全职 Senior API Security Engineer 工作, 薪水, Encora Inc. Federal Territory 公司招聘中 - Ricebowl

Key Responsibilities:

• API Logic Security: Hunt for Business Logic vulnerabilities (BOLA/IDOR, Mass
  
  

Assignment) that traditional firewalls miss.

• Authentication & Authorization: Design and validate OAuth2, OIDC, and JWT
  
  

implementations to ensure users can only access their own data.

• Attack Simulation: Script automated attacks against the API Gateway to test rate limiting
  
  

and fraud detection rules.

• Gateway Hardening: Work with the Platform team to configure the API Gateway (Kong,
  
  

or Azure API Gateway) for maximum security.

• Auth & Partner Integration: Deliver new security design patterns and components for
  
  

authentication, authorization, SSO, MFA, and Partner security. Standardize how we

consume external APIs (Open Banking) and how we secure our own exposed endpoints.

Technical Requirements:

• Strong scripting skills (Python) to automate API attacks.
• Expertise in REST and GraphQL security.
• Deep knowledge of OAuth 2.0 and OpenID Connect (OIDC) flows.
• Experience with API Security tools (Postman, Burp Suite, 42Crunch).