[Remote] API Application Security Engineer

Note: The job is a remote job and is open to candidates in USA. IS3 Solutions is seeking an API Application Security Engineer with deep expertise in application security and API security. This role focuses on securing the enterprise software development lifecycle and driving API discovery, risk management, and protection through Akamai Noname.

Responsibilities

• Administer and govern GitHub Enterprise security configurations, including branch protection, secret scanning, code scanning, and Dependabot
• Design and enforce security policies across GitHub organizations, repositories, and Actions workflows
• Integrate GitHub Advanced Security into continuous integration and continuous delivery pipelines to enable automated vulnerability detection
• Partner with development teams to establish secure coding standards and efficient remediation workflow
• Monitor and respond to GitHub security alerts, audit logs, and policy violations
• Develop automation and tool to strengthen software supply chain security controls
• Deploy and configure Akamai Noname for API discovery, inventory management, and enterprise risk assessment
• Identify shadow APIs, misconfigured endpoints, and anomalous API traffic patterns using behavioral analytics
• Develop API security policies, alerting rules, and response playbooks in collaboration with application and security operations teams
• Integrate Noname with API gateways, web application firewalls, and existing security tooling such as SIEM and SOAR platforms
• Conduct API security assessments and deliver remediation guidance to development and platform teams
• Maintain awareness of OWASP API Security Top 10 risks and evolving threat vectors

Skills

• Minimum of three years of experience in application security, DevSecOps, or API security engineering roles
• Hands on experience with GitHub Enterprise administration and GitHub Advanced Security
• Experience with API security tools, with preference for Akamai Noname or comparable platforms
• Working knowledge of REST and GraphQL architecture, authentication methods such as OAuth, API keys, and JSON web tokens, and common API vulnerabilities
• Familiarity with continuous integration pipelines, container security practices, and software supply chain risk management
• Proficiency in a scripting language such as Python or JavaScript for automation purposes
• Strong communication skills with the ability to engage both engineering and security stakeholders
• GitHub Advanced Security certification or equivalent training
• Experience with Akamai App and API Protector or related Akamai security solutions
• Background with static application security testing, dynamic application security testing, and software composition analysis tools such as Snyk, Veracode, or Checkmarx
• Familiarity with software security maturity frameworks such as OWASP SAMM or BSIMM

Company Overview