Product Cloud Security Engineer - Junior to Mid-level

Lucid Motors

  • Newark, CA
  • Permanent
  • Full-time
  • 1 month ago
  • Apply easily
We are seeking a skilled and motivated API Security Assessment Engineer to join our team. The ideal candidate will have experience in API security assessments and possess a basic understanding of various technologies such as AWS Lambda, Serverless Framework, Kubernetes, Docker, Apache Kafka, Istio etc. This is an excellent opportunity for a junior to mid-level professional looking to develop their expertise in API security and contribute to the security posture of our organization.Responsibilities:
  • Conduct security assessments of APIs to identify potential vulnerabilities, weaknesses, and risks.
  • Collaborate with development teams to provide guidance on implementing secure API architectures.
  • Perform code reviews and provide recommendations for secure coding practices.
  • Assist in the development and maintenance of security testing methodologies, tools, and frameworks for API security assessments.
  • Stay updated with the latest security threats, vulnerabilities, and industry best practices related to API security.
  • Create and maintain documentation of security assessment findings, recommendations, and mitigation strategies.
  • Collaborate with cross-functional teams to remediate identified vulnerabilities and ensure the security of APIs.
  • Participate in the design and implementation of secure API authentication and authorization mechanisms.
  • Contribute to training and workshops for development teams on API security best practices.
Requirements:
  • Bachelor's degree in Computer Science, Information Security
  • 1-5 years experience
  • Experience or strong interest in API security assessments and vulnerability management.
  • Basic understanding of API security best practices and standards (e.g., OWASP API Security Top 10).
  • Familiarity with some of the following technologies: AWS Lambda, Serverless Framework, Kubernetes, Docker, Apache Kafka, Istio, Envoy Proxy, Grafana, Prometheus, Cert Manager, Alert Manager, DEX, Kiali, Fluentd, Jaeger, Gigya, Okta.
  • Knowledge of authentication and authorization protocols (e.g., OAuth, JWT) is a plus.
  • Familiarity with security assessment tools such as Burp Suite, OWASP ZAP, or similar is a plus.
  • Basic understanding of secure coding practices and common vulnerabilities in web applications and APIs.
  • Strong problem-solving and analytical skills.
  • Excellent written and verbal communication skills.
  • Ability to work independently and collaboratively in a fast-paced environment.
Preferred Qualifications:
  • Master's degree in Computer Science, Information Security
  • Relevant certifications such as Certified Secure Software Lifecycle Professional (CSSLP) or Certified Application Security Engineer (CASE) are a plus.

Lucid Motors