Senior API Security Platform Engineer
The Team
This is a Senior Cyber Engineering role in the API Security team (part of the Application and
Infrastructure Security Product Area) within the Enterprise Cybersecurity business unit.
The focus of this team is to enable API Security Solutions and processes that will help to
improve the Security Posture of our APIs across our infrastructure.
The Expertise You Have
• 5+ years of experience in the field of software engineering ideally with a focus on
Application or API Security
• Strong knowledge of API protocols/frameworks (e.g., REST, SOAP, GraphQL,
gRPC), API gateways, Authentication and Authorization Protocols
(OAuth2/OIDC/JWT etc.).
• Strong Understanding of OWASP API Security Top 10 and secure coding
practices.
• Familiar with common API Vulnerabilities
• Familiarity with runtime security, eBPF, and traffic monitoring for API discovery
would be considered a plus
• Expertise in API Security frameworks and experience with API Security Testing
tools (DAST, AST, etc.) and Runtime API protection platforms would be
considered a plus
• Any application security experience, including Pen Testing, Static Composition
Analysis (SCA), Static Application Security Testing (SAST), Dynamic Application
Security Testing (DAST), and Web Application Firewalls (WAF) would be
considered a plus
The Skills You Bring
• Proven knowledge and experience of engineering principles, patterns and
practices
• Experience with modern agile engineering approaches and focus on operational
excellence.
• You have shown the ability to engage with other teams or vendors in a positive
manner to collaborate to achieve a positive outcome
• Excellent interpersonal and communication skills
• Strong analytical skills and ability to tackle issues and work through ambiguous
situations by making timely decisions based on facts, knowledge, experience,
and judgement.
• You have a passion for continual learning and are always ready to guide, support
and/or mentor other members of your team!
