Senior API Security Engineer
External
Encora10 · Kuala Lumpur, MalaysiaFull-timeOn-site1d ago
API GatewayAzureGraphQLJWTOAuthPostman
Prepare for this interview
EliteAI-generated questions, company research, and talking points tailored to this role
Responsibilities
- API Logic Security: Hunt for Business Logic vulnerabilities (BOLA/IDOR, Mass
- Assignment) that traditional firewalls miss.
- Authentication & Authorization: Design and validate OAuth2, OIDC, and JWT
- implementations to ensure users can only access their own data.
- Attack Simulation: Script automated attacks against the API Gateway to test rate limiting
- and fraud detection rules.
- Gateway Hardening: Work with the Platform team to configure the API Gateway (Kong,
- or Azure API Gateway) for maximum security.
- Auth & Partner Integration: Deliver new security design patterns and components for
- authentication, authorization, SSO, MFA, and Partner security. Standardize how we
- consume external APIs (Open Banking) and how we secure our own exposed endpoints.
- Technical Requirements:
- Strong scripting skills (Python) to automate API attacks.
- Expertise in REST and GraphQL security.
- Deep knowledge of OAuth 2.0 and OpenID Connect (OIDC) flows.
- Experience with API Security tools (Postman, Burp Suite, 42Crunch).
Your Match
How well this role fits your profile.
Company Intel
What employees say
Worked at encora10? Share your experience