Overview
Skills
Job Details
Job Description (Posting). Position-API Security Engineer
Location-Los Angeles, CA (Onsite-3 days a week)
Please look for local profiles or resource who is comfortable to work onsite from Los Angeles, CA
Experience Required-7-10 years
Skill (Primary): INFORMATION SECURITY-API OPERATIONS-CA API GATEWAY (LAYER 7) - Operations
Job Description
1. Configuring Secured APIs: The primary responsibility is to configure APIs to ensure they are secure. This involves implementing security measures to protect APIs from threats and vulnerabilities.
2. Enhancing Security for Directory Services: The engineer is responsible for enhancing the security of directory services using certificate-based communication. This includes ensuring that communication between services is secure and encrypted
3. Experience with API Security Configurations: The role requires extensive experience with API security configurations. This includes knowledge of best practices and standards for securing APIs
Technical Skills:
1. Expertise in API security mechanisms such as OAuth 2.0, OpenID Connect, API keys, JWT, rate limiting, and IP listing.
2. Security Tools & Frameworks: Experience with API security tools (e.g., Postman, Burp Suite, OWASP ZAP), WAFs, API Gateways, and SIEM tools for monitoring and detecting API threats.
3. Authentication & Authorization: Deep knowledge of authentication protocols, including OAuth, OpenID Connect, SAML, and API token management.
4. Knowledge of Vulnerabilities: Familiarity with the OWASP API Security Top 10, and experience in identifying and mitigating common API vulnerabilities such as injection attacks, improper authentication, and excessive data exposure.
5. Compliance Knowledge: Understanding of relevant security and compliance standards, such as GDPR, PCI DSS, and SOC 2, and their impact on API security.
6. Scripting & Automation: Familiarity with scripting languages (e.g., Python, Bash) to automate security tasks and API security testing.