SAP Security and Onapsis Engineer

About This Role

We are seeking a Resident Engineer with strong expertise in Onapsis Control for Code,

SAP ABAP / HANA development, and SAST (Static Application Security Testing)

practices.

This role focuses on ensuring secure and compliant SAP development by leveraging

Static Application Security Testing SAST principles, performing vulnerability analysis

and collaboration with development teams to remediate findings and optimize code

quality. Ideal candidate will ensure secure and compliant SAP development by

performing code vulnerability scans, validating results, eliminating false positives, and

guiding developers in secure coding standards.

****Candidate must relocate to Saudi Arabia

Key Responsibilities

• Manage and maintain Onapsis Control for Code (ABAP, HANA) and Onapsis Assess

platforms.

• Perform and interpret SAST scans for SAP custom code to identify security and

compliance issues.

• Perform vulnerability scans using Onapsis Assess
• Validate scan findings and effectively distinguish between true positives and false

positives.

• Collaborate with development teams to remediate vulnerabilities and enhance code

security.

• Integrate Onapsis tools with SAP systems, CI/CD pipelines, and enterprise reporting

platforms.

• Generate detailed reports and dashboards for security posture and audit reviews.
• Support code review processes, secure transport management, and patch validation

activities.

• Work closely with Onapsis support for troubleshooting, version upgrades, and

optimization.

• Conduct periodic tool health checks, documentation updates, and knowledge transfer

sessions.

Required Skills and Experience

• 4–7 years of experience in the SAP ecosystem (ABAP development, Basis).
• Strong working knowledge of SAST principles and tools (Onapsis Control preferred).
• Hands-on experience with ABAP and HANA development, including secure codingpractices.
• Proven ability to analyze scan results and accurately identify false positives.
• Familiarity with SAP transport management, custom code lifecycle, TMS, OCC and
• change control processes.
• Understanding of SAP GRC / Access Control and HANA security concepts.
• Excellent analytical, communication, and stakeholder management skills.
• Preferred Qualifications
• Certification or formal training in Onapsis, SAP Security, Vulnerability Management or
• Application Security.
• Exposure to CI/CD tool integrations and DevSecOps processes.
• Knowledge of CWE/CVE standards and compliance frameworks.
• Experience in S/4HANA or SAP Cloud environments.
• Soft Skills
• Strong attention to detail with a proactive, security-focused mindset.
• Ability to communicate technical findings to diverse stakeholders.
• Collaborative and solution-oriented approach.
• Self-motivated, organized, and process driven.

Job Types: Full-time, Permanent

Pay: ﷼1.00 per month

Application Question(s):

• Can you relocate to Saudi Arabia?

Experience:

• SAP Security&onapsis: 6 years (Preferred)

Location:

• Riyadh (Preferred)

Work Location: In person