Security Consultant-Application Security

Key Responsibilities

SAP ABAP Development & Secure Coding

• Design, develop, and maintain custom SAP ABAP objects (Reports, SmartForms, BAPIs, BADIs, User Exits, Enhancements) securely and efficiently.
• Apply secure coding practices to mitigate ABAP vulnerabilities such as code injection, SQL injection, unauthorized access, RFC misuse, and insecure authorization checks.
• Conduct peer code reviews and enforce secure development guidelines within the SAP development team.

Application Security & Risk Management

• Perform security assessments of ABAP code using tools like SAP Code Vulnerability Analyzer (CVA), Virtual Forge/Onapsis, and manual review techniques.
• Collaborate with SAP Security and Basis teams to identify and remediate application-level risks.
• Support threat modeling and risk analysis activities for SAP custom applications and interfaces.
• Monitor and manage security notes (SAP OSS), patches, and vulnerability disclosures relevant to SAP applications and ABAP components.

Authorization & Compliance Guidance

• Provide guidance on authorization design (PFCG roles, object-level control) and ensure proper enforcement in custom code.
• Align SAP development practices with security policies, regulatory requirements (e.g., SOX, GDPR), and internal controls.
• Contribute to the definition of secure coding standards and development lifecycle processes for SAP projects.