SAP Pen Testing - Lead Solution Advisor

Same job available in 5 locations

Bengaluru, Karnataka, India

Chennai, Tamil Nadu, India

Hyderabad, Telangana, India

Kolkata, West Bengal, India

Pune, Maharashtra, India

Back to search results
Back to search results

Position Summary

Cyber

Deloitte Cyber understands that SAP and ERP platforms form the backbone of many enterprises but also face unique and evolving cybersecurity challenges. Our team partners with organizations to fortify their SAP environments by combining vulnerability management, offensive security expertise, DevSecOps integration, and advanced threat modeling using industry-leading tools and deep SAP functional knowledge. Join us in helping clients safeguard their most critical business assets and processes.

Position Summary

Level: Senior Solution Advisor

Work you’ll do:

As a Senior Solution Advisor specializing in SAP/ERP vulnerability management, offensive penetration testing, DevSecOps, and threat modeling, your responsibilities will include:

  • SAP Application Security Assessment: Execute vulnerability assessments and penetration testing for SAP platforms across web and thick client applications (ECC, S/4HANA, Fiori, SAP GUI).
  • Tool-Based Assessments: Utilize advanced SAP security and assessment tools including Onapsis, RedRays, SecurityBridge, Metasploit, PySAP, and others for comprehensive vulnerability discovery, business logic flaw detection, custom code analysis, and configuration review.
  • SAP DevSecOps Integration: Embed automated SAP security scanning within CI/CD pipelines, establish security gates for SAP code transport and deployment processes, and drive DevSecOps practices throughout SAP solution development and operations.
  • SAP Threat Modeling: Conduct risk-based SAP threat modeling (using frameworks like STRIDE, PASTA, etc.), map out attack surfaces specific to SAP landscapes, and translate modeling outputs into practical vulnerability testing and mitigation.
  • ABAP/Technical SAP Expertise: Employ strong ABAP development and debugging skills to identify custom code vulnerabilities and support technical remediation.
  • Vulnerability Lifecycle Management: Manage SAP vulnerabilities through their lifecycle documenting, triaging, coordinating remediation, and validating through retesting.
  • Collaboration and Guidance: Work closely with SAP BASIS, application, and security teams to implement secure-by-design controls, define DevSecOps practices, and support both operational and compliance objectives.
  • Reporting & Education: Prepare detailed vulnerability and threat modeling reports, present risk findings to stakeholders, and facilitate training to continually raise SAP security maturity within client organizations.
  • Continuous Learning: Maintain ongoing awareness of SAP threat landscape, new vulnerabilities, tool updates, and emerging DevSecOps and threat modeling methodologies.

The Team:

Deloitte’s Enterprise Security team delivers security by design across digital transformation initiatives-focusing on technical backbone systems like SAP. We provide end-to-end application security, DevSecOps enablement, threat modeling, and offensive testing for leading enterprise software landscapes.

Qualifications

Must Have Skills/Project Experience/Certifications:

  • 7–9 years of deep hands-on experience in SAP/ERP security, offensive testing, and vulnerability management.
  • Strong practitioner skills with SAP security testing tools (Onapsis, RedRays, SecurityBridge, PySAP, Metasploit for SAP modules).
  • Demonstrable experience integrating SAP security testing in DevSecOps/CI-CD lifecycles (e.g., Jenkins, Azure DevOps, GitLab) and automating checks for SAP applications and transports.
  • Expertise in SAP-specific threat modeling using approaches like STRIDE, PASTA, or custom SAP methods able to define, document, and prioritize SAP attack vectors and translate them to actionable test cases.
  • Substantial SAP technical foundation, including ABAP code review and debugging, NetWeaver, S/4HANA, SAP Fiori, and system hardening.
  • Ability to communicate SAP vulnerability findings and remediation steps clearly to both technical and non-technical audiences.
  • Proven track record collaborating in cross-functional SAP/ERP project environments.

Good to Have Skills/Project Experience/Certifications:

·       SAP security certifications, offensive security certifications (e.g., SAP Security, OSCP, CEH, CSSLP).

·       Experience with regulatory and compliance-driven SAP risk management (GDPR, SOX, etc.).

·       Practical knowledge of cloud or hybrid SAP deployments, and continuous compliance monitoring.

·       Familiarity with SAP Secure by Design frameworks, container security, and modern application architectures.

Education:

·       Bachelor’s degree or higher in Computer Science, Information Security, or a related field; SAP certifications preferable.

Location:

·       Bangalore, Hyderabad, Pune, Chennai, Kolkata

#Cyber_Enterprise

#CA - VKS
Our purpose

Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. 
Our people and culture

Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ways of thinking, ideas and perspectives, and bring more creativity and innovation to help solve our clients’ most complex challenges. This makes Deloitte one of the most rewarding places to work.
Professional development

At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India.
Benefits to help you thrive

At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you.
Recruiting tips

From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters.

Requisition code: 318836