Application & API Security Consultant

JOB DESCRIPTION

Location: Hybrid | Downtown, Toronto

Duration: 6 months

Our client a leading financial institution in Downtown Toronto is looking for a Application & API Security Consultant to collaborate with development, operations, and security teams to deploy the API Runtime Protection solution within the bank’s cloud and on-prem infrastructure. The successful candidate will have the opportunity to work with one of the Top 5 Banks in Canada.

Typical Day in role:

Project Name: API Protection Platform Rollout

  • The API Security Consultant’s Day is fast-paced and dynamic. They collaborate with other members of the Application Security team, Vendor, Architecture, Risk and API Governance to help deploy and configure the API Runtime Protection Platform. This involves integrating the new platform with existing systems, planning the deployment process, and following established procedures.
  • The consultant also assists in developing processes, procedures, and controls for the new API Runtime Protection capability. They research industry best practices, review existing policies, and create new documentation. Additionally, they work with engineering teams to automate security processes and controls, streamlining security and reducing manual errors.
  • In an Agile environment, the consultant adapts to changing priorities, participates in daily stand-ups, and provides regular updates to stakeholders. They prioritize tasks, communicate effectively, and work closely with teams to achieve their goals. The consultant’s primary objective is to deliver high-quality results and ensure the security of the bank’s APIs.
  • Throughout the day, the consultant engages with internal teams and vendors, providing updates, answering questions, and addressing concerns. They document processes and configurations, ensuring that everything is organized and easy to understand. The consultant’s expertise and adaptability are essential in ensuring the successful delivery of the project. By working collaboratively and prioritizing tasks effectively, the consultant helps to drive the implementation forward and achieve the project’s objectives.

 

Key Responsibilities:

  • API Runtime Protection Platform Deployment: Collaborate with development, operations, and security teams to deploy the API Runtime Protection solution within the bank’s cloud and on-prem infrastructure.
  • Process, Procedures, and Controls Deployment: Assist in the development of processes, procedures, and controls for the new API Runtime Protection capability.
  • Automation: Collaborate with engineering teams to automate security processes and controls.
  • Stakeholder Engagement and Documentation: Liaise with internal teams and vendors to drive implementation forward, document processes and configurations, and provide regular updates to senior leadership.

Must-Have Skills:

  • 4 years of experience in Application & API security or DevSecOps
  • Strong knowledge of API protocols/frameworks (e.g., REST, SOAP, GraphQL, gRPC) and API gateways (e.g., Apigee, Kong)
  • Understanding of OWASP API Security Top 10 and secure coding practices
  • Familiarity with Kubernetes, Docker, and CI/CD tools (e.g., Jenkins, GitHub Actions)
  • Experience working in cloud environments such as AWS, Azure, or GCP
  • Scripting skills (e.g., Python, Bash) for automation and monitoring tasks 

Nice-To-Have Skills:

  • Knowledge of API Runtime Protection Platforms such as SALT Security, Traceable.ai, Akamai API Security
  • Experience with API Security frameworks (NIST 800-228) and API Security Testing tools (DAST, AST, etc.)
  • Knowledge of data residency requirements and compliance frameworks (e.g., GDPR, PCI-DSS, NIST CSF)
  • Security certifications such as CISSP, CSSLP, CASP, CEH, or Certified DevSecOps Engineer

Soft Skills Required:

  • Strong Verbal and Written Communication Skill, Motivated, Problem Solving 

Education:

  • Highest Education

Finance professional is committed to creating an inclusive environment where all team members and clients feel like they belong. We seek applicants with a wide range of abilities and we provide an accessible candidate experience. We advocate for you and welcome anyone regardless of race, color, religion, national origin, sex, physical or mental disability, or age.