Job Title: Security Analyst
The Role
* Develop and implement API security strategies—design, deploy, and maintain solutions that enhance our defences.
* Lead threat modelling and secure code reviews to ensure alignment with OWASP API Security Top 10 standards.
* Collaborate cross-functionally to integrate API gateways, authentication services, and runtime protection tools into CI/CD pipelines.
* Mentor peers in secure-by-design thinking, championing continuous learning and knowledge sharing.
What You Bring
* 5+ years in software engineering with a dedicated focus on application/API security.
* Protocol Mastery: Hands-on with REST, SOAP, GraphQL, gRPC, plus API gateways and OAuth2/OIDC/JWT mechanisms.
* Intimate knowledge of OWASP API Security Top 10 and secure coding patterns.
* Attack-Aware: Experience identifying and mitigating common API vulnerabilities (e.g., injection, broken auth, data exposure).
Nice to have's
* Runtime security tools (e.g., eBPF, API traffic discovery/monitoring)
* API security testing suites (DAST, AST) and RASP/WAF platforms
* Pen testing, SCA, SAST, DAST engagements
How You'll Succeed
* Apply engineering best practices: scalable design patterns, clean code, robust testing.
* Embrace agile ceremonies and drive operational excellence—fast feedback loops, reliable deployments.
* Forge positive partnerships with internal teams and third-party vendors, steering joint initiatives to success.
* Communicate complex security concepts clearly to engineers, stakeholders, and leadership alike.
* Exercise data-driven judgment, navigating ambiguity to deliver timely, fact-based decisions.