Senior API Security Engineer
Kuala Lumpur - Malaysia
Job Summary
Key Responsibilities:
API Logic Security: Hunt for Business Logic vulnerabilities (BOLA/IDOR Mass
Assignment) that traditional firewalls miss.
Authentication & Authorization: Design and validate OAuth2 OIDC and JWT
implementations to ensure users can only access their own data.
Attack Simulation: Script automated attacks against the API Gateway to test rate limiting
and fraud detection rules.
Gateway Hardening: Work with the Platform team to configure the API Gateway (Kong
or Azure API Gateway) for maximum security.
Auth & Partner Integration: Deliver new security design patterns and components for
authentication authorization SSO MFA and Partner security. Standardize how we
consume external APIs (Open Banking) and how we secure our own exposed endpoints.
Technical Requirements:
Strong scripting skills (Python) to automate API attacks.
Expertise in REST and GraphQL security.
Deep knowledge of OAuth 2.0 and OpenID Connect (OIDC) flows.
Experience with API Security tools (Postman Burp Suite 42Crunch).
Required Experience:
Senior IC
About Company
As Encora Inc. expands its footprint in Latin America, its acquisition of Nearsoft provides our clients with a unique chance to Nearshore on a global scale.