Security Analyst/Sr. Analyst/Lead (API Security)

Doyen Infosolutions

JOB DESCRIPTION:

We are looking for a detail-oriented Senior Security engineer to monitor and mitigate findings observed across customers API security solution. The Engineer will be responsible for the implementation, configuration, and provide ongoing support of Akamai API Security solution to secure APIs in the customer environments. The role covers end-to-end deployment, day-to-day operations, incident support, compliance monitoring, and DevSecOps integration with API platforms.

• Design and implement API Security Solution within customer environments
• Configure traffic mirroring (VPC Flow Logs, Packet Mirroring, or Agentless integration) to ensure the API Security engine receives a full copy of API traffic without impacting performance.
• Integrate API Security solution with API Gateways (e.g., Apigee, Kong, MuleSoft) and WAFs (e.g., Akamai, F5) to pull metadata and provide automated blocking capabilities.
• Implement PII (Personally Identifiable Information) masking and data obfuscation rules within Noname to ensure compliance with data privacy laws (GDPR/PCI-DSS) before data is processed.
• Configure the platform to recognize and validate authentication headers (JWT, OAuth tokens) to accurately assess the "Posture" of authenticated vs. unauthenticated APIs.
• Configure the Noname Active Testing module within CI/CD pipelines (Jenkins, GitLab, GitHub Actions) to enable automated security testing during the build process.
• Set up automated comparisons between live traffic and uploaded Swagger/OpenAPI specifications to identify "Zombie" or "Shadow" undocumented endpoints.
• Establish and test integrations with SOC tools (Splunk, Sentinel, Jira, ServiceNow) to ensure that API security alerts are automatically converted into actionable tickets.
• Assist in creating automated response actions, such as automatically updating a WAF rule or blocking an API key when a high-severity attack is detected.
• Tune policies and alerts to minimize false positives
• Assist with API security incident response and investigations
• Provide operational support for compliance audits and reporting
• Maintain documentation, runbooks, and operational dashboards
• Provide platform troubleshooting and escalation support when required

Key Skills:

• Hands-on experience with Akamai's API Security solution is highly preferred
• Practical experience with OAuth 2.0, OpenID Connect (OIDC), SAML, and Mutual TLS (mTLS).
• Familiarity with Kubernetes, Docker, and Cloud Service Providers (AWS/Azure/GCP) where APIs are hosted.
• Comprehensive knowledge of REST, GraphQL, and SOAP; deep understanding of the OWASP API Security Top 10.
• Experience with SIEM/SOAR integrations preferred.
• Akamai API Security or Noname Security certification
• Knowledge of shifting security "Left" via CI/CD integration (Jenkins, GitLab, or GitHub Actions).
• Understanding of Akamai WAAP or other Edge security solutions to provide a layered defence perspective.

Qualification: Bachelor's or a master's degree in Computer Science, Information Security, or a related field.