SAP Security Engineer

We are seeking an experienced SAP Security Engineer to design, implement, and maintain a secure SAP authorization framework aligned with Department of Energy (DOE) cybersecurity requirements. This role will support the development of a role-based security architecture while ensuring compliance with federal security standards and audit requirements.

The position requires a hybrid delivery model, combining on-site engagement for security reviews, compliance validation, and audit readiness with remote support for role design, configuration, documentation, and access monitoring.

Design and implement SAP role-based security architecture aligned with organizational and regulatory requirements.

Configure SAP authorization objects, roles, and profiles to support MRP and supply chain business processes.

Implement and maintain Segregation of Duties (SoD) controls to reduce access risk and ensure compliance.

Integrate SAP security with enterprise identity management systems, including Active Directory (AD), Single Sign-On (SSO), and Multi-Factor Authentication (MFA).

Conduct access risk assessments, identify security gaps, and implement remediation strategies.

Prepare and maintain audit documentation and support regulatory compliance reporting.

Monitor system access and authorization activities while enforcing least-privilege access principles.

Ensure SAP security controls align with NIST, FISMA, and DOE cybersecurity standards.

5+ years of SAP security administration experience

Strong expertise in SAP authorization objects, roles, and access control design

Experience working within regulated or federal environments

Knowledge of federal security compliance frameworks, including NIST and FISMA

Ability and willingness to travel for on-site compliance reviews and audit support