SAP Security Architect

*****NEED PROFILES***** Job Description: SAP Security Architect – BTP Location: Rosemead, CA Duration: 6 months Key Responsibilities Security Architecture & Design • Design and maintain secure architecture for SAP BTP services including: o Cloud Foundry o Kyma Runtime o SAP Integration Suite o SAP Extension Suite • Define security patterns for multi-account, subaccount, and tenant-based BTP landscapes • Architect secure cloud-to-cloud and cloud-to-on-premise integrations Identity & Access Management (IAM) • Architect and manage authentication and authorization using: o SAP Identity Authentication Service (IAS) o SAP Identity Provisioning Service (IPS) o SAP BTP Authorization concepts (roles, role collections) • Implement Single Sign-On (SSO) and Federated Identity (SAML 2.0, OAuth 2.0, OpenID Connect) • Integrate SAP BTP security with corporate IdPs (Azure AD, Okta, etc.) Application & Integration Security • Secure REST APIs, events, and integrations within SAP BTP • Define API security using OAuth scopes, XSUAA, certificates, and token-based authentication • Ensure secure connectivity using SAP Cloud Connector and mTLS Platform & Infrastructure Security • Implement network security controls, trust configuration, and secure connectivity • Apply secure configuration for BTP services and runtimes • Define standards for secrets management and certificate lifecycle management Governance, Risk & Compliance (GRC) • Establish security standards, policies, and guardrails for SAP BTP • Ensure compliance with regulatory frameworks (ISO 27001, SOC 2, GDPR, SOX, etc.) • Support security audits, risk assessments, and penetration testing activities DevSecOps & Monitoring • Embed security into CI/CD pipelines for BTP applications • Define secure coding and deployment guidelines • Monitor security events using SAP and enterprise security tools and respond to incidents Required Skills & Qualifications Technical Skills • Strong expertise in SAP BTP security architecture • Hands-on experience with: o SAP IAS / IPS o XSUAA o OAuth 2.0, SAML 2.0, OpenID Connect • Deep understanding of cloud security principles (Zero Trust, least privilege) • Experience securing SAP landscapes (S/4HANA, SuccessFactors, Ariba, etc.) • Knowledge of API security, certificates, encryption, and key management Cloud & Integration Knowledge • Good understanding of cloud platforms (SAP BTP, Azure, AWS, or GCP) • Experience with hybrid integrations and SAP Cloud Connector • Familiarity with DevSecOps practices and CI/CD security Certifications (Preferred) • SAP Certified Technology Associate – SAP BTP • SAP Security or SAP Cloud certifications • Cloud security certifications (Azure Security Engineer, CISSP, CCSP – a plus)    Rahul Mehra [Upgrade to PRO to see contact]