Senior SAP Security & BTP SME

About the team

The SAP Platform team is committed to providing a robust secure and highly available SAP ecosystem across Ford Motor Company. Our mission is to empower critical business operations with reliable scalable and innovative SAP foundational services.

The SAP Platform team delivers world-class services that our:

• Business Units leverage for secure performant and compliant enterprise solutions including core operational needs in After Sales Manufacturing and Central Finance.
• Development Teams utilize for rapid innovation and strategic initiatives supported by comprehensive SAP BTP development capabilities and architectural guidance.
• Ford Enterprise relies on for the foundational stability and governance of its corporate backbone ensuring efficient and effective operations globally.

In this capacity we provide essential SAP platform services including SAP BASIS administration comprehensive security management expert architectural leadership SAP BTP development support and robust governance frameworks.

Job Description

We are currently looking to expand our team with a highly skilled Senior SAP BTP Security & Identity Management Specialist to lead and support our cloud-first security initiatives with a strong focus on SAP Business Technology Platform (BTP) Identity Authentication Service (IAS) and Identity Access Governance (IAG).

About the Role

As a Senior SAP BTP Security & Identity Management Specialist you will be a pivotal member of the Ford PS&L SAP Platform services PDO. You will be instrumental in designing implementing and maintaining secure access and identity solutions across our SAP cloud landscape particularly within SAP BTP. This role requires deep hands-on expertise in configuring and managing SAP IAS for central authentication and federation implementing SAP IAG for unified access governance and securing BTP services and applications. You will ensure that our cloud security architecture aligns with Fords compliance standards and best practices enabling agile development and secure operations in the cloud.

Key Responsibilities

• Design implement and maintain security solutions within SAP Business Technology Platform (BTP) including subaccount security instance-based authorizations and principal propagation.
• Configure and manage SAP Identity Authentication Service (IAS) for central user authentication single sign-on (SSO) multi-factor authentication (MFA) and identity federation for BTP applications and other cloud services.
• Implement and administer SAP Identity Access Governance (IAG) for streamlined identity lifecycle management access request workflows access risk analysis and role management across hybrid SAP landscapes (on-premise and cloud).
• Integrate BTP applications and services with IAS and IAG for comprehensive identity and access management.
• Define and manage BTP role collections authorizations and trust configurations to secure access to BTP applications and services.
• Collaborate with BTP application development teams to embed security best practices early in the development lifecycle and ensure secure deployment.
• Troubleshoot complex identity and access issues across IAS IAG BTP and integrated systems.
• Provide expertise in BTP authorization concepts including role-based access control (RBAC) and attribute-based access control (ABAC) where applicable.
• Stay current with SAP BTP security innovations best practices and evolving cloud security standards.
• Contribute to the development and enforcement of security policies and procedures for cloud environments.
• Integration of authorization concepts between S4 HANA and BTP.

Required Skills & Qualifications

• A degree in Computer Science Information Security or a closely related discipline.
• Minimum of 8 years of SAP Security experience with at least 2 years focused on SAP cloud security solutions.
• Extensive hands-on experience with SAP Business Technology Platform (BTP) security setup administration and best practices.
• Proven expertise in implementing configuring and managing SAP Identity Authentication Service (IAS).
• Demonstrated experience with the implementation and ongoing management of SAP Identity Access Governance (IAG).
• Strong understanding of cloud security principles and architecture.
• Experience with identity federation protocols such as SAML 2.0 OAuth 2.0 and OpenID Connect.
• Familiarity with SAP S/4HANA security concepts and integration points with cloud identity solutions.
• Ability to design and implement robust authorization models for cloud applications.
• Proficient in troubleshooting complex identity and access management issues in cloud environments.

Preferred Qualifications

• At least a bachelors degree in a relevant field.
• Experience with other enterprise identity providers (e.g. Azure AD Okta) and their integration with SAP solutions.
• Knowledge of API security and microservices security within a cloud-native context.
• Familiarity with DevOps security practices and security automation.
• Strong understanding of audit and compliance requirements for cloud security.
• Excellent analytical problem-solving and debugging skills.
• Ability to work collaboratively across various teams and stakeholders.
• Exceptional communication and interpersonal skills capable of explaining complex security concepts to technical and non-technical audiences.
• Fluent in spoken and written with other security domains (e.g. identity and access management data privacy cyber security frameworks).
• Relevant SAP Security certifications(e.g. CCSK CCSP) or SAP BTP/IAM (e.g. SAP Certified Technology Associate - SAP Cloud Platform) Nice to have.