API Security Engineer - Gurugram, India - Incedo Inc.
Description
Job Title: API Security Engineer
Job Location: Gurgaon
5-12 yrs
Job Type: Full-time
Company Overview:
Incedo Inc is a global technology services company that specializes in providing industry-specific, innovative solutions to businesses across various sectors. With a strong presence in North America, Asia, and Europe, Incedo delivers cutting-edge technology services and expertise to clients worldwide. The company's mission revolves around enabling businesses to excel in the digital era by leveraging its deep industry knowledge, technological capabilities, and a commitment to excellence. Incedo's core values of innovation, collaboration, integrity, and customer-centricity underpin its client-centric approach, fostering lasting partnerships and delivering tailored solutions to address each client's unique challenges and opportunities in the ever-evolving digital landscape.
Job Summary:
We are looking for software engineers, who are solid coders, quick learners and can effectively work in a fast-paced startup environment. Role provides amazing opportunities to work on super modern and cutting-edge technology stack - Java, microservices, Kuberntetes, Nginx, Service Meshes, API Gateways, GraphQL, MongoDB, Druid, Pinnot, Kafka, Distributed Systems, Big Data, Machine Learning, Distributed Tracing, Google Cloud Engine, AWS, Web Assembly etc.
Key Responsibilities:
Conduct comprehensive assessments of API security vulnerabilities and threats.
Develop and implement security protocols, policies, and procedures for API access.
Collaborate with cross-functional teams to ensure secure API design, development, and integration.
Monitor and respond to security incidents, breaches, or unauthorized access attempts.
Conduct API penetration testing and security reviews to identify vulnerabilities.
Recommend and implement API security best practices and configurations.
Stay current with the latest security threats and industry trends.
Required Skill Sets and Qualification:
Bachelor's degree in computer science, Information Security, or a related field (or equivalent experience).
In-depth knowledge of SOAP, REST, and GraphQL.
Experience working with various API gateway technologies such as Mule, Kong, and Apigee.
Proficiency in API Penetration Testing and DDoS attack mitigation.
Strong understanding of stream transformation.
Knowledge of F5 and Nginx for routing and load balancing.
AWS cloud experience.
Proficiency in Java and
Familiarity with authentication mechanisms, including Basic, Digest, and token-based authentication.
Experience with Splunk.
Experience with Traceable AI is great to have.
Experience with Akamai or other Content Delivery Networks (CDNs) is a plus.
Continuous Delivery and Continuous Integration (CD/CI) experience is desirable.
Proficiency with Unix/Linux server environments.
Experience in modern tech stack - microservices, docker, kubernetes, cloud platform (AWS/GCS etc) is a must.
Prior development experience and fair understanding of programming languages and frameworks is a must.
Proficiency in web app security, vulnerability research, and penetration testing.
Strong foundation in computer science fundamentals, network security, authentication protocols.
Strong experience of various pentesting tools like Burpsuite, ZAP etc.
Strong applied knowledge of attacks in Web/API eco-system - Web attacks, API attacks, API abuse, API Fraud, ATO etc.
Strong understanding of Application Security Solutions (WAF, RASP etc. ).
Working knowledge of IAST, DAST, SAST