Jeremiah,
That depends upon what you mean by 'SAP security testing'.
Any tester may be asked to check that their authorization package meets business requirements. E.G. after the testers have logged onto the application, do they have adequate authorization to do their designated business tasks.
Beyond that, authorization within SAP applications is typically the responsibility of a dedicated authorization group. Authorization to gain connectivity to the SAP system in question is typically the responsibility of yet another dedicated group.
The project manager will tell you what tests you will need to perform.
Best Regards,
DB49