Security Consultant-Application Security

• SAP ABAP Development & Code Security, Design, develop, and maintain custom SAP ABAP objects (Reports, SmartForms, BAPIs, BADIs, User Exits, Enhancements) in a secure and efficient manner.
• Apply secure coding practices to mitigate common ABAP vulnerabilities such as code injection, SQL injection, unauthorized access, RFC misuse, and insecure authorization checks.• Perform peer code reviews and enforce secure development guidelines within the SAP development team.Application Security & Risk Management• Conduct security assessments of ABAP code using tools like SAP Code Vulnerability Analyzer (CVA), Virtual Forge/Onapsis, and manual review techniques. Collaborate with SAP Security and Basis teams to identify and remediate application-level risks. Support threat modeling and risk analysis activities for SAP custom applications and interfaces.• Monitor and manage security notes (SAP OSS), patches, and vulnerability disclosures relevant to SAP applications and ABAP components

• Provide guidance on authorization design (PFCG roles, object-level control) and ensure proper enforcement in custom code. Work closely with the Information Security team to align with security policies, regulatory requirements (e.g., SOX, GDPR), and internal controls.
• Contribute to the definition of secure coding standards and development lifecycle processes for SAP projects. Strong understanding of SAP application security concepts, including roles/authorizations, RFC security, code-level security controls, and transport-level controls.• Experience with SAP CVA, Virtual Forge/Onapsis, SCI/SLIN, or other static code analysis tools. Familiarity with OWASP Top 10, SANS Top 25, and how they apply to SAP environments. Experience with ECC, S/4HANA, or industry-specific solutions (SAP IS modules) is preferred.