Posted today
Top Secret/SCI
Unspecified
Unspecified
Bangalore, India (On-Site/Office)
In this role, you'll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers), where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world. Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology
In this role, you'll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers), where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world. Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology.
Your role and responsibilities
This role blends deep SAP ABAP technical skills with hands-on experience in identifying, mitigating, and preventing application-layer security vulnerabilities within SAP systems. You will work closely with SAP developers, security architects, and business stakeholders to ensure secure design, development, and deployment of SAP custom code and configurations across modules (ECC, S/4HANA, etc.)
Required education
Bachelor's Degree
Preferred education
Master's Degree
Required technical and professional expertise
• SAP ABAP Development & Code Security, Design, develop, and maintain custom SAP ABAP objects (Reports, SmartForms, BAPIs, BADIs, User Exits, Enhancements) in a secure and efficient manner.
• Apply secure coding practices to mitigate common ABAP vulnerabilities such as code injection, SQL injection, unauthorized access, RFC misuse, and insecure authorization checks.
• Perform peer code reviews and enforce secure development guidelines within the SAP development team.
Application Security & Risk Management
• Conduct security assessments of ABAP code using tools like SAP Code Vulnerability Analyzer (CVA), Virtual Forge/Onapsis, and manual review techniques. Collaborate with SAP Security and Basis teams to identify and remediate application-level risks. Support threat modeling and risk analysis activities for SAP custom applications and interfaces.
• Monitor and manage security notes (SAP OSS), patches, and vulnerability disclosures relevant to SAP applications and ABAP components
Preferred technical and professional experience
• Provide guidance on authorization design (PFCG roles, object-level control) and ensure proper enforcement in custom code. Work closely with the Information Security team to align with security policies, regulatory requirements (e.g., SOX, GDPR), and internal controls.
• Contribute to the definition of secure coding standards and development lifecycle processes for SAP projects. Strong understanding of SAP application security concepts, including roles/authorizations, RFC security, code-level security controls, and transport-level controls.
• Experience with SAP CVA, Virtual Forge/Onapsis, SCI/SLIN, or other static code analysis tools. Familiarity with OWASP Top 10, SANS Top 25, and how they apply to SAP environments. Experience with ECC, S/4HANA, or industry-specific solutions (SAP IS modules) is preferred.
Years of Experience:
5 - 9
In this role, you'll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers), where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world. Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology.
Your role and responsibilities
This role blends deep SAP ABAP technical skills with hands-on experience in identifying, mitigating, and preventing application-layer security vulnerabilities within SAP systems. You will work closely with SAP developers, security architects, and business stakeholders to ensure secure design, development, and deployment of SAP custom code and configurations across modules (ECC, S/4HANA, etc.)
Required education
Bachelor's Degree
Preferred education
Master's Degree
Required technical and professional expertise
• SAP ABAP Development & Code Security, Design, develop, and maintain custom SAP ABAP objects (Reports, SmartForms, BAPIs, BADIs, User Exits, Enhancements) in a secure and efficient manner.
• Apply secure coding practices to mitigate common ABAP vulnerabilities such as code injection, SQL injection, unauthorized access, RFC misuse, and insecure authorization checks.
• Perform peer code reviews and enforce secure development guidelines within the SAP development team.
Application Security & Risk Management
• Conduct security assessments of ABAP code using tools like SAP Code Vulnerability Analyzer (CVA), Virtual Forge/Onapsis, and manual review techniques. Collaborate with SAP Security and Basis teams to identify and remediate application-level risks. Support threat modeling and risk analysis activities for SAP custom applications and interfaces.
• Monitor and manage security notes (SAP OSS), patches, and vulnerability disclosures relevant to SAP applications and ABAP components
Preferred technical and professional experience
• Provide guidance on authorization design (PFCG roles, object-level control) and ensure proper enforcement in custom code. Work closely with the Information Security team to align with security policies, regulatory requirements (e.g., SOX, GDPR), and internal controls.
• Contribute to the definition of secure coding standards and development lifecycle processes for SAP projects. Strong understanding of SAP application security concepts, including roles/authorizations, RFC security, code-level security controls, and transport-level controls.
• Experience with SAP CVA, Virtual Forge/Onapsis, SCI/SLIN, or other static code analysis tools. Familiarity with OWASP Top 10, SANS Top 25, and how they apply to SAP environments. Experience with ECC, S/4HANA, or industry-specific solutions (SAP IS modules) is preferred.
Years of Experience:
5 - 9
group id: 90615168
N
There is no other company like IBM and there is no business professional like the IBMer. We are experts in nearly every technical scientific and business field. We are citizens of, and apply our expertise in, more than 170 countries. Yet we are united by a single purpose: to be essential. IBMers change how the world works. Join us at IBM Consulting and embrace your passion to make a difference.
