API Security Engineer

Job Description

Job Description

Position-API Security Engineer

Location-Los Angeles, CA (Onsite-3 days a week)

Please look for local profiles or resource who is comfortable to work onsite from Los Angeles, CA

Experience Required-7-10 years

Job Description

1. Configuring Secured APIs : The primary responsibility is to configure APIs to ensure they are secure. This involves implementing security measures to protect APIs from threats and vulnerabilities.

2. Enhancing Security for Directory Services : The engineer is responsible for enhancing the security of directory services using certificate-based communication. This includes ensuring that communication between services is secure and encrypted

3. Experience with API Security Configurations : The role requires extensive experience with API security configurations. This includes knowledge of best practices and standards for securing APIs

Technical Skills :

1. Expertise in API security mechanisms such as OAuth 2.0, OpenID Connect, API keys, JWT, rate limiting, and IP whitelisting.

2. Security Tools & Frameworks : Experience with API security tools (e.g., Postman, Burp Suite, OWASP ZAP), WAFs, API Gateways, and SIEM tools for monitoring and detecting API threats.

3. Authentication & Authorization : Deep knowledge of authentication protocols, including OAuth, OpenID Connect, SAML, and API token management.

4. Knowledge of Vulnerabilities : Familiarity with the OWASP API Security Top 10, and experience in identifying and mitigating common API vulnerabilities such as injection attacks, improper authentication, and excessive data exposure.

5. Compliance Knowledge : Understanding of relevant security and compliance standards, such as GDPR, PCI DSS, and SOC 2, and their impact on API security.

6. Scripting & Automation : Familiarity with scripting languages (e.g., Python, Bash) to automate security tasks and API security testing.

Experience : 7-12 Years