48 Api Security Jobs

8-10 years of exp in Cloud Technology, DevSecOps, cloud security, & CI/CD automation. Expertise in Kubernetes security, IAM, API security, & automated compliance frameworks. Hands on exp in Terraform, container security, & zero-trust architecture. Required Candidate profile Manage Enterprise wise Microservices based Applications hosted on AWS Cloud Technology.Exp in CI/CD & DevOps Tools:Jenkins,GitHub Actions,Terraform,AWS Code Pipeline & Kafka.Strong exp in EKS Cluster

Overview Accountability: Hands-On Implementation: Work closely with developers, product teams, and operations to ensure APIs are built, deployed, and maintained in alignment with established governance standards. This includes adhering to PepsiCo's API architecture principles and design guardrails. Technical Enablement: Create and manage reusable API templates, libraries, and frameworks that teams can use, reducing development time while maintaining governance consistency. This involves leveraging PepsiCo's standardized API tooling and documentation standards. Integration Support: Partner with application teams to design integrations that are optimized , secure, and compliant with the enterprise architecture and API governance guidelines. This includes ensuring integrations align with PepsiCo's domain-driven design and API taxonomy. Training and Mentorship: Provide hands-on training, workshops, and code reviews to guide teams on best practices, including error handling, security protocols, and documentation standards. This includes promoting an InnerSource culture to encourage collaboration and reuse of APIs. Monitoring and Optimization: Set up monitoring tools and dashboards for tracking API usage, performance, and compliance, actively working with teams to troubleshoot and improve reliability. This includes using PepsiCo's API management platform to ensure consistent monitoring and alerting. Responsibilities Knowledge of current API technologies, microservices architecture, and cloud-native environments. Familiarity with compliance and regulatory requirements in data handling and cybersecurity. Experience implementing KPIs and dashboards for monitoring API health and usage. Qualifications Key Skills / Required Qualification: Bachelors or Masters degree in Computer Science, Information Technology, or a related field. Ten or more years of experience in IT, with at least five years in API solutions architecture, integration, or related areas. Proven track record of designing and implementing API solutions in a high-scale environment, ideally within SaaS, tech, or digital companies. Strong understanding of API security, authentication, versioning, and lifecycle management. Excellent communication and leadership skills, with experience managing cross-functional teams and influencing stakeholders. Hands-on experience with API management platforms and familiarity with DevOps practices

We are hiring a Senior Node.js Developer with 8+ years of experience for a remote, long-term contract role. The ideal candidate should have hands-on experience with backend development using Node.js, AWS cloud services, and designing scalable microservices. You will design and implement RESTful APIs, ensure API security, apply serverless principles, and contribute to a highly scalable architecture. Strong analytical, problem-solving, and communication skills are a must for success in a remote work environment. Location-Delhi NCR,Bangalore,Chennai,Pune,Kolkata,Ahmedabad,Mumbai,Hyderabad,Remote (IST Hours)

Key Responsibilities: Design, develop, and maintain automated test scripts for RESTful APIs using tools like Postman, RestAssured, or similar frameworks. Perform functional, integration, regression, and performance testing of APIs. Develop test strategies, plans, and test cases to ensure comprehensive test coverage. Debug, analyze, and report defects, and work closely with development teams to resolve issues. Integrate automated API tests into CI/CD pipelines using Jenkins, GitLab, or similar tools. Utilize tools like Charles, Fiddler, or Wireshark to debug and inspect API traffic. Monitor API performance and reliability, ensuring compliance with SLAs and performance benchmarks. Collaborate with cross-functional teams to ensure API requirements and specifications are met. Maintain detailed and accurate documentation of test processes, results, and defect tracking. Required Skills: Solid understanding of RESTful web services, JSON, and XML data formats. Proficiency in API testing tools like Postman, RestAssured, SoapUI, or similar. Hands-on experience with automation frameworks and libraries (e.g., TestNG, Cucumber). Expertise in developing and maintaining API automation scripts using tools such as RestAssured, Postman, or similar frameworks. Strong programming skills in Java / Python. Experience in API performance testing using tools like JMeter, LoadRunner, or similar. Experience with CI/CD tools (e.g., Jenkins, GitLab CI/CD). Knowledge of API security best practices, including OAuth, JWT, and token authentication. Knowledge of microservices architecture and its testing strategies.

We're Hiring! I am excited to share some amazing career opportunities at Happiest Minds. Take your Security career to the next level with Happiest Minds, ! Join a dynamic team, where Security Meets Innovation, and grow with us. Be recognized in a Great Place to Work Certified environment Interested professionals can directly reach out to me ankita.patari@happiestminds.com or can apply in below post Skills: Vulnerability Assessment,Penetration Testing,Manual Penetration Testing using OWASP checklists,Static/dynamic testing of mobile applications,OWASP Top 10 Roles and Responsibility: Roles and responsibility: Perform Web Application Security Assessment, API Security Assessment, Mobile Application Security Assessment & Thick Client Security Assessment. Report Preparation etc. Thanks and Regards, Ankita Ghosh

Design and build scalable REST APIs using FastAPI, integrate optimized SQL queries, collaborate with cross-functional teams, ensure secure coding, participate in agile sprints, and deploy services using CI/CD and Docker Required Candidate profile Experienced Python developer with 5+ years in backend/API development using FastAPI, strong SQL proficiency, knowledge of Docker, CI/CD, cloud, and secure coding practices.

We are looking for a MuleSoft Developer with experience in BizTalk to MuleSoft migration or a background in working with BizTalk and MuleSoft separately. The ideal candidate will have strong integration skills, particularly in designing, developing, and migrating APIs and systems using MuleSoft. Key Responsibilities: Lead or assist in migrating BizTalk solutions to MuleSofts Anypoint Platform. Design, develop, and maintain APIs using MuleSoft Anypoint Platform. Collaborate with teams to understand existing BizTalk solutions and define migration strategies. Implement data transformations and system integrations using MuleSoft and other tools. Monitor and troubleshoot integration flows and ensure smooth operations post-migration. Document migration processes and best practices for future projects. Required Skills and Qualifications: Bachelors degree in Computer Science, Information Technology, or a related field. 5+ years of experience in MuleSoft development. Experience with BizTalk Server and MuleSoft Anypoint Platform. Hands-on experience with BizTalk to MuleSoft migration or individual projects with BizTalk and MuleSoft. Strong knowledge of API development, REST, SOAP, and DataWeave. Proficiency in Java, XML, JSON, and MuleSoft connectors. Familiarity with integration patterns and enterprise application integration. Experience with CI/CD pipelines, API Manager, and Runtime Manager. Excellent troubleshooting skills with the ability to handle complex integrations. Preferred Skills: MuleSoft certification (MCD - MuleSoft Certified Developer). Experience with API security best practices, including OAuth 2.0 and JWT. Knowledge of CloudHub and cloud platforms like AWS or Azure. Location-Delhi NCR,Bangalore,Chennai,Pune,Kolkata,Ahmedabad,Mumbai,Hyderabad,Remote

IAM Engineer (Functional & Technical) – Expertise in OAuth2.0, CIAM, ForgeRock, Java Full Stack & AWS. Designs & implements secure IAM solutions.

Solid foundations in API exposure space API life-cycle management (API design best practices, discovery, inventory management, governance) API Provider and Consumer journey REST fundamentals API Security OAS fundamentals

Design and maintain Azure-based APIs and integration solutions using Logic Apps, Functions, and API Management. Required Candidate profile 5–10 yrs in C#, .NET, REST APIs, Azure Integration. Team collaboration & system design experience.

This is primarily a lead role, helping drive technical initiative forward with teams, given broad guidance and support. Need to have solid foundations in API exposure space. API life-cycle management (API design best practices, discovery, inventory management, governance) API Provider and Consumer journey REST fundamentals. API Security (AuthN, AuthZ, OpenID/OAuth 2.0/POP/PKCE etc) & OWASP OAS fundamentals too - API documentation, Error code's etc GraphQL is a plus. Must: Be able to write production quality code in Java / Open-Source technologies. Python is good to have, exposure to building sdks is strongly desired. Must: have good hands-on experience on Microservices architecture, Kafka/Message Broker, and Event Driven Architecture. Must: have good hands-on experience on Database technologies (SQL & NoSQL) and design expertise on database modeling etc Be able to take direction from tech leads and drive across teams (once teams are aligned) with minimal guidance. This is key, to not require too much granular guidance. Doesn't need to have telecom background, need to be able to pick up new concepts quickly Hands on Exposure to API Gateways is a strong plus (not a must-to have requirement) as is prior experience with API exposure to customers.

Required Skills: Cyber Risk Risk Mitigation Strategies for Security Controls SAST and DAST Tools Profile: - 5+ years of experience in application/API security, risk management, or related fields - Strong understanding of application security architecture, compliance frameworks, and risk management principles - Experience with application security assessments, risk assessments, and security controls implementation - Excellent analytical, problem-solving, and communication skills - Familiarity with cloud security framework, tools, and technologies (e.g., OSWAP, CSPM, CWPP, CIEM, DAST/SAST) - Certifications in cloud security, risk management, or related fields (e.g., CCSK, CRISC, CISSP) Job Summary: We are seeking a seasoned Cyber Risk Consultant to assess and mitigate risks associated with our private cloud control plane (API Services). The successful candidate will perform risk assessments, identify vulnerabilities, and develop strategies to optimize security and compliance in control plane. Responsibilities: - Conduct risk assessments and security evaluations of private cloud control plane services (API Services) - Identify and prioritize vulnerabilities, threats, and potential attack vectors - Develop and implement risk mitigation strategies and security controls - Evaluate security configurations, policies, and procedures - Assess compliance with industry standards and regulatory requirements (e.g., NIST, SOC 2, PCI-DSS, OSWAP) - Develop and maintain risk management frameworks, playbooks, and reporting dashboards - Stay current with emerging application/API security threats and technologies - Communicate risk and security recommendations to stakeholders

Preferred Technical Skills: Mule 4 , DataWeave , API Manager , Flex Gateway .NET Framework/Core , C#, ASP.NET, WCF API security (OAuth2, JWT, IP filtering), policy enforcement SQL , stored procedures, and relational database integration Runtime Fabric , Docker , Kubernetes , AKS DevOps tools (Azure DevOps, Git, CI/CD pipelines) Cloud integration and security (Azure Required) Strong understanding of networking, cloud security, and system performance optimization

We are looking for an experienced API Developer with at least 3 years of hands-on experience in designing, developing, and maintaining RESTful APIs. The ideal candidate should have strong expertise in backend development, API security, performance optimization, and integration with third-party services.

Expected Role: Security engineering, security architect, manual security code review, threat modeling, cloud security, application security, product security. Proven experience in cybersecurity with a focus on Cloud security, microservices & API Security, AI security, and Zero Trust Architecture. Proficiency in threat modeling and risk assessments across various domains such as AI, Cloud, Network, Infrastructure, and applications. Expertise in security and network architecture, particularly in securing microservices, APIs & cloud native applications. In-depth experience with securing the SDLC, performing secure code reviews, and analyzing penetration testing reports. Proven track record of enhancing cloud security posture and implementing robust controls. Ability to evaluate and recommend mitigation strategies based on penetration testing and threat analysis. Excellent stakeholder management and communication skills. Ability to work independently, lead projects, and mentor junior team members. Bachelors or masters degree in Cybersecurity, Computer Science, Information Technology, or a related field. Strong knowledge of NIST frameworks (including NIST Cybersecurity Framework, NIST 800-53, NIST RMF), COBIT, ISO/IEC 27001, ISO/IEC 42001 and PCI DSS. Pursue relevant certifications such as CISSP, CCSP, CISM, CISA, CEH, Security+ or industry-specific certifications to enhance cybersecurity proficiency and credibility.

F5 is seeking an Associate Technical Account Manager (TAM) to support enterprise customers, including banks and financial institutions , in securing their web applications. This role involves managing deployments, ensuring compliance, and providing proactive security guidance . The ideal candidate has 3+ years of experience in cybersecurity, system integration, or technical account management , preferably in banking, finance, or regulatory environments . Roles and Responsibilities: Act as the primary technical contact for customers, ensuring smooth onboarding and integration of F5 security solutions (WAF, Bot Defense, API Security, DDoS, CDN). Project manage the installation and integration of F5 security as a service solution for Fortune 500 and Global 1000 companies. Support customers with security best practices, audit readiness, and regulatory compliance. Work with customers to identify risks, optimize security postures, and enhance system resilience. Proactively anticipate customer needs and facilitate project success. Act as the primary representative between our customers and F5. Develop and implement best practices for program/project management, communication artifacts, reporting, and capability improvements. Develop models for resource planning and consumption as well as key performance metrics for project/program success. Communicate effectively; organize and prioritize; solve problems and make decisions; build teams and relationships. Minimum Qualifications: Strong technical background with at least 3+ years of system integration within complex environments. Experience working with major load balancers currently on the market. Exposure to cybersecurity solutions or cloud platforms (AWS, GCP, or Azure). Understanding of TCP/IP, HTTP, HTML, Javascript, CSS, and other technologies involved in delivering sophisticated web services. Bachelor's degree in Computer Science, Information Systems, or related engineering discipline, OR equivalent industry work experience. Certification is preferred but optional based on the level of experience. A customer-centric attitude and the ability to communicate well at all levels of an organization. Ability to work in a very fast-paced environment and communicate effectively. Desired Skills: Familiarity with networking concepts (CDNs, application delivery controllers, load balancers, and Web Application Firewalls). Experience of Content Delivery Networks and reverse proxy. Experience in Web Application Firewall, Bot Defense, API Security, DDOS, Reputation Service, and Multi Cloud networking. Experience with at least one of the Cloud Platforms (AWS, Azure, GCP) Basic programming or scripting knowledge (e.g., Python, Terraform). Understanding of containerization technologies like Kubernetes (certifications are a plus). Experience configuring networking equipment like BIG-IP or writing iRules (even if limited).

Position Responsibilities: Lead the design and development of MuleSoft integrations and APIs, ensuring alignment with business goals and technical best practices. Collaborate with Product Owners, engineers, and stakeholders to define API requirements and use cases Implement API governance, enforce standards, and promote API best practices across teams. Drive API consumer-centric designs, focusing on scalability, security, and usability. Mentor and guide development teams, contributing to training content and facilitation. Conduct contract testing, mocking, and API versioning to ensure seamless integration. Champion Agile methodologies for continuous delivery and iterative improvements. Required Skills and Qualifications: Proven experience as a MuleSoft Architect, including hands-on expertise in Mule 4.x. MuleSoft Certified Architect (MCA) required. Strong understanding of API security standards (OAuth 2.0, OpenID Connect) and API governance. Solid experience with Java Spring Boot and Agile product development methods. Proficiency in development tools like GitHub for version control and collaboration. Excellent analytical, problem-solving, and organizational skills. Effective verbal and written communication skills. Ability to quickly grasp complex concepts in a fast-paced environment

We are hiring for Security Engineer- Navi Mumbai Location (Belapur) for one of our project. Interested candidate can share resume to ankita.patari@happiestminds.com Experience: 2 to 5 Years Location: Navi Mumbai Location (Belapur) Office Timings: Monday to Friday (First Saturday and Third Saturday working) Looking for max 15 Days Joiners only Immediate Joiners please mentioned in Subject Line(Immediate Joiner_AppSec) General Shift Exp Range-2 to 4 Years Primary Skills : SAST, Penetration testing , Vulnerability Assessment Responsibility: Static Code analysis, Static/dynamic testing of mobile applications,Vulnerability Assessment,Penetration Testing Thanks And Regards, Ankita P Ghosh ankita.patari@happiestminds.com

10-12+ years of software development and testing experience using NodeJS, Nest related technologies Experience working with REST API, API security Experience working with ReactJS Experience with SQL (MSSQL, MySQL), ORM, NoSQL (MongoDB) Experience in Azure development is a plus Experience in Product Development Excellent communication skills Capable of system tuning, code optimization and bug solving Familiar with source control principles and systems Strong problem-solving skills in a fast-paced environment Understanding of SDLC and working experience in agile team is preferred

Node.js experience, TypeScript, JavaScript, NoSQL/Graph databases, and API development. Expertise in GraphQL, Docker, cloud deployment (AWS/Azure), (React.js/AngularJS) is required. Knowledge of API security, logging, Koa.js, and build tools is plus

Mandatory Skills: API Development & SQL Knowledge Apigee Edge API Developer tools: XML, JavaScript, JSON, SOAP, OAuth 2.0 Frameworks/Tools: Spring Boot, Swagger.io, Elastic Search, DBeaver, Postman, Jenkins, JMeter, 42 Crunch Experience with IDEs and scripting DBA knowledge is a plus Should have 50-80% hands-on technical capability Candidate must be trainable and have strong technical aptitude Good to Have: Exposure to broader DevOps practices Familiarity with API security and monitoring tools Jenkins pipeline scripting Understanding of cloud infrastructure (AWS/GCP preferred) Responsibilities: Design, develop, and manage APIs using APIGEE Edge Implement and manage API security, traffic control, analytics, and monitoring Troubleshoot issues and maintain the performance of API gateways Collaborate with backend teams for API integration Maintain detailed documentation of APIs and ensure alignment with business objectives Work Location: (Remote/Hybrid options may apply) Communication: Strong communication & interpersonal skills required Share Resume With Below Details: Current CTC: Expected CTC: Preferred Location: Send Resume To: Contact: 9032956160 Location-Delhi NCR,Bangalore,Chennai,Pune,Kolkata,Ahmedabad,Mumbai,Hyderabad

Communication: Strong communication & interpersonal skills required Mandatory Skills: API Development & SQL Knowledge Apigee Edge API Developer tools: XML, JavaScript, JSON, SOAP, OAuth 2.0 Frameworks/Tools: Spring Boot, Swagger.io, Elastic Search, DBeaver, Postman, Jenkins, JMeter, 42 Crunch Experience with IDEs and scripting DBA knowledge is a plus Should have 50-80% hands-on technical capability Candidate must be trainable and have strong technical aptitude Good to Have: Exposure to broader DevOps practices Familiarity with API security and monitoring tools Jenkins pipeline scripting Understanding of cloud infrastructure (AWS/GCP preferred) Responsibilities: Design, develop, and manage APIs using APIGEE Edge Implement and manage API security, traffic control, analytics, and monitoring Troubleshoot issues and maintain the performance of API gateways Collaborate with backend teams for API integration Maintain detailed documentation of APIs and ensure alignment with business objectives Location: Chennai | Delhi NCR | Pune | Bangalore | Hyderabad | Kolkata

Job Description Principal Security Software Engineer Are you interested in building large-scale distributed software for the cloud? Oracles Service Cloud team is building Software-as-a-Service technologies that operate at high scale in a broadly distributed multi-tenant cloud environment. Our customers run their businesses on our cloud, and our mission is to provide them with best in class compute, storage, networking, database, security, and an ever expanding set of foundational cloud-based services. Were looking for hands-on engineers with expertise and passion in identifying and resolving difficult security problems in distributed systems, virtualized infrastructure, and highly available services. If this is you, at Oracle you can design and build innovative new systems from the ground up. These are exciting times in our space - we are growing fast, still at an early stage, and working on ambitious new initiatives. An engineer at any level can have significant technical and business impact. As a Principal Security Software Engineer you will review the software design and development for all components of Oracles Service Cloud team. Develops and execute programs and processes to reduce information security risk and strengthen Oracles security posture. You should value simplicity and scale, work comfortably in a collaborative, agile environment, and be excited to learn. Things you'll do:* Penetration testing* Hardening of network, software and firmware* Security tool development (e.g. scanning tools)* Security metrics definition and delivery* Consult across different software development teams* Attack vector modeling* Champion secure coding practices Minimum Qualifications: Bachelors or Masters degree in Computer Science or related field 7+ years of experience in software engineering or related field Experience working in a large cloud or Internet software company preferred Strong application/product/software security background Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff Excellent organizational, verbal and written communication skills Ability to succeed through collaboration and working through internal and external organizations and individuals Prior DevOps or continuous delivery and deployment experience preferred Strong security testing experience with Fortify, Burp, Zap or Webinspect. Thorough understanding of latest security principles, techniques, and protocols. Security certifications is a plus. Skills Required: Application architecture and design reviews; Penetration Testing and Vulnerability assessments; Web Services and API security assessments; Product Security Assessments and Threat Modeling; Dynamic Vulnerability Scanning using automated application scanners; Execute Secure Code Audits using manual and automated methods to review product codes; Secure SDLC Processes including DevOps and Agile; Knowledge of languages, including Java, .Net, PHP, C++, and XML; Security Testing tools, including Nmap, Nessus, Web Inspect, BurpSuite, ZAP Scanner, Fortify Secure code scanner, SOAP UI, Kali Linux, and Metasploit; Operating Systems including Windows and Linux; Cryptographic algorithms, hashing algorithms, encryption; and Network and web related protocols, including TCP/IP, TLS/SSL, HTTP, and FTP. Detailed Description and Job Requirements As a member of the software security team, you will assist in defining and developing software for tasks associated with the security testing of software applications. Provide technical leadership to other software developers. Specify, design and implement modest changes to existing software architecture to meet changing needs. Develop, implement, and enforce Oracles security policies. Develop, implement, and manage Oracles compliance with operational security procedures. Develop Security Review threat model and operationalization standards for cloud services to be built and deployed into Oracles Service cloud. Duties and tasks are varied and complex needing independent judgment. Fully competent in own area of expertise. Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans status or any other characteristic protected by law. Career Level - IC4 Career Level - IC4 Responsibilities Supports the strengthening of Oracles security posture, focusing on one or more of the following: risk management; regulatory compliance; threat and vulnerability management; incident management and response; security policy development and enforcement; privacy; information security education, training and awareness (ISETA); digital forensics and similar focus areas.Risk Management: Brings advanced level skills to assess the information security risk associated with existing and proposed business operational programs, systems, applications, practices and procedures in very complex, business-critical environments. May conduct and document very complex information security risk assessments. May assist in the creation and implementation of security solutions and programs.Regulatory Compliance: Brings advanced level skills to manage programs to establish, document and track compliance to industry and government standards and regulations, e.g. ISO-27001, PCI-DSS, HIPAA, FedRAMP, GDPR, etc. Researches and interprets current and pending governmental laws and regulations, industry standards and customer and vendor contracts to communicate compliance requirements to the business. Participates in industry forums monitoring developments in regulatory compliance.Threat and Vulnerability Management: Brings advanced level skills to research, evaluate, track, and manage information security threats and vulnerabilities in situations where in-depth analysis of ambiguous information is required.Incident Management and response: Brings advanced level skills to respond to security events, identifying possible intrusions and responding in line with Oracle incident response playbooks. May operate as Incident Commander on serious incidents.Digital Forensics: Brings advanced level skills to conduct data collection, preservation and forensic analysis of digital media independently, where an advanced understanding of forensic techniques is required.Other areas of focus may include duties providing advanced level skills and knowledge to manage Information Security Education, Training and Awareness programs. In Security role, may manage the creation, review and approval of corporate information security policies.Mentors and trains other team members. Compiles information and reports for management.

Job Description Principal Security Software Engineer Are you interested in building large-scale distributed software for the cloud? Oracles Service Cloud team is building Software-as-a-Service technologies that operate at high scale in a broadly distributed multi-tenant cloud environment. Our customers run their businesses on our cloud, and our mission is to provide them with best in class compute, storage, networking, database, security, and an ever expanding set of foundational cloud-based services. Were looking for hands-on engineers with expertise and passion in identifying and resolving difficult security problems in distributed systems, virtualized infrastructure, and highly available services. If this is you, at Oracle you can design and build innovative new systems from the ground up. These are exciting times in our space - we are growing fast, still at an early stage, and working on ambitious new initiatives. An engineer at any level can have significant technical and business impact. As a Principal Security Software Engineer you will review the software design and development for all components of Oracles Service Cloud team. Develops and execute programs and processes to reduce information security risk and strengthen Oracles security posture. You should value simplicity and scale, work comfortably in a collaborative, agile environment, and be excited to learn. Things you'll do:* Penetration testing* Hardening of network, software and firmware* Security tool development (e.g. scanning tools)* Security metrics definition and delivery* Consult across different software development teams* Attack vector modeling* Champion secure coding practices Minimum Qualifications: Bachelors or Masters degree in Computer Science or related field 7+ years of experience in software engineering or related field Experience working in a large cloud or Internet software company preferred Strong application/product/software security background Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff Excellent organizational, verbal and written communication skills Ability to succeed through collaboration and working through internal and external organizations and individuals Prior DevOps or continuous delivery and deployment experience preferred Strong security testing experience with Fortify, Burp, Zap or Webinspect. Thorough understanding of latest security principles, techniques, and protocols. Security certifications is a plus. Skills Required: Application architecture and design reviews; Penetration Testing and Vulnerability assessments; Web Services and API security assessments; Product Security Assessments and Threat Modeling; Dynamic Vulnerability Scanning using automated application scanners; Execute Secure Code Audits using manual and automated methods to review product codes; Secure SDLC Processes including DevOps and Agile; Knowledge of languages, including Java, .Net, PHP, C++, and XML; Security Testing tools, including Nmap, Nessus, Web Inspect, BurpSuite, ZAP Scanner, Fortify Secure code scanner, SOAP UI, Kali Linux, and Metasploit; Operating Systems including Windows and Linux; Cryptographic algorithms, hashing algorithms, encryption; and Network and web related protocols, including TCP/IP, TLS/SSL, HTTP, and FTP. Detailed Description and Job Requirements As a member of the software security team, you will assist in defining and developing software for tasks associated with the security testing of software applications. Provide technical leadership to other software developers. Specify, design and implement modest changes to existing software architecture to meet changing needs. Develop, implement, and enforce Oracles security policies. Develop, implement, and manage Oracles compliance with operational security procedures. Develop Security Review threat model and operationalization standards for cloud services to be built and deployed into Oracles Service cloud. Duties and tasks are varied and complex needing independent judgment. Fully competent in own area of expertise. Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans status or any other characteristic protected by law. Career Level - IC4 Responsibilities Supports the strengthening of Oracles security posture, focusing on one or more of the following: risk management; regulatory compliance; threat and vulnerability management; incident management and response; security policy development and enforcement; privacy; information security education, training and awareness (ISETA); digital forensics and similar focus areas.Risk Management: Brings advanced level skills to assess the information security risk associated with existing and proposed business operational programs, systems, applications, practices and procedures in very complex, business-critical environments. May conduct and document very complex information security risk assessments. May assist in the creation and implementation of security solutions and programs.Regulatory Compliance: Brings advanced level skills to manage programs to establish, document and track compliance to industry and government standards and regulations, e.g. ISO-27001, PCI-DSS, HIPAA, FedRAMP, GDPR, etc. Researches and interprets current and pending governmental laws and regulations, industry standards and customer and vendor contracts to communicate compliance requirements to the business. Participates in industry forums monitoring developments in regulatory compliance.Threat and Vulnerability Management: Brings advanced level skills to research, evaluate, track, and manage information security threats and vulnerabilities in situations where in-depth analysis of ambiguous information is required.Incident Management and response: Brings advanced level skills to respond to security events, identifying possible intrusions and responding in line with Oracle incident response playbooks. May operate as Incident Commander on serious incidents.Digital Forensics: Brings advanced level skills to conduct data collection, preservation and forensic analysis of digital media independently, where an advanced understanding of forensic techniques is required.Other areas of focus may include duties providing advanced level skills and knowledge to manage Information Security Education, Training and Awareness programs. In Security role, may manage the creation, review and approval of corporate information security policies.Mentors and trains other team members. Compiles information and reports for management.

Job Description Minimum Qualifications 10+ years of experience in security engineering, detection engineering, or cloud security. Strong expertise in application security, API security, and SaaS-specific threat detection. Experience with SIEM, SOAR, and detection-as-code tools (e.g., Splunk, OpenSearch, KQL, Sigma). Proficiency in log analysis, security telemetry engineering, and anomaly detection in cloud applications. Experience integrating security controls into SaaS applications and microservices. Good programming and automation skills. Preferred Qualifications Experience with automated threat simulations, MITRE ATT&CK mappings, and adversary emulation. Knowledge of risk quantification methods and security metrics for executive reporting. Familiarity with cloud-native security tools. Hands-on experience in threat intelligence-driven detection engineering. Security certifications (e.g., GIAC GCDA/GCFA, AWS Security Specialty, GCP Security Engineer, OSCP). Career Level - IC5 Responsibilities 1. SaaS-Application Centric Detection Research & Engineering Develop and refine application-layer security detections for FAaaS, Spectra, and other critical LoBs, focusing on business logic abuse, API security threats, and identity-based attacks. Research and engineer detections for SaaS-specific attack vectors. Leverage detection-as-code frameworks (e.g., Sigma, OpenSearch, KQL) to automate the development and tuning of detection rules. Work closely with application security teams to enhance telemetry and ensure that security observability is embedded in SaaS products. 2. Proactive Security Controls & Mitigative Capabilities Move beyond traditional monitoring by implementing proactive security controls to mitigate threats before exploitation. Collaborate with development teams to integrate security controls into SaaS applications for real-time anomaly detection and automated response. Drive continuous security validation efforts through automated adversary simulation and detection effectiveness testing. 3. Cross-Team Integration & Real-Time Threat Intelligence Sharing Drive collaboration between Detection Engineering, Incident Response, and Red Teams by aligning detection research with real-world attack simulations and post-incident learnings. Develop automated feedback loops to reduce false positives, false negatives, and coverage gaps. Work with Incident Response to develop automated triage and enrichment mechanisms for SaaS security incidents. 4. Risk-Based Detection Engineering & Security Metrics Shift towards a risk-based detection approach, ensuring that high-impact threats are prioritized based on their potential financial and reputational consequences. Provide executive-level visibility into detection efficacy by quantifying the impact of mitigated threats and aligning detection efforts with business risk. Develop security dashboards and reporting to communicate detection outcomes, including risk coverage, adversary trends, and operational efficiency. 5. Proactive Threat Hunting & Data Anomaly Analysis Expand threat hunting and anomaly detection capabilities to identify previously unknown threats affecting SaaS customers and cloud applications. Utilize advanced data analytics and behavioral anomaly detection to identify stealthy attacks that evade traditional detection methods. Reduce reliance on SOC-driven escalations by proactively analyzing security telemetry for signs of compromise. Work closely with data scientists to enhance the use of ML/AI-driven security analytics for predictive threat detection. #LI-DNI