Skip to content
← Back to job listings

Senior API Security Engineer

Encora · Kuala Lumpur, Malaysia

CybersecuritySenior LevelQuick applyfull-time9 days ago

About The Role

Key Responsibilities

  • ● API Logic Security: Hunt for Business Logic vulnerabilities (BOLA/IDOR, Mass
  • Assignment) that traditional firewalls miss.
  • ● Authentication & Authorization: Design and validate OAuth2, OIDC, and JWT
  • implementations to ensure users can only access their own data.
  • ● Attack Simulation: Script automated attacks against the API Gateway to test rate limiting
  • and fraud detection rules.
  • ● Gateway Hardening: Work with the Platform team to configure the API Gateway (Kong,
  • or Azure API Gateway) for maximum security.
  • ● Auth & Partner Integration: Deliver new security design patterns and components for
  • authentication, authorization, SSO, MFA, and Partner security. Standardize how we
  • consume external APIs (Open Banking) and how we secure our own exposed endpoints.

Technical Requirements

  • ● Strong scripting skills (Python) to automate API attacks.
  • ● Expertise in REST and GraphQL security.
  • ● Deep knowledge of OAuth 2.0 and OpenID Connect (OIDC) flows.
  • ● Experience with API Security tools (Postman, Burp Suite, 42Crunch).

This listing was posted by a verified recruiter at Encora. Report this listing