Job Summary:
We are seeking an experienced SAP Penetration Tester to assess and improve the security posture of our SAP landscape. You will be responsible for conducting in-depth security assessments and penetration tests on SAP systems (e.g., SAP ERP, S/4HANA, SAP Fiori, SAP NetWeaver), identifying vulnerabilities, and working with technical teams to implement remediation plans.
Key Responsibilities:
Perform penetration testing and vulnerability assessments on SAP environments (ABAP, JAVA stacks, S/4HANA, BW, Fiori, etc.).
Identify and exploit vulnerabilities within SAP modules, configurations, transports, custom code, and interfaces.
Develop threat models and simulate real-world attack scenarios targeting SAP systems.
Analyze SAP logs and traces for potential exploitation or suspicious activity.
Review system configurations, authorizations, and custom developments for security flaws.
Provide clear technical and business impact assessments of vulnerabilities and remediation strategies.
Collaborate with SAP Basis, Development, and InfoSec teams to remediate identified risks.
Stay current on SAP-specific vulnerabilities, exploits, and security trends.
Create and maintain detailed technical documentation and reports for both technical and executive audiences.
Required Skills & Qualifications:
Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or related field.
3+ years of experience in penetration testing or red teaming, with a focus on SAP environments.
In-depth knowledge of SAP architecture and modules (ERP, S/4HANA, NetWeaver, Fiori, etc.).
Experience with SAP security tools (SAP Code Vulnerability Analyzer, SAP Solution Manager, SAP GRC).
Hands-on experience with penetration testing tools (e.g., Metasploit, Burp Suite, nmap, custom scripts).
Familiarity with SAP-specific vulnerabilities (e.g., RECON, ICMAD, Ghost, Transport Directory attacks).
Strong understanding of RFC, BAPI, SAP Gateway, and common SAP protocols.
SAP Security certifications (e.g., SAP Certified Technology Associate - System Security Architect) are a plus.
OSCP, OSCE, GPEN, or similar penetration testing certifications are highly desirable.
...Job Responsibilities: Data Entry: The role involves significant data entry tasks, handling utility outreach, and prioritizing incoming... ...meetings. Candidate Background: The role is open to entry-level candidates with one to three years of work experience and a bachelor...
..., Crossfunctional teams, Vendors and Integration partners. Process knowledge and application understanding of Veeva Align, Veeva CRM, Salesforce is a must with knowledge on Veeva Vault, Network and Nitro considered as added skillsets. Candidate should be proficient...