAM)

Architect and manage authentication and authorization using:

· SAP Identity Authentication Service (IAS)

· SAP Identity Provisioning Service (IPS)

· SAP BTP Authorization concepts (roles, role collections)

· Implement Single Sign-On (SSO) and Federated Identity (SAML 2.0, OAuth 2.0, OpenID Connect)

· Integrate SAP BTP security with corporate IdPs (Azure AD, Okta, etc.)

Application & Integration Security

· Secure REST APIs, events, and integrations within SAP BTP

· Define API security using OAuth scopes, XSUAA, certificates, and token-based authentication

· Ensure secure connectivity using SAP Cloud Connector and mTLS

Platform & Infrastructure Security

· Implement network security controls, trust configuration, and secure connectivity

· Apply secure configuration for BTP services and runtimes

· Define standards for secrets management and certificate lifecycle management

Governance, Risk & Compliance (GRC)

· Establish security standards, policies, and guardrails for SAP BTP

· Ensure compliance with regulatory frameworks (ISO 27001, SOC 2, GDPR, SOX, etc.)

· Support security audits, risk assessments, and penetration testing activities

DevSecOps & Monitoring

· Embed security into CI/CD pipelines for BTP applications

· Define secure coding and deployment guidelines

· Monitor security events using SAP and enterprise security tools and respond to incidents

Advisory & Stakeholder Collaboration

· Act as a trusted security advisor to architects, developers, and business stakeholders

· Provide guidance for secure extensions, custom developments, and modernization initiatives

· Stay current on SAP BTP security roadmap and emerging threats

Required Skills & Qualifications

Technical Skills

· Strong expertise in SAP BTP security architecture

· Hands-on experience with:

· SAP IAS / IPS

· XSUAA

· OAuth 2.0, SAML 2.0, OpenID Connect

· Deep understanding of cloud security principles (Zero Trust, least privilege)

· Experience securing SAP landscapes (S/4HANA, SuccessFactors, Ariba, etc.)

· Knowledge of API security, certificates, encryption, and key management

Cloud & Integration Knowledge

· Good understanding of cloud platforms (SAP BTP, Azure, AWS, or Google Cloud Platform)

· Experience with hybrid integrations and SAP Cloud Connector

· Familiarity with DevSecOps practices and CI/CD security

Certifications (Preferred)

· SAP Certified Technology Associate – SAP BTP

· SAP Security or SAP Cloud certifications

· Cloud security certifications (Azure Security Engineer, CISSP, CCSP – a plus)