SAP Security & Authorization Engineer
Listed on 2026-07-11
-
IT/Tech
SAP Consultant, Cybersecurity, IT Consultant
The Opportunity
Mass Mutual is seeking a senior, hands on SAP Security & Authorization Engineer to directly design, build, test, and support SAP security across a large, complex SAP landscape. This role is execution focused and requires deep, day to day work in SAP systems while also serving as the primary technical authority and advisor for SAP security within Finance Technology.
The successful candidate will spend the majority of their time working directly in SAP, resolving complex authorization issues, supporting audits, and partnering closely with project and business teams during SAP S/4 HANA and APEX related modernization initiatives, while also mentoring others through hands on collaboration.
The Team
S/4
HANA & Enterprise Program Support
- Serve as the hands on SAP Security lead for S/4
HANA programs, including:- Role design, build, test and maintain business Fiori roles.
- Removal of deprecated tiles and update authorizations during upgrades
- Updates to company code driven and derived roles
- Actively support unit testing, SIT, UAT, performance, reporting, and training cycles, often involving large user populations.
- Resolve defects raised in various testing cycles by updating the roles.
- Work directly with developers and functional teams to:
- Assess security impacts
- Perform pre business testing
- Validate fixes prior to business testing
The Impact
Hands On SAP Security Delivery (Primary Focus)
- Personally design, build, test, and maintain SAP security roles and authorizations across SAP systems (S/4
HANA, Fiori, HANA DB, SAC, DATASPHERE, PAPM, ECC, BI, XI) - Perform hands on troubleshooting and remediation of complex authorization issues impacting Finance, HR, Procurement, BW, and reporting users.
- Provide direct production support, including urgent access issues, role corrections, and user remediation.
- Perform feasibility assessments for new technologies by doing Proof of Concepts/Technology
- Secure custom programs/tables working with the ABAP development teams.
- Execute monthly SAP Security Note reviews, support pack validation, and hands on regression testing.
- Actively support Sandbox, Development, QA, Pre Production, and Production environments.
Identity, Access & GRC Integration
- Act as the hands on SAP security SME for:
- IAMSTRONG integrations
- Manager access reviews and transfer reviews.
- Segregation of Duties (SoD) and orphaned access remediation
- Personally support and troubleshoot ILM tooling related to onboarding, offboarding, audit controls, and access cleanup.
- Partner directly with IAM, Service Now, and security teams to modernize and stabilize access request and fulfillment processes.
Audit, Risk & Compliance
- Personally support SAP audits, including access reviews, evidence collection, and remediation.
- Execute required security corrections directly in SAP to address audit findings.
- Serve as the primary technical contact for Audit, Business, Risk, and Compliance partners on SAP security matters.
Technical Leadership & Knowledge Sharing
- Serve as the go to SAP security authority for Finance Technology.
- Mentor and support team members through direct collaboration and hands on problem solving.
- Create and maintain practical documentation and FAQs to improve self service and reduce repeat issues.
- Help prioritize work while remaining directly accountable for complex or high risk security changes.
The Minimum Qualifications
- Bachelor's degree in IT or related field of study
- 8+ years of hands on SAP Security & Authorization experience.
- 8+ years demonstrated experience personally building, testing, and troubleshooting SAP roles in ECC
- 2+ years hands on experience S/4
HANA, HANA DB, SAC (Security Analytical Cloud), Datasphere, PAPM, ECC, BI, PI systems - 8+ years proven experience supporting production SAP systems in a large, multi instance landscape
- 2+ years experience supporting audit activities and remediation directly within SAP
Preferred Qualifications
- Ability to balance BAU production support with major transformation initiatives.
- Strong communication skills with the ability to clearly explain security impacts to both technical and non technical partners
- Experience supporting SAP S/4
HANA transformations or large ERP modernization programs - Experience with building SAP S/4 Fiori roles from catalogs/groups and spaces/pages
- Experience with design and building of HANA database security roles with System, Object and Analytical privileges
- Experience working with Datasphere roles/scoped roles, SAC teams/Roles, role collections in BTP applications like PaPM, Cloud Identity Services.
- Familiarity with IAM, GRC, ILM, and automated access provisioning frameworks.
- Experience supporting analytics and reporting platforms integrated with SAP (BW, SAC, AO, etc.)
- Prior experience in financial services or other regulated industries.
What Success Looks Like in This Role
- SAP security remains stable, compliant, and business enabling throughout ongoing S/4
HANA and APEX initiatives - Audit requests are handled efficiently with strong ownership and clear documentation
- Business partners experience…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).