SAP API Security Consultant

Position Title

Experience

Location

Notice Period:

Role Summary

The SAP API Security Consultant will own end-to-end API security architecture, risk assessments, implementation of secure integration standards, and governance across SAP landscapes. The role involves protecting SAP applications and data exchanged via APIs, ensuring compliance, encryption, identity management, and threat prevention.

Key Responsibilities

• Design, implement, and manage SAP API security frameworks and policies for internal and external integrations.
• Configure and secure SAP Cloud Platform Integration (CPI) / SAP API Management services.
• Implement authentication, authorization, and token-based access models (OAuth2.0, SAML, JWT).
• Conduct API threat modelling, risk analysis, and vulnerability assessments.
• Perform API auditing, logging, monitoring, and anomaly detection.
• Manage integration security for SAP S/4 HANA, SAP BTP, SCP APIs, SuccessFactors, Ariba, and other SAP cloud/on-prem modules.
• Support encryption, certificate management, key store handling, SSL/TLS setup, OAuth client configuration.
• Implement secure connectivity patterns (HTTPS, VPN, trusted communication, reverse proxies).
• Work with Basis / Security / Integration teams to align security practices.
• Maintain compliance with GDPR, SOX, ISO/IEC 27001, and enterprise security governance.
• Participate in incident response, root cause analysis, and forensic investigation for API breaches.
• Provide best practices, documentation, playbooks, and technical guidance to stakeholders.

Required Technical Skills

• 5+ years in SAP Security, preferably focused on API/Integration security.
• Hands-on experience in SAP API Management, SAP BTP Security, and SAP CPI.
• Strong understanding of OAuth2.0, SAML, JWT, OpenID Connect and access control models.
• Knowledge of SAP Gateway, SAP Fiori security, SAP XS security, and token management.
• Experience with TLS/SSL certificates, encryption, hashing, mutual authentication, PKI.
• Familiarity with Firewalls, Web Application Security, Reverse Proxy, API Gateway policies.
• Proficient in SAP Role-based access control (RBAC), Privilege designs, S/4 authorizations.
• Experience in API threat detection tools, monitoring dashboards, and log analytics (Splunk, ELK, SAP Alerting).

Preferred Skills / Good to Have

• SAP Security certifications (SAP Security, SAP BTP, SAP Integration Suite).
• Knowledge of DevSecOps pipeline security for API deployments.
• Experience in SAP Cloud Identity Services, SCIM provisioning, Azure AD/IDP integration.
• Knowledge of CIS/Owasp API Security Top-10.