🤖 15+ AI Agents working for you. Find jobs, score and update resumes, cover letter, interview questions, missing keywords, and lots more.
Cookies & analytics consent
We serve candidates globally, so we only activate Google Tag Manager and other analytics after you opt in. This keeps us aligned with GDPR/UK DPA, ePrivacy, LGPD, and similar rules. Essential features still run without analytics cookies.
Read how we use data in our Privacy Policy and Terms of Service.
🤖 15+ AI Agents working for you. Find jobs, score and update resumes, cover letter, interview questions, missing keywords, and lots more.
Deloitte Services Pty Ltd • pune, Maharashtra, India
Role & seniority: Senior Solution Advisor (SAP/ERP security specialist)
Stack/tools: SAP security tools (Onapsis, RedRays, SecurityBridge, PySAP, Metasploit for SAP), ABAP/NetWeaver/S/4HANA/Fiori, CI/CD integrations (Jenkins, Azure DevOps, GitLab), SAP threat modeling (STRIDE/PASTA)
Execute SAP vulnerability assessments and penetration testing across SAP modules (ECC, S/4HANA, Fiori, SAP GUI)
Embed automated SAP security checks in CI/CD pipelines; establish security gates for transports and deployments
Conduct risk-based SAP threat modeling; translate findings into actionable tests and mitigations; manage vulnerability lifecycle and remediation
7–9 years in SAP/ERP security, offensive testing, vulnerability management
Proficiency with SAP security tools and performing code reviews (ABAP), NetWeaver, S/4HANA, Fiori
Experience integrating SAP security into DevSecOps/CI-CD (Jenkins/Azure DevOps/GitLab)
Expertise in SAP threat modeling (STRIDE/PASTA) and communicating findings to diverse audiences
Strong cross-functional collaboration (SAP BASIS, application security, lines of business)
SAP security or offensive security certifications (e.g., OSCP, CEH, CSSLP, SAP Security)
Experience with GDPR, SOX, and regulatory SAP risk management
Cloud/hybrid SAP deployments, continuous compliance, Secure by Design, container security
Location & work type: Bangalore, Hyderaba
Summary
Position Summary
Cyber
Deloitte Cyber understands that SAP and ERP platforms form the backbone of many enterprises but also face unique and evolving cybersecurity challenges. Our team partners with organizations to fortify their SAP environments by combining vulnerability management, offensive security expertise, DevSecOps integration, and advanced threat modeling using industry-leading tools and deep SAP functional knowledge. Join us in helping clients safeguard their most critical business assets and processes.
Position Summary
Level: Senior Solution Advisor
SAP Application Security Assessment: Execute vulnerability assessments and penetration testing for SAP platforms across web and thick client applications (ECC, S/4HANA, Fiori, SAP GUI).
Tool-Based Assessments: Utilize advanced SAP security and assessment tools including Onapsis, RedRays, SecurityBridge, Metasploit, PySAP, and others for comprehensive vulnerability discovery, business logic flaw detection, custom code analysis, and configuration review.
SAP DevSecOps Integration: Embed automated SAP security scanning within CI/CD pipelines, establish security gates for SAP code transport and deployment processes, and drive DevSecOps practices throughout SAP solution development and operations.
SAP Threat Modeling: Conduct risk-based SAP threat modeling (using frameworks like STRIDE, PASTA, etc.), map out attack surfaces specific to SAP landscapes, and translate modeling outputs into practical vulnerability testing and mitigation.
ABAP/Technical SAP Expertise: Employ strong ABAP development and debugging skills to identify custom code vulnerabilities and support technical remediation.
Vulnerability Lifecycle Management: Manage SAP vulnerabilities through their lifecycle documenting, triaging, coordinating remediation, and validating through retesting.
Collaboration and Guidance: Work closely with SAP BASIS, application, and security teams to implement secure-by-design controls, define DevSecOps practices, and support both operational and compliance objectives.
Reporting & Education: Prepare detailed vulnerability and threat modeling reports, present risk findings to stakeholders, and facilitate training to continually raise SAP security maturity within client organizations.
Continuous Learning: Maintain ongoing awareness of SAP threat landscape, new vulnerabilities, tool updates, and emerging DevSecOps and threat modeling methodologies.
Deloitte’s Enterprise Security team delivers security by design across digital transformation initiatives-focusing on technical backbone systems like SAP. We provide end-to-end application security, DevSecOps enablement, threat modeling, and offensive testing for leading enterprise software landscapes.
Qualifications
7–9 years of deep hands-on experience in SAP/ERP security, offensive testing, and vulnerability management. Strong practitioner skills with SAP security testing tools (Onapsis, RedRays, SecurityBridge, PySAP, Metasploit for SAP modules). Demonstrable experience integrating SAP security testing in DevSecOps/CI-CD lifecycles (e.g., Jenkins, Azure DevOps, GitLab) and automating checks for SAP applications and transports. Expertise in SAP-specific threat modeling using approaches like STRIDE, PASTA, or custom SAP methods able to define, document, and prioritize SAP attack vectors and translate them to actionable test cases. Substantial SAP technical foundation, including ABAP code review and debugging, NetWeaver, S/4HANA, SAP Fiori, and system hardening. Ability to communicate SAP vulnerability findings and remediation steps clearly to both technical and non-technical audiences. Proven track record collaborating in cross-functional SAP/ERP project environments.
SAP security certifications, offensive security certifications (e.g., SAP Security, OSCP, CEH, CSSLP). Experience with regulatory and compliance-driven SAP risk management (GDPR, SOX, etc.). Practical knowledge of cloud or hybrid SAP deployments, and continuous compliance monitoring. Familiarity with SAP Secure by Design frameworks, container security, and modern application architectures.
Bachelor’s degree or higher in Computer Science, Information Security, or a related field; SAP certifications preferable.
Bangalore, Hyderabad, Pune, Chennai, Kolkata
#Cyber_Enterprise
#CA - VKS
Our purpose
Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities.
Our people and culture
Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ways of thinking, ideas and perspectives, and bring more creativity and innovation to help solve our clients’ most complex challenges. This makes Deloitte one of the most rewarding places to work.
Professional development
At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India .
Benefits To Help You Thrive
At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you.
Recruiting tips
From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters.
Requisition code: 318836