Title: API Security Engineer
Location: Los Angeles, CA (Onsite-3 days a week)
Terms: Contract
Job Details:
Job Description
- Configuring Secured APIs: The primary responsibility is to configure APIs to ensure they are secure. This involves implementing security measures to protect APIs from threats and vulnerabilities.
- Enhancing Security for Directory Services: The engineer is responsible for enhancing the security of directory services using certificate-based communication. This includes ensuring that communication between services is secure and encrypted
- Experience with API Security Configurations: The role requires extensive experience with API security configurations. This includes knowledge of best practices and standards for securing APIs
Technical Skills:
- Expertise in API security mechanisms such as OAuth 2.0, OpenID Connect, API keys, JWT, rate limiting, and IP whitelisting.
- Security Tools & Frameworks: Experience with API security tools (e.g., Postman, Burp Suite, OWASP ZAP), WAFs, API Gateways, and SIEM tools for monitoring and detecting API threats.
- Authentication & Authorization: Deep knowledge of authentication protocols, including OAuth, OpenID Connect, SAML, and API token management.
- Knowledge of Vulnerabilities: Familiarity with the OWASP API Security Top 10, and experience in identifying and mitigating common API vulnerabilities such as injection attacks, improper authentication, and excessive data exposure.
- Compliance Knowledge: Understanding of relevant security and compliance standards, such as GDPR, PCI DSS, and SOC 2, and their impact on API security.
- Scripting & Automation: Familiarity with scripting languages (e.g., Python, Bash) to automate security tasks and API security testing.
Regards,
Srijan Roy
Talent Acquisition Specialist
Cynet Systems