SAP Penetration Tester

LOCATION Hybrid – Spring, TX 77373 DESCRIPTION We are seeking an experienced SAP Penetration Tester to support enterprise security assessments across complex SAP environments, including S/4HANA, NetWeaver, and Fiori. The ideal candidate will be skilled in evaluating vulnerabilities across application, transport, and OS/DB layers and recommending actionable remediation strategies aligned with compliance requirements and business risk. Primary skill set (mandatory technical skill sets): SAP security testing across HANA, NetWeaver, Fiori, and ABAP code Hands-on experience with SAP penetration testing tools such as Onapsis and ERPScan Strong knowledge of RFC gateway, ICM/Web Dispatcher, SM59 misuse, SAPRouter vulnerabilities Identification of SoD conflicts, insecure TCODEs, and authorization flaws ABAP code review experience for injection flaws, logic bugs, hardcoded credentials OS/DB-level penetration testing (e.g., default SAP/Oracle credentials, RFC/transport vulnerabilities) Ability to collaborate closely with InfoSec, BASIS, and Audit teams Must Have skill sets: 5+ years in SAP security or penetration testing Proficiency in Python and scripting custom automation for SAP assessments Familiarity with STRIDE and MITRE ATT&CK frameworks for ERP threat modeling Ability to produce both technical and executive-level risk reports Fluent written and spoken English Nice to Have skill sets: Experience with SAP GRC, ST03N analysis, and integrating SAP logs with SIEM (e.g., Splunk) Familiarity with Fiori Launchpad security, SOAP injection, and IDOR in UI5 apps Experience training SAP developers on secure ABAP coding practices Certifications: OSCP, CEH, SAP Security Certification Contact: jorge.flores@pantheon-inc.com