Role: API Security Testing ConsultantSME.
Location: Remote with open for travel to Collegeville PA as per business need.
Start Date: Immediate.
Specific skill set: API security setting up API framework documentation creating playbooks for API Incident management hands on in Traceable. aigood working knowledge on API testing using BurpPostmanTenable.
Years of experience needed: 8 years.
Technical Skills:
- Policies and Standards
- Security requirements for API development
- Authentication and authorization standards
- Data protection guidelines
- ThirdParty API integration guidelines
- API versioning and deprecation policies
- Security incident response and reporting
- Establish CrossFunctional Governance Review Committee
- Establish a process for identifying and categorizing APIs based on their exposure and criticality.
- Develop a standardized review process which covers Architecture/Design Access Controls Logging etc.
- Develop Service Catalog for API Security Consulting & Testing services.
- Services should include architecture review threat modeling code review Pen testing and security training.
- Design and deploy ticketing workflow for managing requests ServiceNow.
- Integrating API security in the CI/CD pipeline
- Assess our current state by conducting an inventory of all APIs and evaluating security posture Traceable.
- Establish an EnterpriseWide API catalog should be maintained by designated owners Enterprise Postman
- Monitor and Detect API security threats Traceable.
Certifications Needed:
- ITIL Preferred APIsec Certified Expert (ACE).