Job Description

BEPC has an open position for an API Security Engineer

Location: Plano, TX

Benefits: Medical, Dental, Vision, and Life Insurance

Pay Rate: $90.00 – $95.58 Per hour with weekly pay!!!

Term: 12-month contract with possible extensions or permanency based on performance

Shift: 1st shift from 8:00 AM to 5:00 PM, Mon-Fri

Requirements: BA Degree // 3–5 years of experience API Security, strong understanding of RESTful & GraphQL and Familiarity with OWASP API Security Top 10 and secure coding practices.

*****NO CORP-TO-CORP CANDIDATES WILL BE CONSIDERED*****

Job Description:

We are seeking a knowledgeable and proactive API Security Engineer to join our security team. In this critical role, you will lead efforts to secure APIs across the organization. You will identify vulnerabilities, implement industry-leading security practices, and work closely with development and DevOps teams to ensure APIs are secure by design and resilient in production.

What you’ll be doing:

• Design and implement security controls for APIs across internal and external applications.
• Conduct API security assessments, including penetration testing, fuzzing, and vulnerability scanning.
• Monitor API traffic for anomalies, abuse, and potential threats using API gateways and security tools.
• Collaborate with development and DevOps teams to integrate security into the API lifecycle (design, development, testing, deployment).
• Define and enforce API security standards, including authentication, authorization, rate limiting, and encryption.
• Develop and maintain API security policies and documentation.
• Stay current with emerging API threats, vulnerabilities, and security technologies.
• Assist in incident response and forensic analysis related to API security breaches.
• Evaluate and implement API security tools such as WAFs, API gateways, and runtime protection platforms.

What You Bring:

· Bachelor’s degree in computer science, Cybersecurity, or a related field (or equivalent experience).

· 3+ years of experience in application or API security.

· Strong understanding of RESTful and GraphQL APIs, OAuth2, JWT, and API authentication mechanisms.

· Experience with API gateways including configuring authentication, authorization, rate limiting, and threat protection policies (e.g., Apigee, AWS API Gateway, Kong, Azure API Management).

· Familiarity with OWASP API Security Top 10 and secure coding practices.

· Hands-on experience with tools like Postman, Burp Suite, OWASP ZAP, or similar.

· Knowledge of common API vulnerabilities such as injection, broken authentication, excessive data exposure, etc.

Added bonus if you have:

· Certifications such as:

· GIAC Web Application Penetration Tester (GWAPT)

· Certified API Security Professional (by APIsec University)

· Offensive Security Web Expert (OSWE)

· Experience with DevSecOps and CI/CD pipeline integration.

· Familiarity with cloud-native API security in AWS, Azure, or GCP.

· Familiarity with securing and managing API gateways, including policy enforcement, traffic monitoring, and integration with identity providers. Scripting or programming experience (Python, JavaScript, etc.)

Job Tags

Similar Jobs