Senior API Security Engineer

Encora · Kuala Lumpur

ExclusifPubliée le 22 juin 2026

Candidature directe sur le site carrière de Encora — sans créer de compte.

Recevez les prochaines offres comme celle-ci par email

Une alerte gratuite pour postuler avant la foule — les offres arrivent en direct des pages carrière. Désinscription en un clic.

À propos du poste

Key Responsibilities: 
● API Logic Security: Hunt for Business Logic vulnerabilities (BOLA/IDOR, Mass 
Assignment) that traditional firewalls miss. 
● Authentication & Authorization: Design and validate OAuth2, OIDC, and JWT 
implementations to ensure users can only access their own data. 
● Attack Simulation: Script automated attacks against the API Gateway to test rate limiting 
and fraud detection rules. 
● Gateway Hardening: Work with the Platform team to configure the API Gateway (Kong, 
or Azure API Gateway) for maximum security. 
● Auth & Partner Integration: Deliver new security design patterns and components for 
authentication, authorization, SSO, MFA, and Partner security. Standardize how we 
consume external APIs (Open Banking) and how we secure our own exposed endpoints. 

Technical Requirements: 
● Strong scripting skills (Python) to automate API attacks. 
● Expertise in REST and GraphQL security. 
● Deep knowledge of OAuth 2.0 and OpenID Connect (OIDC) flows. 
● Experience with API Security tools (Postman, Burp Suite, 42Crunch).

Compétences

  • JavaScript
  • TypeScript
  • Python
  • Go
  • Rust
  • Java
  • Kotlin
  • Swift
  • C
  • C++
  • C#
  • Ruby
  • PHP
  • Scala
  • Elixir

Recevez les prochaines offres comme celle-ci par email

Une alerte gratuite pour postuler avant la foule — les offres arrivent en direct des pages carrière. Désinscription en un clic.

Offres similaires

Senior API Security Engineer — Encora · Real Job Offers