Title: Technical Specialist-Cybersecurity

Description:

Area(s) of responsibility

Job Description: API Risk Management Consultant

Job Summary

We are seeking a detail-oriented and technically proficient API Risk Managment consultant to oversee the end-to-end lifecycle of API keys across our platforms. This role ensures secure, scalable, and compliant management of API credentials, enabling seamless integration and access control for internal and external users.

Key Responsibilities

1. Planning & Strategy

- Define and implement the strategy for API key rotation, expiration, and revocation.
- Collaborate with product, security, and engineering teams to align API key policies with business and compliance requirements.
- Conduct risk assessments and define access scopes for different API consumers.

2. Monitor & Review

- Proactively monitor applications for non-compliant APIs.
- Regularly review API key compliance and rotate keys as needed.
- Ensure compliance with data protection regulations (e.g., PCI DSS).

3. Documentation & Support

- Alert and notify users before about upcoming key rotations and compliance requirements.

- Coordinate with various teams on timely key rotation within required timelines.

- Create and maintain comprehensive documentation for API key usage, lifecycle policies, and integration guides.
- Provide support to internal teams and external partners on API key-related issues.

- Escalate exceptions breaches and document risk acceptance as needed.

Required Skills & Qualifications

- Bachelor's degree in computer science, Information Security, or related field.
- 3+ years of experience in API management, identity and access management (IAM)- Strong understanding of API lifecycle stages and key management tools (e.g., AWS Secrets Manager, HashiCorp Vault).
- Experience with API gateways (e.g., Apigee, AWS API Gateway).
- Excellent problem-solving, communication, and documentation skills.

Preferred Qualifications

- Experience with cloud platforms (AWS, Azure/ GCP).
- Knowledge of regulatory frameworks and compliance standards.
- Certifications in API security or IAM. (Sec+ or any API security cert)

Work Environment

- Hybrid or remote work options.
- Cross-functional collaboration with engineering, product, and security teams.
- Occasional travel for conferences or team meetings.

Apply now »

Provider	Description	Enabled
LinkedIn	LinkedIn is an employment-oriented social networking service. We use the Apply with LinkedIn feature to allow you to apply for jobs using your LinkedIn profile. Opting out of LinkedIn cookies will disable your ability to use Apply with LinkedIn. Cookie Policy Cookie Table Privacy Policy Terms and Conditions
Google Analytics	Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Cookie Information Privacy Policy Terms and Conditions