Key Responsibilities:
Configure and evaluate API security using Cloudflare API gateway and API shield.
Collaborate with API owners and architecture teams to understand *** API space.
Understanding of ingress and egress points and how to protect against malware and other threats.
Establish and maintain operational, configuration and other process/procedures to ensure efficiency of new and existing detective and preventative configuration policies.
Provide support to the Cyber Security Operations Center and Threat Detection Teams with recommendations and handling of their requests for changes, updates and improvements of endpoint polices.
Coordinate with other infrastructure, engineering, and application project/support teams to ensure new policies/assets are deployed and issues impacting tools and systems are resolved quickly and effectively without adversely impacting the affected business systems.
Participate in on-call rotation.
Coordinate with Information Security team to ensure solution assurance and compliance to security policy, procedures, standards, and baseline security configurations.
Understand and advocate IT Security standards, reference architectures.
Demonstrate an understanding of malware, threats, vulnerabilities, and the complete affect these could have in the environment.
Communicate optimally with clients to identify needs and evaluate alternative technical solutions and strategies.
Key Requirements and Technology Experience:
Must Haves: 5+ years of of relevant experience in IT Security. Must have hands-on experience with Cloudflare implementing API security.
One must have deep understanding of cryptography concepts, and experience in decryption of API traffic for security inspection.
API management experience is a must have in platforms such as: MuleSoft, Apigee,and etc.
Must be able to collaborate with API teams to design and document secure API design patterns.
5-7 years of relevant experience in IT Security.
Hands-on experience with Cloudflare implementing API security.
Deep understanding of cryptography concepts: hashing, signing, symmetric/asymmetric encryption and decryption, etc.
Experience in decryption of API traffic for security inspection ex. mTLS, TLS 1.3, etc.
Experience in API management ex. MuleSoft, Apigee, etc.
Collaborate with API teams to design and document secure API design patterns.
Experience assessing and securing APIs in alignment with OWASP and other security standards.
Demonstrated knowledge of API design standards, patterns, and best practices.
Familiar with industry security regulations and frameworks (MITRE Attack Framework, NIST, CIS CSC, etc.)
General understanding of key IT components - Secure LDAP, Networking, firewall, load balancing, Federated Identity.
Familiar with change management processes and activities and change review board routines.
Working knowledge of networking, (routing, DNS, common ports, protocols, and firewalls)
Needs to be organized and have the capability to multitask by working multiple problems, tasks and still seeing tasks through to closure working with all type of endpoint technologies. Must be able to work independently.
Python scripting and automation experience.
Any Graduate