SAP Application Security Analyst

Location: Washington, DC

Department: 58239872 - AFS SAP Development

The work

The SAP Application Security Analyst supports the SAP Application Security and Identity Access Management (IAM) capability for the S/4HANA program. Working within an Agile team, this role executes the technical design, implementation, and maintenance of the security framework, ensuring that all user management functions align with the "Least Privilege" principle and federal compliance standards. The Consultant performs hands-on configuration of SAP GRC (Governance, Risk, and Compliance) to automate User Management (UM) and execute Segregation of Duties (SoD) analysis.

Key responsibilities:

• Execute User Access Management (UAM): Perform the end-to-end design, build, and maintenance of S/4HANA security roles, with a specific focus on Fiori-specific authorizations, catalogs, and groups.
• Configure GRC Security Components: Execute the technical setup and testing of SAP GRC Access Control (ARA, ARM, EAM) to facilitate automated and compliant user provisioning.
• Perform SoD Risk Assessments: Execute protocols for identifying and remediating Segregation of Duties (SoD) and Critical Action risks across all functional workstreams (B2R, P2P, O2C, etc.).
• Maintain User Provisioning & Role Design: Ensure all role development and testing activities adhere to established Security Management controls and federal audit requirements.
• Support User Access Reviews (UAR): Execute the technical tasks for periodic certification processes to validate user entitlements and ensure continued business necessity.
• Facilitate Audit & Compliance Requests: Support internal and external audit inquiries related to user access by pulling system evidence, running reports, and performing remediation of findings.
• Monitor Security Posture: Perform regular monitoring and reporting on SoD violations and high-risk access, providing visibility into the overall health of the security environment.
• Collaborate with Functional Squads: Work closely with Functional Analysts to ensure that security designs are integrated seamlessly without hindering business productivity or process flow.
• Technical Documentation: Maintain rigorous documentation of security matrices, role definitions, and mitigating controls to ensure a transparent and defensible security posture.
• Understanding of federal security standards (e.g., NIST, FISMA) and their application within an SAP landscape.

Here’s what you need:

• 2+ years of experience in SAP Security Management including, including S/4HANA Security, SAP GRC (10.x/12.0), and Fiori catalog/group design.
• Experience working with the SAP GRC Global Rule Set and implementing mitigating controls.
• Foundational understanding of Fiori Front-End and Back-End authorization integration.

Nice to have:

• Strong troubleshooting abilities for authorization failures and GRC workflow issues (e.g., SU53, ST01).
• Familiarity with IAM integration related to federal SSO or PIV/CAC authentication.
• Understanding of federal security standards such as NIST and FISMA and their application within SAP environments.
• Experience working within Agile delivery teams.
• Strong documentation skills with attention to accuracy and compliance.
• Ability to partner effectively with cross-functional teams.
• Prior experience supporting federal audits or compliance assessments.

Eligibility requirements:

• US Citizen (no dual citizenship)
• Active Secret clearance required
• Willingness to travel up to 25%