👋🏼 We're Nagarro. We are a digital product engineering company that is scaling in a big way! We build products, services, and experiences that inspire, excite, and delight. We work at scale — across all devices and digital mediums, and our people exist everywhere in the world (18 000+ experts across 39 countries, to be exact). Our work culture is dynamic and non-hierarchical. We're looking for great new colleagues. That's where you come in! By this point in your career, it is not just about the tech you know or how well you can code. It is about what more you want to do with that knowledge. Can you help your teammates proceed in the right direction? Can you tackle the challenges our clients face while always looking to take our solutions one step further to succeed at an even higher level? Yes? You may be ready to join us

- Design and implement SAP Identity Authentication Service (IAS) and Identity Provisioning Service (IPS) architectures

- Integrate SAP BTP with corporate IdPs (Azure AD, Entra ID, AD, LDAP, SAML, OAuth2, OpenID Connect) - Configure Single Sign-On (SSO), MFA, Conditional Access, and Trust configurations

- Manage user lifecycle, role mapping, and automated provisioning/de-provisioning across SAP systems Security & Compliance

- Implement and govern SAP Cloud Identity Services (CIS) best practices

- Define security standards for BTP applications, APIs, AI services, and integrations

- Support compliance requirements (ISO 27001, GDPR, SOC, internal security policies)

- Conduct security reviews, risk assessments, and audits for SAP BTP landscapes BTP & AI Enablement

- Secure AI-enabled SAP services (e.g., SAP AI Core, AI Launchpad, Joule, custom AI apps on BTP)

- Ensure secure access to APIs, data, and AI models using OAuth2, XSUAA, and service bindings

- Collaborate with SAP architects, AI teams, and developers to embed security by design Operations & Governance

- Monitor and troubleshoot authentication, provisioning, and authorization issues

- Establish identity governance, access reviews, and logging/monitoring strategies

- Create security documentation, standards, and operational runbooks

- At least 6 years in SAP Security with strong hands-on experience in SAP BTP

- Deep expertise in IAS, IPS, and SAP Cloud Identity Services (CIS)

- Strong knowledge of SAML 2.0, OAuth 2.0, OpenID Connect, JWT, X.509

- Experience integrating SAP with Azure AD / Entra ID

- Solid understanding of BTP security services (XSUAA, Destination Service, API Management) 

- Familiarity with SAP GRC, audit processes, and regulatory frameworks