API Application Security Engineer
Posted Today by Cloud Destinations LLC
Negotiable
Undetermined
Remote
Remote
Summary: The API Application Security Engineer role focuses on enhancing application and API security within the software development lifecycle, utilizing GitHub Enterprise and Akamai Noname. This position collaborates with various teams to mitigate risks and improve security measures across applications. The engineer will administer security configurations, develop policies, and conduct assessments to ensure robust security practices. The role is pivotal in integrating security into development processes and managing API security effectively.
Key Responsibilities:
- Administer and govern GitHub Enterprise security configurations, including branch protection, secret scanning, code scanning, and Dependabot
- Design and enforce security policies across GitHub organizations, repositories, and Actions workflows
- Integrate GitHub Advanced Security into continuous integration and continuous delivery pipelines to enable automated vulnerability detection
- Partner with development teams to establish secure coding standards and efficient remediation workflow
- Monitor and respond to GitHub security alerts, audit logs, and policy violations
- Develop automation and tool to strengthen software supply chain security controls
- Deploy and configure Akamai Noname for API discovery, inventory management, and enterprise risk assessment
- Identify shadow APIs, misconfigured endpoints, and anomalous API traffic patterns using behavioral analytics
- Develop API security policies, alerting rules, and response playbooks in collaboration with application and security operations teams
- Integrate Noname with API gateways, web application firewalls, and existing security tooling such as SIEM and SOAR platforms
- Conduct API security assessments and deliver remediation guidance to development and platform teams
- Maintain awareness of OWASP API Security Top 10 risks and evolving threat vectors
Key Skills:
- Minimum of three years of experience in application security, DevSecOps, or API security engineering roles
- Hands on experience with GitHub Enterprise administration and GitHub Advanced Security
- Experience with API security tools, with preference for Akamai Noname or comparable platforms
- Working knowledge of REST and GraphQL architecture, authentication methods such as OAuth, API keys, and JSON web tokens, and common API vulnerabilities
- Familiarity with continuous integration pipelines, container security practices, and software supply chain risk management
- Proficiency in a scripting language such as Python or JavaScript for automation purposes
- Strong communication skills with the ability to engage both engineering and security stakeholders
Salary (Rate): £72,000 yearly
City: undetermined
Country: undetermined
Working Arrangements: remote
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
API Application Security Engineer with deep expertise in application security and API security. This role supports two key capability areas: securing the enterprise software development lifecycle through GitHub Enterprise and driving API discovery, risk management, and protection through Akamai Noname.
This position operates at the intersection of DevSecOps and API security, partnering with development, platform, and security teams to reduce risk across the application layer and strengthen security posture at scale.
Core Responsibilities
GitHub Enterprise Security
- Administer and govern GitHub Enterprise security configurations, including branch protection, secret scanning, code scanning, and Dependabot
- Design and enforce security policies across GitHub organizations, repositories, and Actions workflows
- Integrate GitHub Advanced Security into continuous integration and continuous delivery pipelines to enable automated vulnerability detection
- Partner with development teams to establish secure coding standards and efficient remediation workflow
- Monitor and respond to GitHub security alerts, audit logs, and policy violations
- Develop automation and tool to strengthen software supply chain security controls API Security with Akamai
Deploy and configure Akamai Noname for API discovery, inventory management, and enterprise risk assessment
- Identify shadow APIs, misconfigured endpoints, and anomalous API traffic patterns using behavioral analytics
- Develop API security policies, alerting rules, and response playbooks in collaboration with application and security operations teams
- Integrate Noname with API gateways, web application firewalls, and existing security tooling such as SIEM and SOAR platforms
- Conduct API security assessments and deliver remediation guidance to development and platform teams
Maintain awareness of OWASP API Security Top 10 risks and evolving threat vectors Required Qualifications
- Minimum of three years of experience in application security, DevSecOps, or API security engineering roles
- Hands on experience with GitHub Enterprise administration and GitHub Advanced Security
- Experience with API security tools, with preference for Akamai Noname or comparable platforms
- Working knowledge of REST and GraphQL architecture, authentication methods such as OAuth, API keys, and JSON web tokens, and common API vulnerabilities
- Familiarity with continuous integration pipelines, container security practices, and software supply chain risk management
- Proficiency in a scripting language such as Python or JavaScript for automation purposes
- Strong communication skills with the ability to engage both engineering and security stakeholders
Preferred Qualifications
- GitHub Advanced Security certification or equivalent training
- Experience with Akamai App and API Protector or related Akamai security solutions
- Background with static application security testing, dynamic application security testing, and software composition analysis tools such as Snyk, Veracode, or Checkmarx
- Familiarity with software security maturity frameworks such as OWASP SAMM or BSIMM