Solution Architect

About The Position

Requirements

• BS in Computer Science or related field, or equivalent work experience
• Minimum of 10 years of experience with at least three of the following: threat modelling experience, secure coding, identity management and authentication, software development, cryptography, penetration testing, cloud security, mobile security, and network security
• Advanced knowledge and understanding of security engineering, system and network security, authentication and security protocols, cryptography, or application security.
• Experience reading and writing in at least one programming language.
• Experience integrating security into the SAP software development lifecycle (SDLC) and transport management processes, including static/dynamic code analysis (SAST/DAST) for ABAP and other custom developments.
• Deep experience in the security testing of custom SAP objects (WRICEF) and modern SAP applications, including Fiori apps and APIs connecting SAP to the wider enterprise technology stack.
• Background in programming and scripting.
• Working knowledge of applying application security standards, such as the OWASP Top 10, specifically to the SAP ecosystem (e.g., Fiori applications, NetWeaver Gateway, Internet Communication Manager).
• Proven ability to perform comprehensive risk analysis of the SAP landscape, leading to the documentation of specific risks and the design of mitigating controls within the SAP application and infrastructure layers.
• Deep understanding and practical application of threat modeling frameworks (e.g., STRIDE) to secure the end-to-end SAP architecture, from the core ERP to custom extensions and critical system integrations.
• Expert knowledge of security design principles and architecture patterns for building and maintaining secure, large-scale SAP systems.
• A fast learner and critical thinker with excellent problem-solving skills and the ability to present complex SAP security topics clearly to both technical and executive audiences.
• Exceptional communication skills, both written and oral, with the ability to effectively convey security requirements and risks to a diverse group of global stakeholders.

Nice To Haves

• Certifications such as CISSP, CISM, Azure Cybersecurity Expert, or equivalent are highly desirable.
• Strong preference for experience in ABAP.
• Familiarity with JavaScript (for Fiori/UI5) and Java is also highly beneficial for securing modern SAP platforms.
• Ideally utilizing tools like SAP GRC.

Responsibilities

• Serve as the lead cybersecurity architect for the global SAP program, developing a comprehensive security strategy, roadmap, and reference architectures.
• Define and enforce security standards, controls, and best practices throughout the project lifecycle, from design and development to deployment and operations.
• Own and create key technical deliverables, including security architecture diagrams, threat models, secure configuration guides, and risk assessment reports.
• Partner with cross-functional teams including enterprise architecture, business process owners, compliance, and internal audit to embed security requirements into the core solution.
• Provide strategic guidance and expert advice to senior leadership and project stakeholders on SAP-related security risks, compliance, and mitigation strategies.
• Act as the firm's subject matter expert on all aspects of SAP security, including Governance, Risk, and Compliance (GRC), Identity and Access Management (IAM), and data protection.
• Act as a role model for security excellence, promoting a culture of secure development and proactive risk management within the SAP technical and functional teams.
• Demonstrate proactivity, transparency, and clear accountability for the identification, assessment, and management of security risks across the global SAP environment.