API Security Engineer

Location: Plano, TX
Description: API Security Engineer

Location: Plano, TX (Hybrid)
Job Type: Long-term W2 Contract
About the Job
Our client is seeking a knowledgeable and proactive API Security Engineer to join their cybersecurity team. In this role, you will be responsible for securing APIs across the enterprise by identifying vulnerabilities, implementing best practices, and collaborating with development and DevOps teams to ensure secure design, deployment, and monitoring of APIs.
Responsibilities

• Design and implement security controls for internal and external APIs.
• Conduct API security assessments, including penetration testing, fuzzing, and vulnerability scanning.
• Monitor API traffic for anomalies, abuse, and threats using API gateways and security tools.
• Collaborate with development and DevOps teams to embed security into the API lifecycle (design, development, testing, deployment).
• Define and enforce API security standards including authentication, authorization, rate limiting, and encryption.
• Develop and maintain API security policies, documentation, and response procedures.
• Stay current with emerging API threats, vulnerabilities, and security technologies.
• Assist in incident response and forensic analysis related to API security breaches.
• Evaluate and implement API security tools such as WAFs, API gateways, and runtime protection platforms.

Minimum Qualifications

• Bachelor's degree in Computer Science, Cybersecurity, or a related field (or equivalent experience).
• 3+ years of experience in application or API security.
• Strong understanding of RESTful and GraphQL APIs, OAuth2, JWT, and API authentication mechanisms.
• Experience with API gateways (e.g., Apigee, AWS API Gateway, Kong, Azure API Management).
• Familiarity with OWASP API Security Top 10 and secure coding practices.
• Hands-on experience with tools like Postman, Burp Suite, OWASP ZAP, or similar.
• Knowledge of common API vulnerabilities such as injection, broken authentication, and excessive data exposure.

Preferred Qualifications

• Certifications such as:
  • GIAC Web Application Penetration Tester (GWAPT)
  • Certified API Security Professional (APIsec University)
  • Offensive Security Web Expert (OSWE)
• Experience with DevSecOps and CI/CD pipeline integration.
• Familiarity with cloud-native API security in AWS, Azure, or Google Cloud Platform.
• Experience securing and managing API gateways, including policy enforcement and identity integration.
• Scripting or programming experience (e.g., Python, JavaScript).

By providing your phone number, you consent to: (1) receive automated text messages and calls from the Judge Group, Inc. and its affiliates (collectively "Judge") to such phone number regarding job opportunities, your job application, and for other related purposes. Message & data rates apply and message frequency may vary. Consistent with Judge's Privacy Policy, information obtained from your consent will not be shared with third parties for marketing/promotional purposes. Reply STOP to opt out of receiving telephone calls and text messages from Judge and HELP for help.

Contact:

This job and many more are available through The Judge Group. Please apply with us today!