Solution Architect

Orion Innovation is a premier, award-winning, global business and technology services firm. Orion delivers game-changing business transformation and product development rooted in digital strategy, experience design, and engineering, with a unique combination of agility, scale, and maturity. We work with a wide range of clients across many industries including financial services, professional services, telecommunications and media, consumer products, automotive, industrial automation, professional sports and entertainment, life sciences, ecommerce, and education.

Solutions Architect - Security

Strong SAP security skill set required.

As the IVC program transitions into the SAP phase, it has been identified that there is a need for a dedicated security resource with a strong SAP security skill set. The expectation is that this person would serve as a security leader supporting the program. In this capacity, they would lead the security assessment activities, as well as facilitate other security services and needs (e.g., adversarial testing, security architecture consulting, collaboration with security teams in consortia, etc.).

• Serve as the lead cybersecurity architect for the global SAP program, developing a comprehensive security strategy, roadmap, and reference architectures.

• Define and enforce security standards, controls, and best practices throughout the project lifecycle, from design and development to deployment and operations.

• Own and create key technical deliverables, including security architecture diagrams, threat models, secure configuration guides, and risk assessment reports.

• Partner with cross-functional teams including enterprise architecture, business process owners, compliance, and internal audit to embed security requirements into the core solution.

• Provide strategic guidance and expert advice to senior leadership and project stakeholders on SAP-related security risks, compliance, and mitigation strategies.

• Act as the firm's subject matter expert on all aspects of SAP security, including Governance, Risk, and Compliance (GRC), Identity and Access Management (IAM), and data protection.

Requirements:

• BS in Computer Science or related field, or equivalent work experience

• Minimum of 10 years of experience with at least three of the following: threat modelling experience, secure coding,

identity management and authentication, software development, cryptography, penetration testing, cloud security,

mobile security, and network security

• Advanced knowledge and understanding of security engineering, system and network security, authentication and

security protocols, cryptography, or application security.

• Experience reading and writing in at least one programming language.

• Certifications such as CISSP, CISM, Azure Cybersecurity Expert, or equivalent are highly desirable.

• Experience integrating security into the SAP software development lifecycle (SDLC) and transport management processes, including static/dynamic code analysis (SAST/DAST) for ABAP and other custom developments.

• Deep experience in the security testing of custom SAP objects (WRICEF) and modern SAP applications, including Fiori apps and APIs connecting SAP to the wider enterprise technology stack.

• Background in programming and scripting, with a strong preference for experience in ABAP. Familiarity with JavaScript (for Fiori/UI5) and Java is also highly beneficial for securing modern SAP platforms.

• Working knowledge of applying application security standards, such as the OWASP Top 10, specifically to the SAP ecosystem (e.g., Fiori applications, NetWeaver Gateway, Internet Communication Manager).

• Proven ability to perform comprehensive risk analysis of the SAP landscape, leading to the documentation of specific risks and the design of mitigating controls within the SAP application and infrastructure layers, ideally utilizing tools like SAP GRC.

• Deep understanding and practical application of threat modeling frameworks (e.g., STRIDE) to secure the end-to-end SAP architecture, from the core ERP to custom extensions and critical system integrations.

• Expert knowledge of security design principles and architecture patterns for building and maintaining secure, large-scale SAP systems. • Act as a role model for security excellence, promoting a culture of secure development and proactive risk management within the SAP technical and functional teams.

• Demonstrate proactivity, transparency, and clear accountability for the identification, assessment, and management of security risks across the global SAP environment.

• A fast learner and critical thinker with excellent problem-solving skills and the ability to present complex SAP security topics clearly to both technical and executive audiences.

• • Exceptional communication skills, both written and oral, with the ability to effectively convey security requirements and risks to a diverse group of global stakeholders.

Orion is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, citizenship status, disability status, genetic information, protected veteran status, or any other characteristic protected by law.

Candidate Privacy Policy

Orion Systems Integrators, LLC and its subsidiaries and its affiliates (collectively, “Orion,” “we” or “us”) are committed to protecting your privacy. This Candidate Privacy Policy (orioninc.com) (“Notice”) explains:

• What information we collect during our application and recruitment process and why we collect it;
• How we handle that information; and
• How to access and update that information.

Your use of Orion services is governed by any applicable terms in this notice and our general Privacy Policy.