Company Description

👋🏼 We’re Nagarro. We are a digital product engineering company that is scaling in a big way! We build products, services, and experiences that inspire, excite, and delight. We work at scale — across all devices and digital mediums, and our people exist everywhere in the world (18 000+ experts across 39 countries, to be exact). Our work culture is dynamic and non-hierarchical. We’re looking for great new colleagues. That’s where you come in! By this point in your career, it is not just about the tech you know or how well you can code. It is about what more you want to do with that knowledge. Can you help your teammates proceed in the right direction? Can you tackle the challenges our clients face while always looking to take our solutions one step further to succeed at an even higher level? Yes? You may be ready to join us.

Job Description

We are seeking an experienced SAP BTP Security Architect to design, implement, and govern secure identity, access, and compliance frameworks for SAP solutions running on SAP Business Technology Platform (BTP). The role is critical to enabling AI-driven use cases in SAP while ensuring robust security, regulatory compliance, and enterprise-grade identity management.

Key Responsibilities

• Identity & Access Management
• Design and implement SAP Identity Authentication Service (IAS) and Identity Provisioning Service (IPS) architectures
• Integrate SAP BTP with corporate IdPs (Azure AD, Entra ID, AD, LDAP, SAML, OAuth2, OpenID Connect)
• Configure Single Sign-On (SSO), MFA, Conditional Access, and Trust configurations
• Manage user lifecycle, role mapping, and automated provisioning/de-provisioning across SAP systems Security & Compliance
• Implement and govern SAP Cloud Identity Services (CIS) best practices
• Define security standards for BTP applications, APIs, AI services, and integrations - Support compliance requirements (ISO 27001, GDPR, SOC, internal security policies)
• Conduct security reviews, risk assessments, and audits for SAP BTP landscapes BTP & AI Enablement
• Secure AI-enabled SAP services (e.g., SAP AI Core, AI Launchpad, Joule, custom AI apps on BTP)
• Ensure secure access to APIs, data, and AI models using OAuth2, XSUAA, and service bindings
• Collaborate with SAP architects, AI teams, and developers to embed security by design Operations & Governance
• Monitor and troubleshoot authentication, provisioning, and authorization issues
• Establish identity governance, access reviews, and logging/monitoring strategies
• Create security documentation, standards, and operational runbooks

Qualifications

Must Have

• 10+ years in SAP Security with strong hands-on experience in SAP BTP
• Deep expertise in IAS, IPS, and SAP Cloud Identity Services (CIS)
• Strong knowledge of SAML 2.0, OAuth 2.0, OpenID Connect, JWT, X.509
• Experience integrating SAP with Azure AD / Entra ID
• Solid understanding of BTP security services (XSUAA, Destination Service, API Management)

Good to Have

• Familiarity with SAP GRC, audit processes, and regulatory frameworks Soft Skills
• Strong stakeholder communication and consulting mindset
• Ability to translate security requirements into technical designs
• Proactive, detail-oriented, and comfortable working in complex enterprise landscapes