We are seeking a skilled and motivated API Security Assessment Engineer to join our team. The ideal candidate will have experience in API security assessments and possess a basic understanding of various technologies such as AWS Lambda, Serverless Framework, Kubernetes, Docker, Apache Kafka, Istio etc. This is an excellent opportunity for a junior to mid-level professional looking to develop their expertise in API security and contribute to the security posture of our organization.Responsibilities:Conduct security assessments of APIs to identify potential vulnerabilities, weaknesses, and risks.Collaborate with development teams to provide guidance on implementing secure API architectures.Perform code reviews and provide recommendations for secure coding practices.Assist in the development and maintenance of security testing methodologies, tools, and frameworks for API security assessments.Stay updated with the latest security threats, vulnerabilities, and industry best practices related to API security.Create and maintain documentation of security assessment findings, recommendations, and mitigation strategies.Collaborate with cross-functional teams to remediate identified vulnerabilities and ensure the security of APIs.Participate in the design and implementation of secure API authentication and authorization mechanisms.Contribute to training and workshops for development teams on API security best practices.Requirements:Bachelor's degree in Computer Science, Information Security1-5 years experienceExperience or strong interest in API security assessments and vulnerability management.Basic understanding of API security best practices and standards (e.g., OWASP API Security Top 10).Familiarity with some of the following technologies: AWS Lambda, Serverless Framework, Kubernetes, Docker, Apache Kafka, Istio, Envoy Proxy, Grafana, Prometheus, Cert Manager, Alert Manager, DEX, Kiali, Fluentd, Jaeger, Gigya, Okta.Knowledge of authentication and authorization protocols (e.g., OAuth, JWT) is a plus.Familiarity with security assessment tools such as Burp Suite, OWASP ZAP, or similar is a plus.Basic understanding of secure coding practices and common vulnerabilities in web applications and APIs.Strong problem-solving and analytical skills.Excellent written and verbal communication skills.Ability to work independently and collaboratively in a fast-paced environment.Preferred Qualifications:Master's degree in Computer Science, Information SecurityRelevant certifications such as Certified Secure Software Lifecycle Professional (CSSLP) or Certified Application Security Engineer (CASE) are a plus.
