USI - FY26 - Cyber Enterprise Security - API Security - SA

• Support and consult with development, engineering teams for API security to discover and inventory all APIs and their exposed data across environments. 
• Integrate automated security testing (e.g., SAST, DAST, API-specific scanners) into CI/CD pipelines. Provide remediation guidance and support to development teams for identified vulnerabilities. 
• Implement and enforce security guardrails for API development, including authentication, authorization, and data protection. Collaborate with DevOps, cloud, and security teams to ensure consistent delivery of secure APIs and microservices. 
• Monitor API traffic for anomalous behavior and potential threats. 
• Stay current with emerging API security threats, tools, and best practices. 
• Research and help develop security solutions to help secure applications (API Security, Data Protection, Identity Protection) 
• Experience working with AWS or other cloud environments (development/architecture) 
• Experience with cloud and API security standards (OWASP API Top 10, CIS Top 20) 
• Perform security risk assessments for all proposed application-related (APIs) changes. 

• 3-5 years of experience in software development in one or more of the following programming languages, .NET, Python, Java/Springboot (REST), JavaScript (Node/React), and/or Go 
• Experience with tools like OWASP ZAP, Veracode, Postman, etc. 
• 2+ years of experience with API Security (Design patterns, Architecture, B2B/A2A/B2C Integration) 
• Experience with API security tools like Noname, Salt, Neosec, etc. 
• Experience with API Management solutions like Mulesoft, Apigee, etc. 
• Technical and foundational knowledge of software engineering, computer systems, security engineering, authentication, and/or applied cryptography. 
• Excellent knowledge of all web technologies, especially web services, web applications, Service Oriented Architectures, and network/web protocols 
• Knowledge of application threat modeling, Remediation of OWASP API Top 10, CIS Top 10, SANS Top 25 a plus 
• Strong understanding of authentication (OAuth2, JWT), authorization, and encryption for APIs. 
• Familiarity with cloud-native environments, containers, and microservices architectures. 
• Experience with attacker tactics, techniques, and procedures, and corresponding mitigation methods. 
• Sound knowledge of all procedures, standards, and regulations for authorization and authentication, applied cryptography, and security vulnerabilities. 

About Company

Deloitte is a global professional services firm that provides a wide range of services, including audit and assurance, consulting, tax, risk management, and financial advisory. With a presence in over 150 countries and a network of member firms, Deloitte serves clients across various industries, helping them solve complex business challenges, improve operations, and innovate. Known for its expertise in management consulting, technology solutions, and strategy, Deloitte is one of the Big Four accounting firms and is recognized for its commitment to quality, integrity, and making an impact in the marketplace.