SAP Security & Authorization Engineer

The OpportunityMassMutual is seeking a senior, hands‑on SAP Security & Authorization Engineer to directly design, build, test, and support SAP security across a large, complex SAP landscape. This role is execution‑focused and requires deep, day‑to‑day work in SAP systems while also serving as the primary technical authority and advisor for SAP security within Finance Technology.The successful candidate will spend the majority of their time working directly in SAP, resolving complex authorization issues, supporting audits, and partnering closely with project and business teams during SAP S/4 HANA and APEX‑related modernization initiatives, while also mentoring others through hands‑on collaboration.The TeamS/4HANA & Enterprise Program SupportServe as the hands‑on SAP Security lead for S/4HANA programs, including:Role design, build, test and maintain business Fiori roles.Removal of deprecated tiles and update authorizations during upgradesUpdates to company‑code‑driven and derived rolesActively support unit testing, SIT, UAT, performance, reporting, and training cycles, often involving large user populations.Resolve defects raised in various testing cycles by updating the roles.Work directly with developers and functional teams to:Assess security impactsPerform pre‑business testingValidate fixes prior to business testingThe ImpactHands‑On SAP Security Delivery (Primary Focus)Personally design, build, test, and maintain SAP security roles and authorizations across SAP systems (S/4HANA, Fiori, HANA DB, SAC, DATASPHERE, PAPM, ECC, BI, XI)Perform hands‑on troubleshooting and remediation of complex authorization issues impacting Finance, HR, Procurement, BW, and reporting users.Provide direct production support, including urgent access issues, role corrections, and user remediation.Perform feasibility assessments for new technologies by doing Proof of Concepts/TechnologySecure custom programs/tables working with the ABAP development teams.Execute monthly SAP Security Note reviews, support pack validation, and hands‑on regression testing.Actively support Sandbox, Development, QA, Pre‑Production, and Production environments.Identity, Access & GRC IntegrationAct as the hands‑on SAP security SME for:IAMSTRONG integrationsManager access reviews and transfer reviews.Segregation of Duties (SoD) and orphaned access remediationPersonally support and troubleshoot ILM tooling related to onboarding, offboarding, audit controls, and access cleanup.Partner directly with IAM, ServiceNow, and security teams to modernize and stabilize access request and fulfillment processes.Audit, Risk & CompliancePersonally support SAP audits, including access reviews, evidence collection, and remediation.Execute required security corrections directly in SAP to address audit findings.Serve as the primary technical contact for Audit, Business, Risk, and Compliance partners on SAP security matters.Technical Leadership & Knowledge SharingServe as the go‑to SAP security authority for Finance Technology.Mentor and support team members through direct collaboration and hands‑on problem solving.Create and maintain practical documentation and FAQs to improve self‑service and reduce repeat issues.Help prioritize work while remaining directly accountable for complex or high‑risk security changes.The Minimum QualificationsBachelor's degree in IT or related field of study8+ years of hands‑on SAP Security & Authorization experience.8+ years demonstrated experience personally building, testing, and troubleshooting SAP roles in ECC2+ years hands on experience S/4HANA, HANA DB, SAC (Security Analytical Cloud), Datasphere, PAPM, ECC, BI, PI systems8+ years proven experience supporting production SAP systems in a large, multi‑instance landscape2+ years experience supporting audit activities and remediation directly within SAPPreferred QualificationsAbility to balance BAU production support with major transformation initiatives.Strong communication skills with the ability to clearly explain security impacts to both technical and non‑technical partnersExperience supporting SAP S/4HANA transformations or large ERP modernization programsExperience with building SAP S/4 Fiori roles from catalogs/groups and spaces/pagesExperience with design and building of HANA database security roles with System, Object and Analytical privilegesExperience working with Datasphere roles/scoped roles, SAC teams/Roles, role collections in BTP applications like PaPM, Cloud Identity Services.Familiarity with IAM, GRC, ILM, and automated access provisioning frameworks.Experience supporting analytics and reporting platforms integrated with SAP (BW, SAC, AO, etc.)Prior experience in financial services or other regulated industries.What Success Looks Like In This RoleSAP security remains stable, compliant, and business‑enabling throughout ongoing S/4HANA and APEX initiativesAudit requests are handled efficiently with strong ownership and clear documentationBusiness partners experience responsive, well‑explained, hands‑on support.IAM and access management processes continue to improve through practical execution and collaborationThe SAP Security team benefits from knowledge transfer, consistency, and technical mentorshipWhat You Can Expect At MassMutualMassMutual offers the opportunity to do meaningful work within a purpose-driven organization that values long-term impact over short-term outcomes. In this role, you can expect:Clear areas of ownership and accountability, with work that connects directly to company and customer outcomes A collaborative environment where perspectives are welcomed Access to learning, development, and internal networks that support continuous growth and skill-building over time Employee-led communities and forums that foster connection, learning, and inclusion across the organization A culture grounded in integrity, responsibility, and stewardship—supported by a company with a strong legacy and a future-focused mindsetMassMutual is an equal employment opportunity employer. We welcome all persons to apply.If you need an accommodation to complete the application process, please contact us and share the specifics of the assistance you need.California residents: For detailed information about your rights under the California Consumer Privacy Act (CCPA), please visit our California Consumer Privacy Act Disclosures page.