SAP Security and GRC and S4HANA consultant

Having 10 years of experience as SAP Security and GRC consultant on various SAP modules.

Responsibilities GRC 10.0 support activities:• Good knowledge on GRC Access Control 10.0 ( EAM, ARA)• Fire Fighter administration - Creating fire fighter ids and assigning owner and controller.• Mapped Owners, Firefighters and Controllers using NWBC.• Maintaining Connectors and Connection Type• Execution and Simulation of risk analysis at user level and role level against Global and Customized rule set.• Maintaining Rule Set, Function ID; Risk ID with Risk Owners and generating rules• Creation and maintenance of Mitigation controls• Performing Synchronization jobs related to Authorization, Repository Object, Action Usage and Role Usage Jobs in GRC AC 10.0• Activation of BC Sets for Workflow, ARA, EAM. SAP Fiori App Security implementation and support:• Creation of security design document for Fiori app security configuration.• Design and Creation Fiori app specific role into Fiori and ECC box• Map Fiori app Catalog ID and group ID in security roles to provide access to user for specific Fiori app tile access. • Setup system for BRUT and BRIT testing.• Transport Security specific changes related to designed Fiori app into Quality and production• Perform security specific cut –over activities during production cut over phase.• Resolve authorization issues post during critical support phase. Analyze SCR( Software Change Request) and prepare design based on business inputs• Realized the security change • BRUT testing for all the affected roles in Development • Prepare system for BRUT by creating test user and mapping the remediated roles• Fix security issues identified during BRUT• BRIT testing for all the affected roles in Quality• Transportation of Remediate roles from Development -> Quality -> Production.• Support during production cut-over activities.• PCIS (Post security change move to production box) support for security issue.

Project #: Whirlpool ECC upgrade 4.7 to ERP 6.7 with Migration on HANA• Project Title • Whirlpool ECC upgrade From ERP 4.7 to ERP 6.7 with HANA migration• Client(s) • Whirlpool India• Location • Gurgaon, India• Role • Security Consultant Responsibilities • Run SU25 Step on ECC (Sandbox, DEV) Upgraded system• Run SSUA tool and take the output• Analyzed to newly added objects in the affected roles• Prepare list of affected roles due to new authorization object and tcodes and shared same with client to get the Business Input is required• Remediate affected roles as per business input received• Changes in newly added Auth. Objects bases on Business Input• Generate affected roles• Unit testing for all the affected roles in Development • Prepare system for UAT by creating test user and mapping the remediated roles• Fix security issues identified during UAT• Transportation of Remediate roles from Development -> Quality -> Production.• Hyper care and stabilization window support for security issue.HANA Security activities:• Creation of database users on HANA box.• Created Users, Roles, Privileges, Packages, Schemas as part of HANA Security and Development• Involved in SAP HANA Security including User Management, Roles, and Privileges• Involved in HANA Design and Run time role implementation.• Experienced on SAP HANA Authorizations and resolving authorization issue.• Worked on SAP HANA Authentication Methods.• Build Roles in SAP BW & HANA DB (Technical & Functional)

Validating SAP as well as SAP partner's product from Application security point of view and ensuring whether product compelling SAP Security standard.Role and Responsibilities: Application Front-End Security Testing and Authorization Testing. 1. Running corporate requirements: Running OWASP vulnerabilities check using AppScan Tool. perfrom checks like Cross Site Scripting, Cross Site request Forgery, SQL injection, Directory Traversal and Hidden HTML Fields 2. Authorization Testing: Creation of users, Generation of profiles for SAP standard PFCG roles, Re-generate profile. 3. SAP Standard Requirements: Execution of SAP standard requirements based on technology used. E.g. (a) Hidden Html field for secrecy (b) Always use POST in HTML forms for data transmission (c) Search for clear text passwords (d) No asterisks in S_TCODE (e) Unauthorized Access to Config Data (f) Storage of passwords in HTML pages