SAP Security & Platform Systems Engineer

ArcherSan Jose, CA
3h$152,100 - $190,100

About The Position

Archer is an aerospace company based in San Jose, California building an all-electric vertical takeoff and landing aircraft with a mission to advance the benefits of sustainable air mobility. We are designing, manufacturing, and operating an all-electric aircraft that can carry four passengers while producing minimal noise. Our sights are set high and our problems are hard, and we believe that diversity in the workplace is what makes us smarter, drives better insights, and will ultimately lift us all to success. We are dedicated to cultivating an equitable and inclusive environment that embraces our differences, and supports and celebrates all of our team members. We are seeking a SAP Security & Platform Systems Engineer. This specialized role is responsible for the secure architecture and technical integration of our SAP S/4HANA RISE environment. The ideal candidate will bridge the gap between traditional SAP Security and modern Cloud Platform administration, ensuring robust, compliant, and well-connected SAP systems.

Requirements

  • 10+ years in SAP technical roles, with a minimum of 3 years focused on S/4HANA and the Business Technology Platform (BTP).
  • Expert proficiency in PFCG, SU24 optimization, and Fiori security architecture.
  • Direct, practical experience with the SAP BTP Cockpit and SAP Cloud Connector.
  • Proven ability to troubleshoot and manage Identity Protocols: SAML, OAuth2, and OpenID Connect (OIDC).
  • Direct experience managing SOX/ITGC compliance requirements in a regulated or publicly traded company, reduce SOD violations
  • Skilled in performing comprehensive end-to-end traces (e.g., ST01, browser traces, Cloud Connector logs) to diagnose connectivity and authorization issues.
  • Investigate and resolve Authorization-related issues, performing root cause analysis to prevent future breaches.
  • Clear understanding of the SAP RISE shared responsibility model.

Responsibilities

  • Access Model Ownership: Design, build, and maintain S/4HANA business roles, Fiori catalogs, and authorization groups.
  • Identity Management: Perform configuration and troubleshooting of user provisioning and authentication workflows.
  • Compliance & Audit: Participate in technical efforts for SOX and ITGC audits, managing GRC/IAG (including SoD rulesets and Emergency Access/Firefighter) and providing technical evidence.
  • System and Data-Level Security: Perform vulnerability Assessment, secure Fiori apps/Web services and govern security measures at the CDS-view and OData service layer
  • Cloud Ecosystem Integration: Design and manage technical trust configurations (SAML 2.0, OAuth 2.0, Principal Propagation) across S/4HANA, BTP, and SAP Analytics Cloud (SAC) etc.
  • BTP Management: Administer BTP subaccounts, service entitlements, and technical destinations.
  • Secure Connectivity: Install, configure, and monitor SAP Cloud Connectors to maintain secure data transfer between the RISE private cloud and BTP/external services.
  • Certificate Authority: Manage the full lifecycle of X.509 certificates and SSL handshakes within the entire SAP landscape.
  • RISE Coordination: Serve as the technical liaison with SAP RISE operations for system-level changes (e.g., refreshes, kernel parameters, OS configurations).
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service