API Security Engineer

Title: API Security Engineer

Primary Responsibilities

· Perform ongoing governance and follow-through with API owners to ensure implementation of threat-based requirements.
· Develop, deliver and keep up-to-date API security standard requirements and design patterns.
· Validate implementation of API security controls against outputs of vulnerability testing tools to enable auditability and verifiability.
· Serve as an API security technical advisor to application teams.
· Evangelize API security design principles.
· Collaborate as API security subject matter expert within the organization.

Security and Technical Experience
· Direct hands-on experience developing and securing web APIs and web applications: REST, SOAP, gRPC.
· Direct hands-on experience with security testing of web services and web APIs.
· Solid hands-on experience with leading threat modelling exercises for applications and services.
· Solid understanding of risk management, security architecture and secure SDLC practices.
· Strong experience and understanding of API identity and access management controls: OAuth 2.0, OIDC, JWT
· Strong experience and understanding of familiarity with cryptography controls: Data at
rest, in motion and in-use.
· Experience with industry standards and frameworks: NIST 800-53, NIST CSF, OWASP, SANS Top 25.
· Experience with Java, JavaScript and mobile application development.
· Familiarity with database architectures: Oracle, SQL and NoSQL Databases.
· Information security professional certifications such as SANS GIAC, CISSP, CISM.
· Experience with service-oriented architectures and web services security.

Desired Skills: 
· Experience mentoring application security and secure development practices to team.
· Experience with DevOps processes in a Cloud/SaaS environment.
· Experience architecting, securing, and operating one or more public cloud environments: Amazon Web Services, Google App Engine, AZURE, and Oracle Cloud.
· Experience with one or more emerging programming languages: Go, Rust.

Tags:
API-Security, TPM, Rest, SOAP, GRPC, Web API, OAuth-2.0