Job Description

API Security Engineer 

The API Security Engineer is responsible for architecting and enforcing enterprise-grade security controls around critical API gateways used in payment, lending, and core banking ecosystems. This role is essential for protecting sensitive financial data while enabling digital transformation at scale.

Key Responsibilities:

• Design and implement API authentication and authorization frameworks (OAuth2, OIDC, SAML, JWT) with strong encryption (TLS/SSL).
• Configure advanced security controls on API gateways (Microsoft APIM, Kong, Apigee) including rate limiting, IP whitelisting, and DDoS mitigation.
• Implement logging, monitoring, and alerting aligned to SOX, FFIEC, and PCI-DSS audit standards.
• Partner with engineering and architecture teams to enforce secure coding standards and SDLC governance.
• Conduct API penetration testing, threat modeling, and vulnerability scans with continuous remediation tracking.
• Develop incident response procedures for API-related security incidents.

Required Skills:

• 5+ years in application or API security engineering.
• Deep expertise with API security protocols and encryption.
• Hands-on with APIM/Kong/Apigee and identity solutions (Azure AD, Okta).
• Strong understanding of banking regulations , PCI compliance, and FFIEC guidance.
• SIEM and vulnerability scanning tool experience (Splunk, Tenable, Qualys).

Job Tags

Similar Jobs