TEKsystems is hiring: Security Engineer - API Security in Phoenix
TEKsystems, Phoenix, AZ, US
Job Description
Top Skills' Details
Threat modeling experience in relation to API’s
How they are build, common attacks, how to defend API’s
Experience when it comes to testing API’s
Either doing vulnerability testing or pen testing
Familiarity with API Gateways
Understanding of authentication/authorization for API’s
Job Description
Seeking a Senior API Security Engineer with proven strong technical competence and leadership capability to contribute towards the success of enterprise wide API security initiatives.The Senior API Security Engineer serves as a subject matter expert in API security, performs threat modeling of APIs and plays an integral role in managing, monitoring & reporting on API security risk reduction. The Senior API Security Engineer supports the security champion practice by evangelizing API security principles and controls.
Primary Responsibilities
• Conduct and facilitate day-to-day threat modeling of web APIs within the established SLAs.
• Document risk management plans for API threat models to effectively communicate residual risks to the business.
• Perform ongoing governance and follow-through with API owners to ensure implementation of threat based requirements.
• Develop, deliver and keep up-to-date API security standard requirements and design patterns.
• Manage ongoing security exceptions to API security standards.
• Perform API security code reviews and attest to API security standard compliance.
• Validate implementation of API security controls against outputs of vulnerability testing tools to enable auditability and verifiability.
• Serve as an API security technical advisor to application teams.
• Evangelize API security design principles.
• Be recognized as an API security subject matter expert within the organization.
Education
• Bachelor's degree in computer science, information systems, cybersecurity, or a related field.
• At least 5 years experience with threat modeling, secure application design and development practices.
Security and Technical Experience
• Direct hands on experience developing and securing web APIs and web applications: REST, SOAP, gRPC.
• Direct hands on experience with security testing of web services and web APIs.
• Solid hands on experience with leading threat modeling exercises for applications and services.
• Direct hands on experience with threat modeling frameworks, attack vectors an vulnerability analysis: CAPEC, ATT&CK, STRIDE.
• Solid understanding of risk management, security architecture and secure SDLC practices.
• Strong experience and understanding of identity and access management controls: OAuth 2.0, OIDC, JWT
• Strong experience and understanding of familiarity with cryptography controls: Data at rest, in motion and in-use.
• Experience with industry standards and frameworks: NIST 800-53, NIST CSF, OWASP, SANS Top 25.
• Experience with Java, Javascript and mobile application development.
• Familiarity with database architectures: Oracle, SQL and NoSQL Databases.
Preferred Security Certifications
• CISSP, SANS GIAC or similar certifications
Key Behaviors/Competencies
• Self-directed, Confident Team Player
• Strong Technical Thinker
• Strong Planning, Execution and Collaborative skills
• Strong Communication skills — Strong verbal and written communication skills. Ability to document risk and control summary artifacts that translates complex threat models into easy to read reports for the business.
• Openness to Learning: Takes personal responsibility for learning and upskilling. Acquires strategies for gaining new knowledge, behaviors and skills. Builds on and applies existing knowledge. Engages in learning from others, inside and outside the organization.
• Adaptability: Demonstrates flexibility within a variety of changing situations, while working with individuals and groups. Changes his or her own ideas or perceptions in response to changing circumstances.
• Business Acumen: Demonstrates an awareness of internal dynamics.