SAP Security Engineer (GRC – Technical)
About The Position
Bright Vision Technologies is seeking a skilled SAP Security Engineer (GRC – Technical) to join their dynamic team. This role involves designing, implementing, and operating security and access-control frameworks for complex SAP landscapes, including S/4HANA, ECC, BW/4HANA, Fiori, BTP, and SuccessFactors. The ideal candidate will have deep expertise in SAP authorization concepts and strong hands-on experience with SAP GRC Access Control and Process Control, partnering with audit, compliance, and business teams to ensure a secure and auditable SAP environment. This is a 100% remote, full-time, direct W2 position with Bright Vision Technologies, offering long-term engagement and career growth potential.
Requirements
- Bachelor’s degree in Computer Science, Engineering, or a related technical discipline.
- Five or more years of SAP Security / GRC experience in enterprise landscapes.
- Strong hands-on experience with SAP authorization concepts and role design.
- Deep experience operating SAP GRC Access Control (ARA, ARM, BRM, EAM).
- Experience supporting SAP audits and remediation activities.
- Hands-on experience securing Fiori, BTP, and cloud SAP applications.
- Familiarity with SAP IDM or third-party IGA tooling.
- Working knowledge of SAP Process Control.
- Strong understanding of regulatory frameworks such as SOX, GxP, and PCI.
- Excellent communication and documentation skills.
Nice To Haves
- SAP-certified Security or GRC credentials.
- Experience with SAP Cloud Identity services (IAS, IPS) and SCIM-based integrations.
- Familiarity with HANA security and analytic privileges.
- Experience with continuous controls monitoring frameworks.
- Exposure to SAP RISE / Grow security operating models.
Responsibilities
- Design and maintain SAP authorization concepts and role structures aligned with business processes and least-privilege principles.
- Build and maintain master, derived, composite, and business roles for S/4HANA, ECC, and Fiori applications.
- Configure and operate SAP GRC Access Control (ARA, ARM, BRM, EAM), including ruleset management, mitigating controls, and emergency access management.
- Perform segregation-of-duties analysis and remediation in collaboration with business process owners and internal audit.
- Configure user provisioning workflows in SAP GRC ARM, including request types, approval paths, and integration with IDM/IAM platforms.
- Operate SAP GRC Process Control for continuous controls monitoring and policy management.
- Implement security for Fiori applications, including catalogs, groups, and front-end authorizations.
- Configure and operate security for SAP BTP and cloud applications using XSUAA, IAS, and IPS.
- Support SAP audits (SOX, GxP, PCI) and respond to audit findings with documented remediation plans.
- Implement transport security, table logging, and audit logging in line with internal security policies.
- Monitor and remediate SAP Security Notes in coordination with Basis and DBA teams.
- Maintain comprehensive, current technical documentation — including architecture diagrams, design decisions, configuration references, runbooks, and operational procedures — so that the system remains supportable, auditable, and easy to onboard new engineers onto over time.
- Mentor junior team members and support knowledge transfer across the security team.
Benefits
- Competitive base salary commensurate with experience
- Benefits
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
