Technical Project Manager

Job Description: 
We are seeking an API Security Technical Project Manager / Engineer with proven strong technical competence and leadership capability to contribute towards the success of enterprise-wide API security initiatives. The Senior API Security Engineer serves as a subject matter expert in API security and plays an integral role in managing, monitoring, and reporting on API security risk reduction. Qualifications:
•                     Direct hands-on experience developing and securing web APIs and web applications: REST, SOAP, gRPC.
•                     Direct hands-on experience with security testing of web services and web APIs.
•                     Solid hands-on experience with leading threat modeling exercises for applications and services.
•                     Solid understanding of risk management, security architecture, and secure SDLC practices.
•                     Strong experience and understanding of API identity and access management controls: OAuth 2.0, OIDC, JWT.
•                     Strong experience and understanding of familiarity with cryptography controls: Data at rest, in motion, and in use.
•                     Experience with industry standards and frameworks: NIST 800-53, NIST CSF, OWASP, SANS Top 25.
•                     Experience with Java, JavaScript, and mobile application development.
•                     Familiarity with database architectures: Oracle, SQL, and NoSQL Databases.
•                     Information security professional certifications such as SANS GIAC, CISSP, CISM.
•                     Experience with service-oriented architectures and web services security.
Good to have : Experience mentoring application security and secure development practices to the team.
Experience with DevOps processes in a Cloud/SaaS environment.



Experience architecting, securing, and operating one or more public cloud environments: AWS, Google App Engine, Azure, and Oracle Cloud.
Experience with one or more emerging programming languages: Go, Rust.


Roles & Responsibilities:
•                     Perform ongoing governance and follow-through with API owners to ensure implementation of threat-based requirements.
•                     Develop, deliver, and keep up-to-date API security standard requirements and design patterns.
•                     Validate implementation of API security controls against outputs of vulnerability testing tools to enable auditability and verifiability.
•                     Serve as an API security technical advisor to application teams.
•                     Evangelize API security design principles.
•                     Collaborate as an API security subject matter expert within the organization.