Deloitte | India Offices of the US

Cyber

Deloitte Cyber understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful insights to help our clients navigate the ever-changing threat landscape. Through powerful insights and managed services that simplify complexity, we enable businesses to operate with resilience, grow with confidence, and proactively manage to secure achievements.

Enterprise Security: 

Enterprise Security teams embed security in all aspects of digital transformation by securing a client’s “technical backbone” while also enabling secure digital transformation. Services include security architecture, secure development and deployment, end-to-end cyber cloud capabilities, application security, and security for emerging technologies and connected products. Examples of work include Secure by Design, Cloud Security Orchestration & Automation, Core Infrastructure Security, and Secure Software Enablement.  

Work you’ll do: 

As a Senior Consultant in the API Security domain, you are responsible following activities to secure APIs:

• Support and consult with development, engineering teams for API security to discover and inventory all APIs and their exposed data across environments.
• Integrate automated security testing (e.g., SAST, DAST, API-specific scanners) into CI/CD pipelines. Provide remediation guidance and support to development teams for identified vulnerabilities.
• Implement and enforce security guardrails for API development, including authentication, authorization, and data protection.
• Collaborate with DevOps, cloud, and security teams to ensure consistent delivery of secure APIs and microservices.
• Monitor API traffic for anomalous behavior and potential threats.
• Stay current with emerging API security threats, tools, and best practices.
• Research and help develop security solutions to help secure applications (API Security, Data Protection, Identity Protection)
• Experience working with AWS or other cloud environments (development/architecture)
• Experience with cloud and API security standards (OWASP API Top 10, CIS Top 20)
• Perform security risk assessments for all proposed application-related (APIs) changes.

Qualifications  

Must Have Skills/Project Experience/Certifications: 

• 5-7 years of experience in software development in one or more of the following programming languages, .NET, Python, Java/Springboot (REST), JavaScript (Node/React), and/or Go
• Experience with tools like OWASP ZAP, Veracode, Postman, etc.
• 2+ years of experience with API Security (Design patterns, Architecture, B2B/A2A/B2C Integration)
• Experience with API security tools like Noname, Salt, Neosec, etc.
• Experience with API Management solutions like Mulesoft, Apigee, etc.
• Technical and foundational knowledge of software engineering, computer systems, security engineering, authentication, and/or applied cryptography.
• Excellent knowledge of all web technologies, especially web services, web applications, Service Oriented Architectures, and network/web protocols
• Knowledge of application threat modeling, Remediation of OWASP API Top 10, CIS Top 10, SANS Top 25 a plus
• Strong understanding of authentication (OAuth2, JWT), authorization, and encryption for APIs.
• Familiarity with cloud-native environments, containers, and microservices architectures.
• Experience with attacker tactics, techniques, and procedures, and corresponding mitigation methods.
• Sound knowledge of all procedures, standards, and regulations for authorization and authentication, applied cryptography, and security vulnerabilities.

Good to Have Skills/Project Experience/Certifications: 

• Experience with application monitoring, Managed Services business primarily on DevOps, Threat and Vulnerability Management for Application infrastructure, source code verification, link analysis, and threat modeling.
• Solid and demonstrable comprehension of Information Security including OWASP/SANS, Security Test Case development (or mis-use case), OOAD notations, emerging threats, attacks, and vulnerability management.
• Experience with automated monitoring, alerting, and incident response for APIs.
• Knowledge of regulatory and compliance requirements relevant to API security.
• Ability to research and characterize security threats to include identification and classification of application related threat indicators.
• Certification such as SANS Secure Coding, Security Engineering, Web Application Security, ISC2 CSSLP, OSCP etc. are preferred. 
• Experience with integrating and operating SAST tools to identify code-level vulnerabilities early in the development lifecycle.
• Familiarity with DAST tools and methodologies for identifying runtime vulnerabilities in web applications and APIs.
• Proficiency in using SCA tools to detect and manage risks from third-party and open-source components,
  CI/CD integration
• Hands-on experience embedding security controls and automated testing (SAST, DAST, SCA) into CI/CD pipelines

Education: 

• Bachelor's degree or higher in Computer Science, or equivalent experience.