API Security Engineer

Description:

Looking for a highly motivated person to fill the role as an API Security Engineer.We are looking for a knowledgeable and proactive API Security Engineer to join our security team. In this role, you will be responsible for securing APIs across the organization by identifying vulnerabilities, implementing best practices, and collaborating with development teams to ensure secure design and deployment of APIs.

• Design and implement security controls for APIs across internal and external applications.
• Conduct API security assessments, including penetration testing, fuzzing, and vulnerability scanning.
• Monitor API traffic for anomalies, abuse, and potential threats using API gateways and security tools.
• Collaborate with development and DevOps teams to integrate security into the API lifecycle (design, development, testing, deployment).
• Define and enforce API security standards, including authentication, authorization, rate limiting, and encryption.
• Develop and maintain API security policies and documentation.
• Stay current with emerging API threats, vulnerabilities, and security technologies.
• Assist in incident response and forensic analysis related to API security breaches.
• Evaluate and implement API security tools such as WAFs, API gateways, and runtime protection platforms.

Requirements:

• Bachelor s degree in Computer Science, Cybersecurity, or a related field (or equivalent experience).
• 3+ years of experience in application or API security.
• Strong understanding of RESTful and GraphQL APIs, OAuth2, JWT, and API authentication mechanisms.
• Experience with API gateways including configuring authentication, authorization, rate limiting, and threat protection policies (e.g., Apigee, AWS API Gateway, Kong, Azure API Management).
• Familiarity with OWASP API Security Top 10 and secure coding practices.
• Hands-on experience with tools like Postman, Burp Suite, OWASP ZAP, or similar.
• Knowledge of common API vulnerabilities such as injection, broken authentication, excessive data exposure, etc.

Added bonus if you have

• Certifications such as:
• GIAC Web Application Penetration Tester (GWAPT)
• Certified API Security Professional (by APIsec University)
• Offensive Security Web Expert (OSWE)
• Experience with DevSecOps and CI/CD pipeline integration.
• Familiarity with cloud-native API security in AWS, Azure, or Google Cloud Platform.
• Familiarity with securing and managing API gateways, including policy enforcement, traffic monitoring, and integration with identity providers. Scripting or programming experience (Python, JavaScript, etc.)