SAP Security Engineer- MRP, GRC, DOE

Role

• SAP Security Engineer- MRP, GRC, DOE

Location

• Newtown Square, PA (Hybrid/ Travel)

Mode of Hire

• FTE/Subcon

Visa

• US Citizens + Security Clearance nice to have

Position Overview

The SAP Security Engineer will design and implement a secure SAP authorization model aligned with DOE cybersecurity requirements. The role requires on-site engagement for security reviews, compliance validation, and audit readiness, with remote support for role configuration and documentation.

Work Location

• Travel
• Hybrid role

Travel

• Travel required for security assessments, audit support, and system validation phases
• Remote work for role design, documentation, and access monitoring

Key Responsibilities

• Design SAP role-based security architecture
• Configure authorization objects and roles for MRP users
• Implement segregation of duties controls
• Integrate SAP with identity management systems (AD, SSO, MFA)
• Conduct access risk assessments and remediation
• Support audit documentation and compliance reporting
• Monitor authorization issues and enforce least-privilege principles
• Ensure alignment with NIST, FISMA, and DOE cybersecurity standards

Required Qualifications

• 5+ years SAP security administration experience
• Strong expertise in SAP authorization objects and role design
• Experience in regulated or federal environments
• Knowledge of compliance frameworks (NIST, FISMA)
• Ability to travel for on-site compliance and audit support

Preferred Qualifications

• SAP GRC Access Control experience
• DOE security compliance experience