API Security Architect

For immediate consideration, please connect with me on LinkedIn at https://www.linkedin.com/in/dpotapenko and then email your resume, work authorization status, current location, availability, and compensation expectations directly to denis.potapenko@systemone.com - make sure to include the exact job title and job location in your email message.

*** The list of the details that we need from you is below the job description

*** Contract position for 4+ months; contract can be extended;

*** The job is on-site with a hybrid work schedule. Remote work is not an option. Candidates must be local or willing to relocate within commuting distance of major PNC tech hubs : Pittsburgh PA, Cleveland OH, Birmingham AL, Dallas TX, Phoenix AZ -OR- smaller PNC technology satellite offices : Cincinnati OH, Dayton OH, Chicago IL, Kansas City MO, Philadelphia PA, Columbus OH, Little Rock AR, Jacksonville FL

Security Architect :

- Software Security Group is building a program from the ground up focused on API security posture. The program aims to provide business insight, visibility, traceability, actionable intelligence, and metrics to enable developers to write secure software across the organization.
- Develop a roadmap for various activities to build the API security program, including dashboards
- Provide design guidance for secure API architecture
- Collaborate with stakeholders to define an API security strategy aligned with overall business objectives
- Design a secure API architecture utilizing secure design patterns, encryption protocols, and authentication/authorization mechanisms
- Develop a comprehensive framework for API security, defining procedures for API threat modeling, vulnerability assessments, and penetration testing
- Support the configuration of API gateways to enforce security policies, rate limiting, and access control
- Design and implement robust authentication and authorization mechanisms to control access to API resources based on user roles and permissions (e.g., OAuth, OpenID Connect, API key management solutions)
- Build actionable insight and intelligence, including identification of suspicious activity, potential attacks, and API misuse
- Educate developers on API security best practices
- Communicate API security risks effectively to stakeholders, including developers, product managers, and line of business leadership

Required Technical Skills and Experience :

- Deep understanding of API security best practices, including OWASP (Open Web Application Security Project) API Security Top 10
- Experience with API security tools and methodologies (penetration testing, API gateways)
- Strong knowledge of cryptography and authentication protocols
- Excellent communication and collaboration skills to work with developers and cross-functional teams
- Proficiency in API security frameworks and various API patterns
- Strong "Secure by Design" experience - knowing how to build a system securely from scratch
- Ability to explain and justify recommended courses of action in meetings

For immediate consideration, please connect with me on LinkedIn at https://www.linkedin.com/in/dpotapenko and then email your resume, work authorization status, current location, availability, and compensation expectations directly to denis.potapenko@systemone.com - make sure to include the exact job title and job location in your email message.

#M1

.