We are looking for a passionate and detail-oriented Junior API Security Consultant to join our cybersecurity team. This role is ideal for someone with foundational experience in API development or security and a strong interest in securing modern applications. You will support senior consultants in assessing and improving API security including hands-on testing and secure design practices.
- Assist in conducting Vulnerability Assessment and Penetration Testing (VAPT) on APIs using industry-standard tools.
- Support Static Application Security Testing (SAST) efforts to identify insecure coding patterns in API source code.
- Help review API specifications (OpenAPI/Swagger) for potential security gaps.
- Collaborate with development teams to implement secure API design and coding practices.
- Participate in the integration of security controls into CI/CD pipelines.
- Document findings remediation steps and best practices for internal and client use.
- Stay updated on API security trends tools and vulnerabilities.
Experience:
- 1–3 years of experience in application development cybersecurity or API support.
- Basic understanding of RESTful and GraphQL APIs including authentication methods (OAuth2 JWT).
- Exposure to VAPT tools such as Burp Suite OWASP ZAP Postman or similar.
- Familiarity with SAST tools like SonarQube Checkmarx Fortify or equivalent.
- Awareness of OWASP API Security Top 10 and secure coding principles.
- Basic scripting or programming skills (e.g. Python JavaScript).
- Exposure to cloud platforms (AWS Azure GCP) and API gateways.
- Understanding of DevSecOps concepts and CI/CD integration.
Soft Skills:
- Strong analytical and problem-solving abilities with keen attention to detail.
Preferred Certifications
- API Security Fundamentals (Cloud Academy Salt Security etc.)
- CompTIA Security+ CySA+ or equivalent
- Familiarity with MITRE ATT&CK for APIs or OWASP API Security