naukri
Security Analyst/Sr. Analyst/Lead (API Security)
Doyen Infosolutions
Saudi Arabia, KSA
Senior
1 months ago
Akamai API SecurityOAuth 2.0OpenID ConnectSAMLMutual TLSKubernetes
Free
Job Fit Check
Base Career helps you apply smarter for this job.
?%
Ready to ScanKey skills for this role
Akamai API SecurityOAuth 2.0OpenID Connect
About the Role
We are seeking a detail-oriented Senior Security Engineer to monitor and mitigate findings across customers' API security solutions.
Key Skills for This Role
Akamai API SecurityOAuth 2.0OpenID ConnectSAMLMutual TLSKubernetes
Responsibilities
- Design and implement API Security Solution within customer environments
- Configure traffic mirroring (VPC Flow Logs, Packet Mirroring, or Agentless integration) to ensure API Security engine receives full copy of API traffic without impacting performance
- Integrate API Security solution with API Gateways (e.g., Apigee, Kong, MuleSoft) and WAFs (e.g., Akamai, F5) to pull metadata and provide automated blocking capabilities
- Implement PII masking and data obfuscation rules within Noname to ensure compliance with data privacy laws (GDPR/PCI DSS) before data is processed
- Configure platform to recognize and validate authentication headers (JWT, OAuth tokens) to accurately assess posture of authenticated vs. unauthenticated APIs
- Configure Noname Active Testing module within CI/CD pipelines (Jenkins, GitLab, GitHub Actions) to enable automated security testing during build process
- Set up automated comparisons between live traffic and uploaded Swagger/OpenAPI specifications to identify undocumented endpoints
- Establish and test integrations with SOC tools (Splunk, Sentinel, Jira, ServiceNow) to ensure API security alerts are automatically converted into actionable tickets
- Assist in creating automated response actions, such as automatically updating a WAF rule or blocking an API key when a high severity attack is detected
- Tune policies and alerts to minimize false positives
- Assist with API security incident response and investigations
- Provide operational support for compliance audits and reporting
Requirements
- Hands on experience with Akamai's API Security solution
- Practical experience with OAuth 2.0, OpenID Connect, SAML, and Mutual TLS
- Familiarity with Kubernetes, Docker, and Cloud Service Providers (AWS/Azure/GCP)
- Comprehensive knowledge of REST, GraphQL, and SOAP; deep understanding of OWASP API Security Top 10
- Experience with SIEM/SOAR integrations
- Akamai API Security or Noname Security certification
- Knowledge of shifting security 'Left' via CI/CD integration (Jenkins, GitLab, or GitHub Actions)
- Understanding of Akamai WAAP or other Edge security solutions
- Bachelor's or master's degree in Computer Science, Information Security, or related field
Full Job Posting
Job Description
- We are looking for a detail oriented Senior Security engineer to monitor and mitigate findings observed across customers API security solution.
- The Engineer will be responsible for the implementation, configuration, and provide ongoing support of Akamai API Security solution to secure APIs in the customer environments.
- The role covers end to end deployment, day to day operations, incident support, compliance monitoring, and DevSecOps integration with API platforms.
Responsibilities
- Design and implement API Security Solution within customer environments
- Configure traffic mirroring (VPC Flow Logs, Packet Mirroring, or Agentless integration) to ensure the API Security engine receives a full copy of API traffic without impacting performance.
- Integrate API Security solution with API Gateways (e.g., Apigee, Kong, MuleSoft) and WAFs (e.g., Akamai, F5) to pull metadata and provide automated blocking capabilities.
- Implement PII (Personally Identifiable Information) masking and data obfuscation rules within Noname to ensure compliance with data privacy laws (GDPR/PCI DSS) before data is processed.
- Configure the platform to recognize and validate authentication headers (JWT, OAuth tokens) to accurately assess the 'Posture' of authenticated vs. unauthenticated APIs.
- Configure the Noname Active Testing module within CI/CD pipelines (Jenkins, GitLab, GitHub Actions) to enable automated security testing during the build process.
- Set up automated comparisons between live traffic and uploaded Swagger/OpenAPI specifications to identify 'Zombie' or 'Shadow' undocumented endpoints.
- Establish and test integrations with SOC tools (Splunk, Sentinel, Jira, ServiceNow) to ensure that API security alerts are automatically converted into actionable tickets.
- Assist in creating automated response actions, such as automatically updating a WAF rule or blocking an API key when a high severity attack is detected.
- Tune policies and alerts to minimize false positives
- Assist with API security incident response and investigations
- Provide operational support for compliance audits and reporting
Key Skills
- Hands on experience with Akamai's API Security solution is highly preferred
- Practical experience with OAuth 2.0, OpenID Connect (OIDC), SAML, and Mutual TLS (mTLS).
- Familiarity with Kubernetes, Docker, and Cloud Service Providers (AWS/Azure/GCP) where APIs are hosted.
- Comprehensive knowledge of REST, GraphQL, and SOAP; deep understanding of the OWASP API Security Top 10.
- Experience with SIEM/SOAR integrations preferred.
- Akamai API Security or Noname Security certification
- Knowledge of shifting security 'Left' via CI/CD integration (Jenkins, GitLab, or GitHub Actions).
- Understanding of Akamai WAAP or other Edge security solutions to provide a layered defence perspective.
Qualification
- Bachelor's or a master's degree in Computer Science, Information Security, or a related field.
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career