You will lead the technical strategy for securing APIs through automated scanning, runtime protection, and pattern definition.
Responsibilities
- Lead technical conversations to establish API management strategies and security patterns.
- Write security requirements using threat modeling to guide engineers in building secure applications.
- Engineer automated security solutions and custom APIs using serverless technologies.
- Collaborate with stakeholders to address information security risks and meet regulatory requirements.
- Define and implement API discovery, scanning, and security tooling.
Required Skills
- 8+ years of engineering or IT security experience.
- Strong expertise in API development, discovery, scanning, and security tooling.
- Extensive experience designing and deploying serverless solutions using AWS Lambda and AWS API Gateway.
- Proficiency with Python and IaC using Terraform.
- Hands-on experience with CI/CD pipelines and Jenkins.
- Deep understanding of the SDLC and integrating security controls into automated pipelines.
- Experience with SAST/SCA and secure code tooling.
- 5+ years of experience in at least four areas: Access Control, Application Security, SDLC, Operating Systems, Cryptographic Controls, API Security, or Networking.
- Bachelor’s degree in a relevant technology field or equivalent work experience.
Preferred Skills
- Experience with AWS ECS and Fargate.
- Proficiency in Groovy.
- Background in microservices development and application vulnerability remediation.