Senior Lead, Cyber Security Encryption & API Engineer

Job description

About the role

The key responsibilities of this role include:

• Setting up encryption with technologies such as Voltage, Sepa, Protegrity or Microsoft Double Key Encryption
• Understanding the key management framework and best practices for purchasing and managing your own keys
• Design, configuration and provision of Layer 7 gateways (API gateways)
• Implementation and management of policies for threats, routing, caching and request/response transformation
• Use of secure authentication and authorization mechanisms such as OAutH, JWT and SAML
• Configuration and maintenance of web application firewalls (WAF) to protect against OWASP TOP 10 threats such as SQL injection, XSS, CSRF
• Monitoring API traffic and logs for anomalies, performance issues and security incidents
• Integration of Layer 7 proxy with SIEM tools (e.g. Splunk, Azure) for real-time threat detection and incident response
• Implementation of data encryption at rest and during transmission with industry-standard protocols (e.g. AES-256, TLS 1.2/1.3)
• Management and rotation of encryption keys with central key management systems (e.g. AWS KMS, Azure Key Vault, HashiCorp Vault)
• Influence on future encryption strategy, direction, technical and non-technical roadmaps

Additional tasks

The role also includes the following tasks:

• Support in the implementation of data loss prevention and guidance on unit tests and documentation support
• Determination of operational feasibility through evaluation, analysis, problem definition, requirements solution and proposal of solutions
• Collaboration with the Enterprise Architecture organization as required
• Review of documentation, processes or procedures and recommendation of automation or improvements
• Works independently; has in-depth knowledge of the business area/function. Achieves technical and organizational results as required
• As a subject matter expert, provides comprehensive, in-depth advice and guidance to the team and partners
• Creation and maintenance of access control policies including IP whitelisting, blacklisting and header validation
• Secure API lifecycle management including onboarding, versioning, governance and documentation
• Analyzing and responding to cyber threats, vulnerabilities and attack vectors
• Leading incident response processes including detection, containment, remediation and recovery
• Conducting regular risk assessments, threat modeling and security reviews of systems and applications
• Implementation of identity and access management (IAM) practices with SSO, RBAC and federated identity solutions

Requirements

The requirements for this role include:

• Excellent team player, effective at both independent and collaborative work
• Ability to lead and utilize new technologies
• Background in networking, data security and cloud-based applications
• Experience with distributed computing platforms for highly scalable systems
• Experience with Azure services and ecosystem
• Experience with Microsoft and Linux-based environments
• Experience with continuous integration and deployment tools
• Conducting internal safety audits and supporting external safety assessments and certifications
• Training development and operations teams on secure coding practices and security awareness
• Integration of security tools and practices into CICD pipelines (DevSecOps approach)
• Use of vulnerability scanners (e.g. Nessus, Qualys)