drjobs API Security

Employer Active

1 Vacancy
drjobs

Job Alert

You will be updated with latest job alerts via email
Valid email field required
Send jobs
Send me jobs like this
drjobs

Job Alert

You will be updated with latest job alerts via email

Valid email field required
Send jobs
Jobs by Experience drjobs

3-8years

Job Location drjobs

Hyderabad - India

Salary drjobs

Not Disclosed

drjobs

Salary Not Disclosed

Vacancy

1 Vacancy

Job Description

Do you love a career where you Experience Grow & Contribute at the same time while earning at least 10% above the market If so we are excited to have bumped onto you.


We are an IT Solutions Integrator/Consulting Firm helping our clients hire the right professional for an exciting long term project. Here are a few details.



Requirements

We are seeking an experienced API Security Engineer with strong expertise in software development API security and a solid foundation in web technologies. This role involves securing APIs across various applications collaborating with development and security teams and implementing best practices to protect against security threats. The ideal candidate will possess a mix of development skills security engineering knowledge and handson experience with API security tools and management solutions.

Key Responsibilities:

  • Software Development: Utilize your experience in software development to design build and maintain secure APIs. Leverage skills in one or more programming languages such as .NET Python Java with Spring Boot (REST) JavaScript (Node.js/React) and Go to implement and support robust security measures.

  • API Security Implementation: Design and implement API security measures including secure architecture design patterns and integration for various models (B2B A2A B2C). Collaborate with crossfunctional teams to ensure API security is integral to the application lifecycle.

  • Use of Security Tools: Work with tools like OWASP ZAP Veracode and Postman to detect vulnerabilities test APIs and validate security postures. Additionally utilize advanced API security tools such as Noname Salt and Neosec to secure API endpoints and enforce security policies.

  • API Management Solutions: Implement and configure API management platforms like Mulesoft Apigee and others to enforce API access control traffic management and performance monitoring.

  • Foundational Security Knowledge: Apply a thorough understanding of software engineering principles computer systems and security engineering fundamentals. Use this foundational knowledge to assess and implement effective security controls for APIs and web applications.

  • Web Technology Expertise: Utilize advanced knowledge of web technologies particularly web services web applications Service Oriented Architectures (SOA) and network/web protocols. This expertise will aid in identifying and addressing security vulnerabilities in web and API environments.

  • Threat Modeling and Remediation: Develop and apply application threat models. Address and remediate risks associated with common vulnerabilities such as those listed in OWASP API Top 10 CIS Top 10 and SANS Top 25. Implement mitigations to reduce the risk posed by these vulnerabilities.

  • Attacker Tactics and Mitigations: Stay updated on the latest attacker tactics techniques and procedures (TTPs) and apply effective mitigation strategies. Analyze potential security threats and work with development teams to proactively address them.

  • Authorization Authentication and Cryptography: Demonstrate a solid understanding of authorization and authentication standards as well as applied cryptography. Assess and address security vulnerabilities in applications and APIs by enforcing robust access controls.

Required Qualifications and Experience:

  • Experience in Software Development: Minimum of 3 years of experience in software development using .NET Python Java/Spring Boot JavaScript (Node.js/React) and/or Go.

  • API Security Experience: At least 3 years of experience in API security including designing secure APIs working with security patterns and architecting API solutions for integrations across B2B A2A and B2C models.

  • Security Tool Expertise: Handson experience with security tools such as OWASP ZAP Veracode Postman and API security platforms like Noname Salt and Neosec.

  • API Management Platform Proficiency: Knowledge and experience with API management solutions like Mulesoft and Apigee for secure API gateway configuration and management.

  • Web Technology and Protocol Knowledge: Strong background in web technologies including web services SOA web applications and an understanding of network/web protocols.

  • Application Threat Modeling: Familiarity with application threat modeling techniques particularly in remediation for OWASP API Top 10 CIS Top 10 and SANS Top 25.

  • Attacker Techniques and Countermeasures: Knowledge of attacker tactics techniques and procedures (TTPs) and effective mitigation methods.

Preferred Qualifications:

  • Educational Background: Bachelor s degree in Computer Science or a related technical field is preferred.

  • Application Monitoring and DevOps Security: Experience with application monitoring managed services in DevOps Threat and Vulnerability Management for application infrastructure source code verification link analysis and threat modeling.

  • Information Security Knowledge: Comprehensive understanding of Information Security principles including OWASP/SANS Security Test Case (misuse case) development objectoriented analysis and design (OOAD) notations emerging threats and vulnerability management practices.

  • Threat Research and Analysis: Ability to research and characterize security threats including identifying and classifying applicationrelated threat indicators to develop proactive defenses.

  • Certifications: Relevant certifications such as SANS Secure Coding Security Engineering Web Application Security ISC2 CSSLP OSCP or equivalent are a plus reflecting proficiency in secure coding practices and web application security principles.



Benefits



Communication Skills Negotiation skills

Employment Type

Full Time

About Company

Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.