API Security Technical Engineer | Remote | Long-Term Contract Opportunity

**Only candidates presently in the US with a valid visa to work here need apply**

Hiring an API Security Technical Engineer for a premium client of ours.

API Security-Technical project manager with proven strong technical competence and leadership capability to contribute towards the success of enterprise wide API security initiatives. The Senior API Security Engineer serves as a subject matter expert in API security and plays an integral role in managing, monitoring & reporting on API security risk reduction.

Primary Responsibilities:

• Perform ongoing governance and follow-through with API owners to ensure implementation of threat-based requirements.

• Develop, deliver and keep up-to-date API security standard requirements and design patterns.

• Validate implementation of API security controls against outputs of vulnerability testing tools to enable auditability and verifiability.

• Serve as an API security technical advisor to application teams.

• Evangelize API security design principles.

• Collaborate as API security subject matter expert within the organization.

Security and Technical Experience

• Direct hands on experience developing and securing web APIs and web applications: REST, SOAP, gRPC.

• Direct hands-on experience with security testing of web services and web APIs.

• Solid hands-on experience with leading threat modeling exercises for applications and services.

• Solid understanding of risk management, security architecture and secure SDLC practices.

• Strong experience and understanding of API identity and access management controls: OAuth 2.0, OIDC, JWT

• Strong experience and understanding of familiarity with cryptography controls: Data at rest, in motion and in-use.

• Experience with industry standards and frameworks: NIST 800-53, NIST CSF, OWASP, SANS Top 25.

• Experience with Java, JavaScript and mobile application development.

• Familiarity with database architectures: Oracle, SQL and NoSQL Databases.

• Information security professional certifications such as SANS GIAC, CISSP, CISM.

• Experience with service-oriented architectures and web services security.

Desired Skills:

• Experience mentoring application security and secure development practices to team.

• Experience with DevOps processes in a Cloud/SaaS environment.

• Experience architecting, securing, and operating one or more public cloud environments: Amazon Web Services, Google App Engine, Azure, and Oracle Cloud.

• Experience with one or more emerging programming languages: Go, Rust.