← Back to job listings
E
Senior API Security Engineer
Encora · Kuala Lumpur, Malaysia
About The Role
Key Responsibilities
- ● API Logic Security: Hunt for Business Logic vulnerabilities (BOLA/IDOR, Mass
- Assignment) that traditional firewalls miss.
- ● Authentication & Authorization: Design and validate OAuth2, OIDC, and JWT
- implementations to ensure users can only access their own data.
- ● Attack Simulation: Script automated attacks against the API Gateway to test rate limiting
- and fraud detection rules.
- ● Gateway Hardening: Work with the Platform team to configure the API Gateway (Kong,
- or Azure API Gateway) for maximum security.
- ● Auth & Partner Integration: Deliver new security design patterns and components for
- authentication, authorization, SSO, MFA, and Partner security. Standardize how we
- consume external APIs (Open Banking) and how we secure our own exposed endpoints.
Technical Requirements
- ● Strong scripting skills (Python) to automate API attacks.
- ● Expertise in REST and GraphQL security.
- ● Deep knowledge of OAuth 2.0 and OpenID Connect (OIDC) flows.
- ● Experience with API Security tools (Postman, Burp Suite, 42Crunch).
This listing was posted by a verified recruiter at Encora. Report this listing
JobSpring