SAP Security & Platform Systems Engineer

Archer • San Jose, California, United States

Archer is an aerospace company based in San Jose, California building an all-electric vertical takeoff and landing aircraft with a mission to advance the benefits of sustainable air mobility. We are designing, manufacturing, and operating an all-electric aircraft that can carry four passengers while producing minimal noise.

Our sights are set high and our problems are hard, and we believe that diversity in the workplace is what makes us smarter, drives better insights, and will ultimately lift us all to success. We are dedicated to cultivating an equitable and inclusive environment that embraces our differences, and supports and celebrates all of our team members.

We are seeking a SAP Security & Platform Systems Engineer. This specialized role is responsible for the secure architecture and technical integration of our SAP S/4HANA RISE environment. The ideal candidate will bridge the gap between traditional SAP Security and modern Cloud Platform administration, ensuring robust, compliant, and well-connected SAP systems.

What You'll Do:

SAP Security & Access Governance
- Access Model Ownership: Design, build, and maintain S/4HANA business roles, Fiori catalogs, and authorization groups.
- Identity Management: Perform configuration and troubleshooting of user provisioning and authentication workflows.
- Compliance & Audit: Participate in technical efforts for SOX and ITGC audits, managing GRC/IAG (including SoD rulesets and Emergency Access/Firefighter) and providing technical evidence.
- System and Data-Level Security: Perform vulnerability Assessment, secure Fiori apps/Web services and govern security measures at the CDS-view and OData service layer
Platform Connectivity & System Administration
- Cloud Ecosystem Integration: Design and manage technical trust configurations (SAML 2.0, OAuth 2.0, Principal Propagation) across S/4HANA, BTP, and SAP Analytics Cloud (SAC) etc.
- BTP Management: Administer BTP subaccounts, service entitlements, and technical destinations.
- Secure Connectivity: Install, configure, and monitor SAP Cloud Connectors to maintain secure data transfer between the RISE private cloud and BTP/external services.
- Certificate Authority: Manage the full lifecycle of X.509 certificates and SSL handshakes within the entire SAP landscape.
- RISE Coordination: Serve as the technical liaison with SAP RISE operations for system-level changes (e.g., refreshes, kernel parameters, OS configurations).

What You'll Need:

10+ years in SAP technical roles, with a minimum of 3 years focused on S/4HANA and the Business Technology Platform (BTP).
Expert proficiency in PFCG, SU24 optimization, and Fiori security architecture.
Direct, practical experience with the SAP BTP Cockpit and SAP Cloud Connector.
Proven ability to troubleshoot and manage Identity Protocols: SAML, OAuth2, and OpenID Connect (OIDC).
Direct experience managing SOX/ITGC compliance requirements in a regulated or publicly traded company, reduce SOD violations
Skilled in performing comprehensive end-to-end traces (e.g., ST01, browser traces, Cloud Connector logs) to diagnose connectivity and authorization issues.
Investigate and resolve Authorization-related issues, performing root cause analysis to prevent future breaches.
Clear understanding of the SAP RISE shared responsibility model.

Please note that this job description is intended to provide a general overview of the position and does not include an exhaustive list of responsibilities and qualifications.

At Archer we aim to attract, retain, and motivate talent that possess the skills and leadership necessary to grow our business. We drive a pay-for-performance culture and reward performance that supports the Company’s business strategy. For this position we are targeting a base pay between $152,100 - $190,100. Actual compensation offered will be determined by factors such as job-related knowledge, skills, and experience.

We are an equal-opportunity employer committed to creating a diverse and inclusive workplace. All qualified applicants will receive equal consideration for employment without regard to race, color, creed, religion, sex, gender identity, sexual orientation, national origin, disability, uniform service, Veteran status, age, or any other protected characteristic per federal, state, or local law, including those with a criminal history, in a manner consistent with the requirements of applicable state and local laws.

By applying, you agree to be bound by our candidate privacy policy.

Archer is committed to working with and providing reasonable accommodations to job applicants with physical or mental disabilities, and those with sincerely held religious beliefs. Applicants who may require reasonable accommodation for any part of the application or hiring process should provide their name and contact information to Archer’s People Team at people@archer.com. Reasonable accommodations will be determined on a case-by-case basis.

Information collected and processed as part of any job applications you choose to submit is subject to Archer's Candidate Privacy Policy.

Archer is unable to provide work visa sponsorship for this position at the present time.

Archer is proud to be an Equal Opportunity employer committed to diversity and inclusivity in the workplace. All aspects of employment are decided on the basis of merit, qualifications, and business needs. We do not discriminate based upon race, color, religion, sex, sexual orientation, age, national origin, disability status, protected veteran status, gender identity or any other characteristic protected by federal, state or local laws.

Archer Aviation does not engage with external recruiting agencies/individual recruiters with whom it does not have a prior written agreement. Archer reserves the right to make use of any unsolicited resumes that it receives and bears no responsibility for payment of any fees asserted from the use of unsolicited resumes. If you are a recruiting agency or individual recruiter wishing to do business with Archer, please reach out to People@archer.com. All employment processes are managed by the Archer People Team.

Apply Now