Security Analyst/Sr. Analyst/Lead (API Security)

Job Description

• We are looking for a detail-oriented Senior Security engineer to monitor and mitigate findings observed across customers API security solution.
• The Engineer will be responsible for the implementation, configuration, and provide ongoing support of Akamai API Security solution to secure APIs in the customer environments.
• The role covers end-to-end deployment, day-to-day operations, incident support, compliance monitoring, and DevSecOps integration with API platforms.
• Design and implement API Security Solution within customer environments
• Configure traffic mirroring (VPC Flow Logs, Packet Mirroring, or Agentless integration) to ensure the API Security engine receives a full copy of API traffic without impacting performance.
• Integrate API Security solution with API Gateways (e.g., Apigee, Kong, MuleSoft) and WAFs (e.g., Akamai, F5) to pull metadata and provide automated blocking capabilities.
• Implement PII (Personally Identifiable Information) masking and data obfuscation rules within Noname to ensure compliance with data privacy laws (GDPR/PCI-DSS) before data is processed.
• Configure the platform to recognize and validate authentication headers (JWT, OAuth tokens) to accurately assess the "Posture" of authenticated vs. unauthenticated APIs.
• Configure the Noname Active Testing module within CI/CD pipelines (Jenkins, GitLab, GitHub Actions) to enable automated security testing during the build process.
• Set up automated comparisons between live traffic and uploaded Swagger/OpenAPI specifications to identify "Zombie" or "Shadow" undocumented endpoints.
• Establish and test integrations with SOC tools (Splunk, Sentinel, Jira, ServiceNow) to ensure that API security alerts are automatically converted into actionable tickets.
• Assist in creating automated response actions, such as automatically updating a WAF rule or blocking an API key when a high-severity attack is detected.
• Tune policies and alerts to minimize false positives
• Assist with API security incident response and investigations
• Provide operational support for compliance audits and reporting
• Maintain documentation, runbooks, and operational dashboards
• Provide platform troubleshooting and escalation support when required

Key Skills

• Hands-on experience with Akamai's API Security solution is highly preferred
• Practical experience with OAuth 2.0, OpenID Connect (OIDC), SAML, and Mutual TLS (mTLS).
• Familiarity with Kubernetes, Docker, and Cloud Service Providers (AWS/Azure/GCP) where APIs are hosted.
• Comprehensive knowledge of REST, GraphQL, and SOAP; deep understanding of the OWASP API Security Top 10.
• Experience with SIEM/SOAR integrations preferred.
• Akamai API Security or Noname Security certification
• Knowledge of shifting security "Left" via CI/CD integration (Jenkins, GitLab, or GitHub Actions).
• Understanding of Akamai WAAP or other Edge security solutions to provide a layered defence perspective.

Qualification