RTH - Y, Total Yrs of Exp - 5+ Yrs Relv Yrs of Exp - 5+ Yrs  Skill - SAP - ABAP (Application Security) Detailed JD - This role blends deep SAP ABAP technical skills with hands-on experience in identifying, mitigating, and preventing application-layer security vulnerabilities within SAP systems. You will work closely with SAP developers, security architects, and business stakeholders to ensure secure design, development, and deployment of SAP custom code and configurations across modules (ECC, S/4HANA, etc.). Apply secure coding practices to mitigate common ABAP vulnerabilities such as code injection, SQL injection, unauthorized access, RFC misuse, and insecure authorization checks. Perform peer code reviews and enforce secure development guidelines within the SAP development team. Application Security & Risk Management Conduct security assessments of ABAP code using tools like SAP Code Vulnerability Analyzer (CVA), Virtual Forge/Onapsis, and manual review techniques. Collaborate with SAP Security and Basis teams to identify and remediate application-level risks. Support threat modeling and risk analysis activities for SAP custom applications and interfaces. Monitor and manage security notes (SAP OSS), patches, and vulnerability disclosures relevant to SAP applications and ABAP components. Collaboration & Governance Provide guidance on authorization design (PFCG roles, object-level control) and ensure proper enforcement in custom code. Work closely with the Information Security team to align with security policies, regulatory requirements (e.g., SOX, GDPR), and internal controls. Contribute to the definition of secure coding standards and development lifecycle processes for SAP projects. Required Skills & Qualifications 8+ years of hands-on SAP ABAP development experience. Strong understanding of SAP application security concepts, including roles/authorizations, RFC security, code-level security controls, and transport-level controls.Experience with SAP CVA, Virtual Forge/Onapsis, SCI/SLIN, or other static code analysis tools. Familiarity with OWASP Top 10, SANS Top 25, and how they apply to SAP environments.Experience with ECC, S/4HANA, or industry-specific solutions (SAP IS modules) is preferred. Preferred Qualifications  Understanding of SAP Fiori / UI5 security and integration points with ABAP backend.  Experience working with GRC, SAP Security Audit Logs, or firefighter access models.Certifications such as SAP Certified Development Associate, SAP Security, or Certified Information Systems Security Professional (CISSP) are a plus. Note - Resource needs to ready for F2F Intv at IBM location based on account request and Day 1 reporting from DOJ. - IBMFG2JP00000164