API / Microsoft Security Engineer (Full Time Role)

MUST BE AVAILABLE FULL TIME 9:00 AM - 5:00 PM EASTERN TIME ZONE FULLY REMOTE ROLE ROLE OVERVIEW As an API Security Engineer within the Global Information Security (GIS) team, you will be responsible for engineering and maintenance of enterprise API governance controls. You will ensure the secure design, deployment, and operation of APIs across cloud and on-premise environments. This role requires a strong blend of Azure infrastructure expertise, DevSecOps principles, and specialized knowledge of API gateways, Web Application Firewalls (WAF), and cryptography. You will partner closely with development teams to ensure secure coding practices, seamless onboarding, and robust protection for both internal microservices and external SaaS integrations. KEY RESONSIBILITIES **API Security & Governance** **API Management (APIM):** Maintain, enforce, and optimize APIM Global Policies to ensure consistent security baselines across all enterprise APIs. **Security Reviews:** Conduct rigorous security architecture reviews of API backend targets to identify vulnerabilities prior to deployment. **SaaS Integrations:** Architect, facilitate, and secure API integrations with third-party SaaS vendors, ensuring strict identity and access controls. **Governance & Monitoring:** Actively monitor and audit API governance process logs to ensure compliance, detect anomalous traffic, and respond to potential threats. **Edge Protection & Routing** **WAF Administration:** Deploy, configure, and maintain Web Application Firewalls (WAF) on Azure Application Gateways and Azure Front Door (AFD) to defend APIs against web exploits and OWASP Top 10 vulnerabilities. **Endpoint Management:** Manage Azure Front Door endpoints and Application Gateway routing to ensure secure, optimized, and highly available API traffic flow. **Cryptography & Certificate Management** **Lifecycle Management:** Oversee the end-to-end lifecycle, deployment, and rotation of Certificate Authority (CA) certificates within API infrastructure for secure API communications. **Infrastructure Coverage:** Execute seamless certificate rotation and management across API Management (APIM) instances and Application Gateways. **Custom DNS:** Manage and rotate custom DNS certificates for Application Gateways to maintain continuous SSL/TLS compliance. **Cloud Infrastructure & Resilience** **Azure Infrastructure Management:** Deploy, maintain, and secure the underlying Azure infrastructure that supports API gateways and associated security tooling. **Disaster Recovery (DR):** Lead failover and disaster recovery testing and maintenance for API infrastructure to ensure high availability and business resilience. **DevSecOps & Developer Enablement** **Developer Onboarding:** Lead API onboarding processes, providing guidance and conducting security training sessions for development and engineering teams. **Pipeline Integration:** Support and troubleshoot Azure DevOps CI/CD pipelines to ensure automated API security checks run smoothly without blocking deployment. **Service Management:** Investigate and resolve ServiceNow (SN) form failures, minimizing developer friction while maintaining strict security guardrails. IDEAL CANDIDATE PROFILE - Extensive experience in cloud security and infrastructure, with a deep specialization in Microsoft Azure. - Subject matter expert in Azure API Management (APIM), Azure Front Door, and Application Gateways. - Strong understanding of API security standards (OAuth 2.0, OIDC, JWT, Mutual TLS) and REST/GraphQL vulnerabilities. - Hands-on experience with PKI, managing certificate lifecycles, and cryptographic protocols. - Proven track record in a DevSecOps environment, supporting developers, managing CI/CD pipelines, and streamlining security requests. - Excellent communication skills with the ability to translate complex security requirements into actionable guidance for development teams.