In this role you'll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers) where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world. Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology
In this role you'll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers) where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world. Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology.
This role blends deep SAP ABAP technical skills with hands-on experience in identifying mitigating and preventing application-layer security vulnerabilities within SAP systems. You will work closely with SAP developers security architects and business stakeholders to ensure secure design development and deployment of SAP custom code and configurations across modules (ECC S/4HANA etc.)
• SAP ABAP Development & Code Security Design develop and maintain custom SAP ABAP objects (Reports SmartForms BAPIs BADIs User Exits Enhancements) in a secure and efficient manner.
• Apply secure coding practices to mitigate common ABAP vulnerabilities such as code injection SQL injection unauthorized access RFC misuse and insecure authorization checks.
• Perform peer code reviews and enforce secure development guidelines within the SAP development team.
Application Security & Risk Management
• Conduct security assessments of ABAP code using tools like SAP Code Vulnerability Analyzer (CVA) Virtual Forge/Onapsis and manual review techniques. Collaborate with SAP Security and Basis teams to identify and remediate application-level risks. Support threat modeling and risk analysis activities for SAP custom applications and interfaces.
• Monitor and manage security notes (SAP OSS) patches and vulnerability disclosures relevant to SAP applications and ABAP components
• Provide guidance on authorization design (PFCG roles object-level control) and ensure proper enforcement in custom code. Work closely with the Information Security team to align with security policies regulatory requirements (e.g. SOX GDPR) and internal controls.
• Contribute to the definition of secure coding standards and development lifecycle processes for SAP projects. Strong understanding of SAP application security concepts including roles/authorizations RFC security code-level security controls and transport-level controls.
• Experience with SAP CVA Virtual Forge/Onapsis SCI/SLIN or other static code analysis tools. Familiarity with OWASP Top 10 SANS Top 25 and how they apply to SAP environments. Experience with ECC S/4HANA or industry-specific solutions (SAP IS modules) is preferred.