Senior Cybersecurity Engineer- API Security


The API Security Sr Engineer will act as a subject matter expert for defining strategies and implementing solutions to understand and mitigate the unique vulnerabilities and security risks of Application Programming Interfaces (APIs). They will provide leadership ensuring consistent success of project tasks towards service objectives and deliverables. The Sr Engineer will need a strong background in DevOps patterns, development background specifically with API,and automation including secure code best practices, application security, web application security and security monitoring operations. They will also take point designing, building, and maintaining the service infrastructure and internal/external knowledgebases. As a primary technical point of contact for the API Security services, the Sr Engineer must be adept at building relationships with partner teams, business communication, and possess strong interpersonal skills.

10% – Planning & Analysis:
Researches and analyzes business trends and behavioral data to identify opportunities for improvements and new initiatives
Drives the evaluation, development, and recommendation of specific technology products and platforms to provide cost-effective solutions that meet business and technology requirements
Researches and designs best fit infrastructure, network, database, and security architectures for products
Proactively creates and maintains tools for monitoring and support
Participates in project planning and reporting across multiple efforts

30% – Delivery & Execution:
Drives configuration, debugging, and support for infrastructure
Drives field and corporate roll-outs of technology
Drives the stand up of necessary system software, hardware, and equipment (physical or virtual) to meet changing infrastructure needs

50% – Support & Enablement:
Collaborates with product and project teams to understand needs and enable them with infrastructure
Supports technology architecture design review efforts for project and product teams
Leverages tooling and custom applications to monitor the operational status of applications, infrastructure, networks, databases, and security; optimizes and tunes performance as appropriate
Drives root cause analysis, debugging, support, and post-mortem analysis for security incidents and service interruptions
Maintains, upgrades, and supports existing systems and infrastructure to ensure operational stability
Opens and manages vendor problem tickets to resolution
Drives the production of in-house documentation around solutions
Monitors tools and proactively helps teams struggling with systems issues
Provides application support for software running in production
Creates scripts and tools that drive automation and enable product teams and end users to move towards self service

10% – Learning:
Keeps abreast of innovations and industry trends as well as changes to internal systems and determines how they impacts tools, training, and support necessary to keep systems up, running, and secure
Participates in and contributes to learning activities around modern systems engineering core practices (communities of practice)
Proactively views articles, tutorials, and videos to learn about new technologies and best practices being used within other technology organizations

Typically reports to the Systems Engineer Manager or Sr. Manager.

Located in a comfortable indoor area. Any unpleasant condition would be infrequent and unobjectionable.

Typically requires overnight travel less than 10% of the time.
Must be eighteen years of age or older.
Must be legally permitted to work in the United States.

Additional Minimum Qualifications:
Must be legally permitted to work in the United States

Education Required:
The knowledge, skills and abilities typically acquired through the completion of a bachelor’s degree program or equivalent in a field of study related to the job.

Years of Relevant Work Experience: 1 years

Physical Requirements:
Most of the time is spent sitting in a comfortable position and there is frequent opportunity to move about. On rare occasions there may be a need to move or lift light articles.
Additional Qualifications:

Preferred Qualifications:
3-5 years of relevant work experience

  • Understanding of web application security, understanding of API OWASP top 10
  • Experience working with APIs, API Management, and Load Balancers
  • Understand L3-L7 protocols, HTTP and SSL.
  • Understanding the API ecosystem tools and technologies such as Postman, Swagger.
  • Experience working in a security operations center environment
  • Previous pen testing experience
  • Kubernetes, Docker, or other containerization technologies
  • Cloud Service Provider Platforms: AWS, GCP or Azure
  • Experience with Linux and K8s administration. Ability to install Linux, K8s, and Docker applications.
  • Basic understanding of Cybersecurity Governance patterns: Policy – Standards – Control Solutions
  • Basic Network Security principals – basic segmentation, firewall rules, best practices, limiting administrative ports, protecting workloads with WAF
  • IAM fundamentals – principal of least privilege, authN, authZ, RBAC
  • Basic Data Security principals – encryption in flight, encryption at rest, DLP fundamentals
  • Operating System fundamentals – preferably in the Linux space, but deep Windows skills are workable
  • Internetworking fundamentals – OSI model, troubleshooting at each layer, basic network capture analysis, network and application load balancing (L4, L7), client-server operating model.
  • Intermediate to Advanced scripting / automation skills.
  • DevOps fundamentals – rapid application development and deployment lifecycle . Secure software development lifecycle (SSDLC).
  • System monitoring fundamentals – performance troubleshooting and analysis at system level using native OS performance metrics counters and system logs. Ability to correlate logs and events to find root cause of systemic or acute impacting issues.

Knowledge, Skills, Abilities and Competencies:

  • Action Oriented: Taking on new opportunities and tough challenges with a sense of urgency, high energy, and enthusiasm
  • Collaborates: Building partnerships and working collaboratively with others to meet shared objectives
  • Communicates Effectively: Developing and delivering multi-mode communications that convey a clear understanding of the unique needs of different audiences
  • Cultivates Innovation: Creating new and better ways for the organization to be successful
  • Drives Results: Consistently achieving results, even under tough circumstances
  • Global Perspective: Taking a broad view when approaching issues; using a global lens
  • Interpersonal Savvy: Relating openly and comfortably with diverse groups of people
  • Manages Ambiguity: Operating effectively, even when things are not certain or the way forward is not clear
  • Nimble Learning: Actively learning through experimentation when tackling new problems, using both successes and failures as learning fodder
  • Self-Development: Actively seeing new ways to grow and be challenged using both formal and informal development channels
  • Situational Adaptability: Adapting approach and demeanor in real time

More Information

Apply for this job

Leave your thoughts

Share this job