[Remote] API Application Security Engineer
Note: The job is a remote job and is open to candidates in USA. IS3 Solutions is seeking an API Application Security Engineer with deep expertise in application security and API security. This role focuses on securing the enterprise software development lifecycle and driving API discovery, risk management, and protection through Akamai Noname.ResponsibilitiesAdminister and govern GitHub Enterprise security configurations, including branch protection, secret scanning, code scanning, and DependabotDesign and enforce security policies across GitHub organizations, repositories, and Actions workflowsIntegrate GitHub Advanced Security into continuous integration and continuous delivery pipelines to enable automated vulnerability detectionPartner with development teams to establish secure coding standards and efficient remediation workflowMonitor and respond to GitHub security alerts, audit logs, and policy violationsDevelop automation and tool to strengthen software supply chain security controlsDeploy and configure Akamai Noname for API discovery, inventory management, and enterprise risk assessmentIdentify shadow APIs, misconfigured endpoints, and anomalous API traffic patterns using behavioral analyticsDevelop API security policies, alerting rules, and response playbooks in collaboration with application and security operations teamsIntegrate Noname with API gateways, web application firewalls, and existing security tooling such as SIEM and SOAR platformsConduct API security assessments and deliver remediation guidance to development and platform teamsMaintain awareness of OWASP API Security Top 10 risks and evolving threat vectorsSkillsMinimum of three years of experience in application security, DevSecOps, or API security engineering rolesHands on experience with GitHub Enterprise administration and GitHub Advanced SecurityExperience with API security tools, with preference for Akamai Noname or comparable platformsWorking knowledge of REST and GraphQL architecture, authentication methods such as OAuth, API keys, and JSON web tokens, and common API vulnerabilitiesFamiliarity with continuous integration pipelines, container security practices, and software supply chain risk managementProficiency in a scripting language such as Python or JavaScript for automation purposesStrong communication skills with the ability to engage both engineering and security stakeholdersGitHub Advanced Security certification or equivalent trainingExperience with Akamai App and API Protector or related Akamai security solutionsBackground with static application security testing, dynamic application security testing, and software composition analysis tools such as Snyk, Veracode, or CheckmarxFamiliarity with software security maturity frameworks such as OWASP SAMM or BSIMMCompany OverviewIS3 Solutions is an IT company that provides data centers, cloud, cyber security, IT infrastructure, and IT financing solutions. It was founded in 2010, and is headquartered in Shrewsbury, New Jersey, USA, with a workforce of 51-200 employees. Its website is https://is3sol.com.