Hands on experience designing, developing, and testing secure APIs (e.g. with REST, GraphQL and gRPC)
Experience with software engineering (you can write robust code and can point to specific examples of projects you have successfully delivered in the past)
Experience automating API security assessments into CI/CD pipelines
Experience with at least one of the following languages: Python, Java, or JavaScript
Best shall be candidate experience in API Security, AuthN and AuthZ for APIs and Automation experience. Average shall be candidate with API Security testing skill and triage experience
In this role the Security Engineer supports efforts to minimize API security risk by discovering, managing, monitoring, and reporting on API security vulnerabilities while supporting the Automation of DevSecOps practice and pipeline
Responsibilities include participation in the creation and maintenance of API security specifications, reviewing software designs to ensure appropriate/required security controls have been included in designs, administering API security testing tools (Salt/Neo/Data Theorem), performing API code reviews, attesting compliance with the security requirements, and advising Product development teams on API-related technical issues and questions.
Candidate will work with Product development community and other technical team members to review existing and/or new APIs/web services in support of Security control implementations that align with Information Security policies, procedures, and accepted best practices