Security Consultant - SAP ABAP

Position : Security Consultant - Application Security (SAP ABAP)

Experience : 5-9 Years

Location : Bangalore, India

Job Summary :

We are seeking a highly skilled and experienced Security Consultant Application Security (SAP ABAP) to join our team in Bangalore. The ideal candidate will have 5-9 years of progressive experience, with a strong background in both SAP ABAP development and application security. You will be responsible for ensuring the security of our SAP landscape by applying secure coding practices, conducting code vulnerability assessments, and collaborating with cross-functional teams to mitigate application-level risks. This role requires a deep understanding of SAP security concepts and a proactive approach to integrating security into the development lifecycle.

Key Responsibilities :

Secure SAP ABAP Development :

- Design, develop, and maintain secure SAP ABAP objects, including Reports, SmartForms, BAPIs, BADIs, User Exits, and Enhancements.

- Apply secure coding principles to prevent common vulnerabilities such as code injection, SQL injection, RFC misuse, and unauthorized access.

- Conduct peer code reviews and enforce secure development standards across the SAP development team.

Application Security & Risk Management :

- Perform comprehensive ABAP code security assessments using static analysis tools like SAP Code Vulnerability Analyzer (CVA), Virtual Forge/Onapsis, and manual review techniques.

- Collaborate with SAP Security and Basis teams to identify, analyze, and remediate application-level risks.

- Support threat modeling and risk assessment activities for custom SAP applications and interfaces.

- Monitor SAP Security Notes (OSS), patches, and vulnerability disclosures for relevant updates and apply them proactively.

Governance & Collaboration :

- Provide expert guidance on authorization concepts (PFCG roles, object-level controls) and ensure they are correctly implemented within custom code.

- Align development practices with enterprise security policies, SOX, GDPR, and other internal and external compliance requirements.

- Contribute to the development of secure coding standards and integrate security throughout the SAP development lifecycle.

Required Skills & Qualifications :

Core Experience :

- 5-9 years of experience in the field of application security.

- 8+ years of hands-on experience with SAP ABAP development.

Technical Proficiency :

- Strong knowledge of SAP application security concepts, including roles, RFC security, and code-level security controls.

- Experience with SAP CVA, Virtual Forge/Onapsis, SCI/SLIN, or similar static code analysis tools.

- Familiarity with the OWASP Top 10 and SANS Top 25 vulnerabilities in SAP environments.

SAP Systems :

- Experience with ECC, S/4HANA, or industry-specific SAP IS modules.

Preferred Qualifications :

- Knowledge of SAP Fiori/UI5 security and ABAP backend integration.

- Experience with SAP GRC, Security Audit Logs, or firefighter access models.

- Relevant certifications such as SAP Certified Development Associate, SAP Security, or CISSP.

The candidate must be available for a Face-to-Face Interview at the IBM location (as required) and Day 1 Onsite Reporting is required post DOJ.