Summary
We are seeking a highly skilled API Security and Vulnerability Management Specialist to join Digital Security Application Security Testing team. The ideal candidate will be responsible for ensuring the security of our APIs through comprehensive scanning, automation, configuration and reporting. This role requires a deep understanding of API development, testing, and security best practices.
Responsibilities
- Manually and automatically onboard API scans to identify and address security vulnerabilities on API Security Platform.
- Develop and maintain automation scripts to facilitate security testing and vulnerability management process, such as API Security Platform onboarding, vulnerability reporting and dashboard (PowerBI), etc.
- Configure API authentication for various types, including OAuth, JWT, and basic authentication.
- Ensure that all authentication mechanisms are secure and compliant with industry standards.
- Manually and automatically generate detailed status reports and vulnerability summaries from scanning tools.
- Work closely with development teams to address identified vulnerabilities and ensure timely remediation.
- Collaborate with development teams to ensure security best practices are integrated into the API development lifecycle.
- Monitor and analyze security logs and alerts from API Security Platform.
- Collect requirements from upstream teams, build automated workflow / solution to reduce manual effort and improve vulnerability management end-to-end efficiency.
- Analyze vulnerability trends over time and contribute to updates in AIA's security standards and SOPs.
Requirements
- Bachelor's degree in Information Technology, Computer Science or any related fields.
- Extensive 5 years experience with API development and testing.
- Proficiency in using API testing tools such as Postman, SOAP-UI, curl, and others.
- Strong command of Python and Java programming languages.
- Experience in software testing such as unit test, functional test, etc.
- Understanding of software development principles, methodologies, and best practices.
- Strong analytic skills related to large data sets, good problem-solving skills.
- Ability to identify and assess security risks in software applications.
- Familiarity with security frameworks and best practices, including OWASP API Top 10.
- Experience with Azure Kubernetes Service (AKS)
- Experience with Azure API Management(APIM), Software AG webmethods and Ali API gateways
- API security best practices.
- Experience with cloud-native API security and microservices architecture.
- Familiarity with containerization technologies (e.g., Docker, Kubernetes).
- Strong analytical skills to interpret security scan results and derive actionable insights.
- Ability to solve complex problems and implement effective security measures.
- Proficiency in Mandarin to effectively support Mandarin-speaking stakeholders.
- Excellent English communication skills, both written and verbal, to effectively collaborate with cross-functional teams.
