Key Responsibilities
SAP ABAP Development & Secure Coding
- Design, develop, and maintain custom SAP ABAP objects (Reports, SmartForms, BAPIs, BADIs, User Exits, Enhancements) securely and efficiently.
- Apply secure coding practices to mitigate ABAP vulnerabilities such as code injection, SQL injection, unauthorized access, RFC misuse, and insecure authorization checks.
- Conduct peer code reviews and enforce secure development guidelines within the SAP development team.
Application Security & Risk Management
- Perform security assessments of ABAP code using tools like SAP Code Vulnerability Analyzer (CVA), Virtual Forge/Onapsis, and manual review techniques.
- Collaborate with SAP Security and Basis teams to identify and remediate application-level risks.
- Support threat modeling and risk analysis activities for SAP custom applications and interfaces.
- Monitor and manage security notes (SAP OSS), patches, and vulnerability disclosures relevant to SAP applications and ABAP components.
Authorization & Compliance Guidance
- Provide guidance on authorization design (PFCG roles, object-level control) and ensure proper enforcement in custom code.
- Align SAP development practices with security policies, regulatory requirements (e.g., SOX, GDPR), and internal controls.
- Contribute to the definition of secure coding standards and development lifecycle processes for SAP projects.
