API Security Analyst

Introduction

We are looking for a passionate and detail-oriented Junior API Security Consultant to join our cybersecurity team. This role is ideal for someone with foundational experience in API development or security and a strong interest in securing modern applications. You will support senior consultants in assessing and improving API security, including hands-on testing and secure design practices.

Your Role And Responsibilities

• Assist in conducting Vulnerability Assessment and Penetration Testing (VAPT) on APIs using industry-standard tools.
• Support Static Application Security Testing (SAST) efforts to identify insecure coding patterns in API source code.
• Help review API specifications (OpenAPI/Swagger) for potential security gaps.
• Collaborate with development teams to implement secure API design and coding practices.
• Participate in the integration of security controls into CI/CD pipelines.
• Document findings, remediation steps, and best practices for internal and client use.
• Stay updated on API security trends, tools, and vulnerabilities.
  
  

• 1–3 years of experience in application development, cybersecurity, or API support.
• Basic understanding of RESTful and GraphQL APIs, including authentication methods (OAuth2, JWT).
• Exposure to VAPT tools such as Burp Suite, OWASP ZAP, Postman, or similar.
• Familiarity with SAST tools like SonarQube, Checkmarx, Fortify or equivalent.
• Awareness of OWASP API Security Top 10 and secure coding principles.
• Basic scripting or programming skills (e.g., Python, JavaScript).
• Exposure to cloud platforms (AWS, Azure, GCP) and API gateways.
• Understanding of DevSecOps concepts and CI/CD integration.
  
  

• Strong analytical and problem-solving abilities with keen attention to detail.
  
  

• API Security Fundamentals (Cloud Academy, Salt Security, etc.)
• CompTIA Security+, CySA+, or equivalent
• Familiarity with MITRE ATT&CK for APIs or OWASP API Security