Product Cloud Security Engineer - Junior to Mid-level
Lucid Motors
- Newark, CA
- Permanent
- Full-time
- Conduct security assessments of APIs to identify potential vulnerabilities, weaknesses, and risks.
- Collaborate with development teams to provide guidance on implementing secure API architectures.
- Perform code reviews and provide recommendations for secure coding practices.
- Assist in the development and maintenance of security testing methodologies, tools, and frameworks for API security assessments.
- Stay updated with the latest security threats, vulnerabilities, and industry best practices related to API security.
- Create and maintain documentation of security assessment findings, recommendations, and mitigation strategies.
- Collaborate with cross-functional teams to remediate identified vulnerabilities and ensure the security of APIs.
- Participate in the design and implementation of secure API authentication and authorization mechanisms.
- Contribute to training and workshops for development teams on API security best practices.
- Bachelor's degree in Computer Science, Information Security
- 1-5 years experience
- Experience or strong interest in API security assessments and vulnerability management.
- Basic understanding of API security best practices and standards (e.g., OWASP API Security Top 10).
- Familiarity with some of the following technologies: AWS Lambda, Serverless Framework, Kubernetes, Docker, Apache Kafka, Istio, Envoy Proxy, Grafana, Prometheus, Cert Manager, Alert Manager, DEX, Kiali, Fluentd, Jaeger, Gigya, Okta.
- Knowledge of authentication and authorization protocols (e.g., OAuth, JWT) is a plus.
- Familiarity with security assessment tools such as Burp Suite, OWASP ZAP, or similar is a plus.
- Basic understanding of secure coding practices and common vulnerabilities in web applications and APIs.
- Strong problem-solving and analytical skills.
- Excellent written and verbal communication skills.
- Ability to work independently and collaboratively in a fast-paced environment.
- Master's degree in Computer Science, Information Security
- Relevant certifications such as Certified Secure Software Lifecycle Professional (CSSLP) or Certified Application Security Engineer (CASE) are a plus.