API Security engineeringfor internal and external/internet-facing endpoints, including edge/API gateway protections and continuous API discovery (shadow/zombie APIs) This role is best suited for a ...
API Security engineeringfor internal and external/internet-facing endpoints, including edge/API gateway protections and continuous API discovery (shadow/zombie APIs) This role is best suited for a ...
IBM API Developer
Torrance, CA · On-site
Implement API security mechanisms including: * OAuth 2.0 * JWT * API Keys * Mutual TLS * Develop custom logic using: * XSLT * GatewayScript (JavaScript) * Create and manage OpenAPI / Swagger ...
Quick apply
IBM API Developer
Torrance, CA · On-site
Implement API security mechanisms including: * OAuth 2.0 * JWT * API Keys * Mutual TLS * Develop custom logic using: * XSLT * GatewayScript (JavaScript) * Create and manage OpenAPI / Swagger ...
Lead Cybersecurity - Application Security Engineer - Dynamic, Runtime & API Security
$57.25 - $76.75/hr
API Security engineeringfor internal and external/internet-facing endpoints, including edge/API gateway protections and continuous API discovery (shadow/zombie APIs) This role is best suited for a ...
Lead Cybersecurity - Application Security Engineer - Dynamic, Runtime & API Security
$57.25 - $76.75/hr
API Security engineeringfor internal and external/internet-facing endpoints, including edge/API gateway protections and continuous API discovery (shadow/zombie APIs) This role is best suited for a ...
API Security engineeringfor internal and external/internet-facing endpoints, including edge/API gateway protections and continuous API discovery (shadow/zombie APIs) This role is best suited for a ...
API Security engineeringfor internal and external/internet-facing endpoints, including edge/API gateway protections and continuous API discovery (shadow/zombie APIs) This role is best suited for a ...
Lead Cybersecurity - Application Security Engineer - Dynamic, Runtime & API Security
$56.50 - $75.50/hr
API Security engineeringfor internal and external/internet-facing endpoints, including edge/API gateway protections and continuous API discovery (shadow/zombie APIs) This role is best suited for a ...
Lead Cybersecurity - Application Security Engineer - Dynamic, Runtime & API Security
$56.50 - $75.50/hr
API Security engineeringfor internal and external/internet-facing endpoints, including edge/API gateway protections and continuous API discovery (shadow/zombie APIs) This role is best suited for a ...
API Developer
Reston, VA · On-site
Responsibilities : • Design and develop RESTful APIs • Implement API security standards • Integrate APIs with third-party services • Maintain API documentation • Perform unit and ...
API Developer
Reston, VA · On-site
Responsibilities : • Design and develop RESTful APIs • Implement API security standards • Integrate APIs with third-party services • Maintain API documentation • Perform unit and ...
Lead Cybersecurity - Application Security Engineer - Dynamic, Runtime & API Security
Charlotte, NC · On-site
$57.50 - $76.75/hr
API Security engineering for internal and external/internet-facing endpoints, including edge/API gateway protections and continuous API discovery (shadow/zombie APIs) This role is best suited for a ...
Lead Cybersecurity - Application Security Engineer - Dynamic, Runtime & API Security
Charlotte, NC · On-site
$57.50 - $76.75/hr
API Security engineering for internal and external/internet-facing endpoints, including edge/API gateway protections and continuous API discovery (shadow/zombie APIs) This role is best suited for a ...
Establish API security using OAuth 2.0, JWT, OpenID Connect, SSL/TLS, mTLS, and threat protection policies. * Define API governance standards, best practices, and reusable frameworks. * Drive ...
Establish API security using OAuth 2.0, JWT, OpenID Connect, SSL/TLS, mTLS, and threat protection policies. * Define API governance standards, best practices, and reusable frameworks. * Drive ...
API Architect
Atlanta, TX · On-site
Experience with Designs API security, authentication, and authorization mechanisms. * Extensive experience with leading the design and development of APIs that enable integration between various ...
Quick apply
API Architect
Atlanta, TX · On-site
Experience with Designs API security, authentication, and authorization mechanisms. * Extensive experience with leading the design and development of APIs that enable integration between various ...
Lead Cybersecurity - Application Security Engineer - Dynamic, Runtime & API Security
$65.75 - $87.75/hr
API Security engineeringfor internal and external/internet-facing endpoints, including edge/API gateway protections and continuous API discovery (shadow/zombie APIs) This role is best suited for a ...
Lead Cybersecurity - Application Security Engineer - Dynamic, Runtime & API Security
$65.75 - $87.75/hr
API Security engineeringfor internal and external/internet-facing endpoints, including edge/API gateway protections and continuous API discovery (shadow/zombie APIs) This role is best suited for a ...
API Monitoring and Security: Implement API monitoring solutions and security tools to ensure the integrity and security of APIs, adhering to best practices in API security. * 10+ years of experience ...
API Monitoring and Security: Implement API monitoring solutions and security tools to ensure the integrity and security of APIs, adhering to best practices in API security. * 10+ years of experience ...
API Architect
Mount Laurel, NJ · On-site
... security best practices and regulatory standards. Qualifications : Required : • 12 - 16 Years of experience • API Architecture & Governance • Microservices Design • REST API Development • ...
API Architect
Mount Laurel, NJ · On-site
... security best practices and regulatory standards. Qualifications : Required : • 12 - 16 Years of experience • API Architecture & Governance • Microservices Design • REST API Development • ...
API Security engineeringfor internal and external/internet-facing endpoints, including edge/API gateway protections and continuous API discovery (shadow/zombie APIs) This role is best suited for a ...
API Security engineeringfor internal and external/internet-facing endpoints, including edge/API gateway protections and continuous API discovery (shadow/zombie APIs) This role is best suited for a ...
Web API Architect
Pennington, NJ · On-site
The role involves creating API designs, integrating third-party services, establishing security protocols, and mentoring development teams. Responsibilities : • Develop robust, scalable API ...
Web API Architect
Pennington, NJ · On-site
The role involves creating API designs, integrating third-party services, establishing security protocols, and mentoring development teams. Responsibilities : • Develop robust, scalable API ...
API Security: API Key Validation ,,Authentication, Authorization and Identity Scrum based delivery Restful API design patterns. Good hands-on development experience with Java and good background on ...
API Security: API Key Validation ,,Authentication, Authorization and Identity Scrum based delivery Restful API design patterns. Good hands-on development experience with Java and good background on ...
Web API Architect
Pennington, NJ · On-site
The role involves creating API designs, integrating third-party services, establishing security protocols, and mentoring development teams. Responsibilities : • Develop robust, scalable API ...
Web API Architect
Pennington, NJ · On-site
The role involves creating API designs, integrating third-party services, establishing security protocols, and mentoring development teams. Responsibilities : • Develop robust, scalable API ...
The Principal Identity and API Architect will lead the development of TripleLift's identity infrastructure and API security strategy, collaborating with various teams to design and implement a robust ...
The Principal Identity and API Architect will lead the development of TripleLift's identity infrastructure and API security strategy, collaborating with various teams to design and implement a robust ...
API DevelopmentExtensive project experience with designing and implementing APIsSound experience implementing API Security and Access Control (OAuth/SAML, Web SSO, SSL etc.)Session ManagementAPI ...
API DevelopmentExtensive project experience with designing and implementing APIsSound experience implementing API Security and Access Control (OAuth/SAML, Web SSO, SSL etc.)Session ManagementAPI ...
Web API Architect
Pennington, NJ · On-site
$110K - $125K/yr
API Architecture & Design (RESTful APIs, Microservices, SOAP/GraphQL), API Security (OAuth, JWT), and API Integration with strong expertise in scalability, performance, and API management platforms.
Web API Architect
Pennington, NJ · On-site
$110K - $125K/yr
API Architecture & Design (RESTful APIs, Microservices, SOAP/GraphQL), API Security (OAuth, JWT), and API Integration with strong expertise in scalability, performance, and API management platforms.
Our API Security pillar focuses specifically on the risk of externally exploitable authorization weaknesses in internet-facing APIs. As a Software Engineer in ISE Auth, you will protect user data and ...
Our API Security pillar focuses specifically on the risk of externally exploitable authorization weaknesses in internet-facing APIs. As a Software Engineer in ISE Auth, you will protect user data and ...
Api Security information
See salary details
$11.54 - $12.76
1% of jobs
$12.76 - $13.99
3% of jobs
$13.99 - $15.21
13% of jobs
$15.65 is the 25th percentile. Wages below this are outliers.
$15.21 - $16.43
22% of jobs
The median wage is $16.97 / hr.
$16.43 - $17.66
24% of jobs
$18.41 is the 75th percentile. Wages above this are outliers.
$17.66 - $18.88
18% of jobs
$18.88 - $20.10
7% of jobs
$20.10 - $21.33
4% of jobs
$21.33 - $22.55
3% of jobs
$22.55 - $23.78
2% of jobs
$23.78 - $25
1% of jobs
$11
$19
$25
How much do api security jobs pay per hour?
Can I make $200 a year in cyber security?
What does API security do?
Is API security good?
What is an API Security job?
An API Security job focuses on protecting application programming interfaces (APIs) from threats such as unauthorized access, data breaches, and cyberattacks. Professionals in this role assess vulnerabilities, implement security controls, and ensure APIs comply with industry standards. Responsibilities may include authentication, encryption, threat monitoring, and incident response to safeguard sensitive data.
What are the typical day-to-day responsibilities of someone working in API Security?
Professionals in API Security regularly review application and API designs for vulnerabilities, conduct security testing and code reviews, and monitor for emerging threats. Their day-to-day work involves collaborating with development teams to provide secure coding guidance, drafting security requirements, and responding quickly to incidents or potential breaches. They also update and implement security policies, stay current on the latest security trends, and often lead training sessions to raise awareness within the organization. This role requires both hands-on technical work and ongoing communication with other teams to ensure secure development practices and compliance with industry standards.
What is the highest paid security job?
What are the key skills and qualifications needed to thrive in the Api Security position, and why are they important?
To thrive in API Security, you need a strong understanding of web protocols, authentication, encryption, and vulnerability assessment, often supported by a degree in computer science or a related field. Familiarity with tools such as OWASP ZAP, Burp Suite, Postman, and certifications like CEH or CISSP is highly valued. Strong analytical thinking, attention to detail, and effective communication are crucial soft skills for this role. These capabilities are essential for identifying vulnerabilities, enforcing robust security measures, and clearly conveying risks and solutions to technical and non-technical stakeholders.

Lead Cybersecurity - Application Security Engineer - Dynamic, Runtime & API Security
Middletown, NJ
$59.75 - $80/hr
Full-time
Medical, Dental, Vision, Life, Retirement, PTO
Posted 13 days ago
AT&T rating
7.3
Based on 723 frontline employees who took The Breakroom Quiz
39th of 82 rated telecommunications companies
Job description
This position requires office presence of a minimum of 5 days per week and is only located in the location(s) posted. No relocation is offered.
Join AT&T and reimagine the communications and technologies that connect the world. Our Chief Security Office ensures that our assets are safeguarded through truthful transparency, enforce accountability and master cybersecurity to stay ahead of threats. Bring your bold ideas and fearless risk-taking to redefine connectivity and transform how the world shares stories and experiences that matter. When you step into a career with AT&T, you won't just imagine the future-you'll create it.
We are seeking an Application Security Engineer to strengthen the security of our applications and APIs through a combination of dynamic application security testing (DAST), runtime application self-protection (RASP), and API security engineering. This is an application security engineering role, not a traditional security operations position.
The ideal candidate is a security-minded engineer with strong hands-on experience in web application and API security, who understands modern application attacks and can translate that understanding into practical testing, protection, and remediation strategies. This role sits at the intersection of AppSec engineering and production defense, with responsibility for identifying exploitable vulnerabilities both before deployment and while applications are running in production, reducing risk from active attacks, misuse, and exposed application behavior.
This candidate will also evaluate and implement AI-assisted security capabilities to improve coverage, prioritization, and speed - such as intelligent scan orchestration, alert triage, anomaly detection for API abuse, and developer-facing remediation guidance - while ensuring results are valid, measurable, explainable, and safe for production use.
Job Summary:
You will own and scale dynamic security capabilities across theSoftware Delivery Lifecycle (SDLC)and production, with a strong emphasis on:
- DAST automationand integration into CI/CD pipelines
- RASP and in-process runtime protection(e.g., JVM/.NET CLR instrumentation)
- API Security engineeringfor internal and external/internet-facing endpoints, including edge/API gateway protections and continuous API discovery (shadow/zombie APIs)
This role is best suited for a candidate with anapplication security mindset first: someone who can assess real-world exploitability, validate findings, work directly with developers on durable remediation, and build or extend automation in code when existing tooling does not fully solve the problem.
You'll partner closely with security teams, platform teams, and developers to define policy, deploy controls safely, tune security tool detections, reduce false positives, and measurably improve security outcomes.
Detailed Job Description:
This role focuses on active defense for web applications and APIs through a combination of security testing, runtime instrumentation, and API protection. The candidate will help design and mature security programs that combine:
- Dynamic application and API testing to identify exploitable vulnerabilities, logic weaknesses, and misconfigurations as early as possible
- Runtime protection and instrumentation via runtime security principals and tools such as RASP to detect and, where appropriate, block exploit attempts in production, with an emphasis on protecting API traffic, application workflows, and business logic
- API security capabilities such as API gateway onboarding and policy enforcement, abuse prevention (e.g., scraping/bots), technical reviews and deep-dives, and continuous discovery of undocumented, unmanaged, or exposed APIs
Success in this role requires deep application security knowledge - including web and API attack patterns, authentication and authorization weaknesses, exploitability analysis, and vulnerability remediation - as well as ability to script, automate, integrate, and build lightweight solutions when commercial tooling is insufficient.
The right candidate will be comfortable moving between hands-on security testing, technical analysis, developer partnership, and security engineering automation, with a focus on reducing meaningful application risk.
Key Responsibilities:
AI-Assisted Security Engineering
- Identify practical opportunities to apply AI-assisted approaches across DAST, API testing, runtime telemetry, and security workflows (e.g., prioritization, correlation, anomaly detection, automated enrichment, and remediation support).
- Implement AI-enabled workflows to reduce false positives, improve triage efficiency, and accelerate remediation (e.g., intelligent deduplication, exploitability scoring, and auto-generated developer guidance with human review).
- Partner with platform and engineering teams to integrate AI-assisted and automated security capabilities into pipelines and operational processes in a measurable, repeatable, and secure way.
DAST & Dynamic Testing (Scale and Automation)
- Own the DAST lifecycle, including onboarding, authenticated scanning, scan orchestration, environment readiness, tuning, and false-positive reduction.
- Integrate DAST and automated API testing into CI/CD pipelines using repeatable, maintainable security-as-code patterns.
- Create standards and runbooks for scan profiles, test data, authentication/session handling, and release readiness criteria.
- Perform triage and validate exploitability of findings, distinguishing between theoretical issues and meaningful application risk.
- Translate findings into clear, actionable developer remediation guidance, and partner with teams to verify effective fixes.
API Security Engineering (Internet-Facing, Gateway, Discovery)
- Partner with API gateway and edge teams to implement and tune security controls such as schema/contract validation, request filtering, threat protections, rate limiting, and throttling.
- Drive API discovery and inventory capabilities to identify and govern "shadow" and "zombie" APIs and establish processes to bring them under security review and lifecycle management.
- Perform and automate security testing aligned to the OWASP API Security Top 10, including authorization failures such as BOLA/BFLA.
- Assess API exposure and abuse risk, including authentication/authorization weaknesses, object access patterns, input validation issues, data leakage, and business logic abuse.
- Help implement protections against abuse of exposed endpoints, including bot/automation defenses, scraping prevention, and volumetric misuse controls.
RASP & Runtime Active Defense (In-Process Instrumentation)
- Deploy, configure, and tune runtime security solutions (such as RASP) integrated into application runtimes (e.g., JVM, .NET CLR) to monitor execution and defend against attacks in production.
- Establish safe rollout patterns (detect-only tuned detection selective enforcement), with guardrails to minimize performance impact and avoid breaking application behavior.
- Analyze runtime telemetry to identify attack patterns such as injection attempts, exploitation chains, abnormal access behavior, and policy violations.
- Tune runtime protections based on observed application behavior and threat patterns, with a focus on reducing exploitability while supporting development teams in achieving long-term remediation.
- Collaborate closely with developers and architects to ensure runtime protections complement, rather than replace, secure design and code-level fixes.
Security Engineering & Collaboration
- Build and maintain metrics that reflect meaningful security outcomes, such as coverage, false-positive rate, exploit validation rate, time-to-triage, and time-to-remediation.
- Develop automation, integrations, scripts, and lightweight internal tooling to improve testing coverage, reduce manual effort, and extend security capabilities where needed.
- Create documentation, templates, and self-service enablement that help engineering teams adopt secure patterns and scale security practices.
- Support application/API-related security investigations by providing technical analysis, exploit context, and remediation guidance.
Qualifications / Requirements / Skills:
- 5+ years (or equivalent) of experience in application security, product security, offensive security, or secure software engineering with strong hands-on technical depth.
- Strong hands-on experience in web application and API security, including vulnerability identification, exploit validation, remediation support, and secure design considerations.
- Demonstrated ability to evaluate, implement, and operationalize AI-assisted security tooling/workflows (build vs. buy), with a focus on measurable improvements in signal quality, coverage, and remediation efficiency.
- Demonstrated experience scaling DAST and automated dynamic testing, including authenticated scanning, scan tuning, and CI/CD integration.
- Strong expertise in API security, including OAuth2/OIDC, JWT, API gateways, authorization testing, and testing techniques for REST and GraphQL APIs.
- Practical experience implementing and tuning RASP or similar in-process runtime protections in production environments.
- Deep understanding of the OWASP Top 10 and OWASP API Security Top 10, especially authorization failures (BOLA/BFLA), injection, SSRF, deserialization, security misconfiguration, and business logic abuse.
- Ability to write code and build technical solutions to automate workflows, develop integrations, create test harnesses/utilities, or build lightweight internal security tools when needed.
- Proficiency in one or more scripting/programming languages such as Python, Go, JavaScript, or Bash, with demonstrated ability to apply coding skills to security engineering problems.
- Strong understanding of modern application architectures, including APIs, microservices, cloud-native design patterns, authentication flows, and runtime environments.
- Working knowledge of cloud-native platforms and production concepts (containers, Kubernetes, observability/logging/tracing), with the ability to use that knowledge in support of application security engineering.
- Strong communication skills and the ability to translate security findings into clear, prioritized engineering actions for developers and stakeholders.
Nice-to-Haves / Preferred or Desired Skills:
- Experience developing internal security tools, custom integrations, reusable libraries, or testing frameworks to extend AppSec capabilities.
- Background in offensive security, adversarial testing, bug bounty, web exploitation, or vulnerability research.
- Experience applying analytics/ML concepts to security telemetry (behavior baselining, anomaly detection, clustering/deduplication) for APIs and runtime signals.
- Familiarity with AI-assisted secure SDLC use cases such as code/query generation for test cases, guided threat modeling, and intelligent fuzzing, with strong validation practices.
- Experience defining quality metrics for AI outputs (precision/recall proxies, FP/FN tracking, drift detection) and operating feedback loops.
- Experience with API discovery platforms and managing shadow/zombie API reduction programs (inventory, ownership, governance workflows).
- Hands-on experience with GraphQL-specific risks, including introspection exposure, depth/complexity attacks, and field-level authorization weaknesses.
- Experience designing safe enforcement strategies for production protections, including progressive rollout, canarying, SLO awareness, and performance testing.
- Familiarity with service mesh patterns (mTLS, traffic policies) and edge protections (WAF/WAAP concepts) as they relate to API protection.
- Relevant certifications such as OSWE, GIAC GWAPT/GWEB, or similar hands-on application security credentials.
Supervisor:
No
Our Lead Cybersecurity earns between$128,400-$192,600 USD Annual Not to mention all the other amazing rewards that working at AT&T offers. Individual starting salary within this range may depend on geography, experience, expertise, and education/training.
Joining our team comes with amazing perks and benefits:
- Medical/Dental/Vision coverage
- 401(k) plan
- Tuition reimbursement program
- Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays)
- Paid Parental Leave
- Paid Caregiver Leave
- Additional sick leave beyond what state and local law require may be available but is unprotected
- Adoption Reimbursement
- Disability Benefits (short term and long term)
- Life and Accidental Death Insurance
- Supplemental benefit programs: critical illness/accident hospital indemnity/group legal
- Employee Assistance Programs (EAP)
- Extensive employee wellness programs
- Employee discounts up to 50% off on eligible AT&T mobility plans and accessories,
- AT&T internet (and fiber where available) and AT&T phone.
#LI-Onsite - Full-time office role-
Ready to join our team? Apply today
Joining our team comes with amazing perks and benefits:
- Medical/Dental/Vision coverage
- 401(k) plan
- Tuition reimbursement program
- Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays)
- Paid Parental Leave
- Paid Caregiver Leave
- Additional sick leave beyond what state and local law require may be available but is unprotected
- Adoption Reimbursement
- Disability Benefits (short term and long term)
- Life and Accidental Death Insurance
- Supplemental benefit programs: critical illness/accident hospital indemnity/group legal
- Employee Assistance Programs (EAP)
- Extensive employee wellness programs
- Employee discount...