USI - FY26 - Cyber Enterprise Security - API Security - SSA

Job title: API Security Senior Consultant

About

At Deloitte, we do not offer you just a job, but a career in the highly sought-after risk Management field. We are one of the business leaders in the risk market. We work with a vision to make the world more prosperous, trustworthy, and safe. Deloittes clients, primarily based outside of India, are large, complex organizations that constantly evolve and innovate to build better products and services. In the process, they encounter various risks and the work we do to help them address these risks is increasingly important to their successand to the strength of the economy and public security.

By joining us, you will get to work with diverse teams of professionals who design, manage, and implement risk-centric solutions across a variety of domains. In the process, you will gain exposure to the risk-centric challenges faced in todays world by organizations across a range of industry sectors and become subject matter experts in those areas.

Our Risk and Financial Advisory services professionals help organizations effectively navigate business risks and opportunitiesfrom strategic, reputation, and financial risks to operational, cyber, and regulatory risksto gain competitive advantage. We apply our experience in ongoing business operations and corporate lifecycle events to help clients become stronger and more resilient. Our market-leading teams help clients embrace complexity to accelerate performance, disrupt through innovation, and lead in their industries. We use cutting-edge technology like AI/ML techniques, analytics, and RPA to solve Deloittes clients most complex issues. Working in Risk and Financial Advisory at Deloitte US-India offices has the power to redefine your ambitions.

 The Team

Work youll do

Roles & Responsibilities:

As a Senior Consultant in the API Security domain, you are responsible for adhering to the defined operating procedures and guidelines in the API security services, which includes the following:

       Support and consult with development and engineering teams in the areas of API security to discover and inventory all APIs and their exposed data across environments.

       Integrate automated security testing (e.g., SAST, DAST, API-specific scanners) into CI/CD pipelines.Provide remediation guidance and support to development teams for identified vulnerabilities.

       Implement and enforce security guardrails for API development, including authentication, authorization, and data protection.

       Collaborate with DevOps, cloud, and security teams to ensure consistent delivery of secure APIs and microservices.

       Stay current with emerging API security threats, tools, and best practices.

       Monitor API traffic for anomalous behavior and potential threats.

       Research and help develop security solutions to help secure applications (API Security, Data Protection, Identity Protection)

       Experience working with AWS or other cloud environments (development/architecture)

       Experience with cloud and API security standards (OWASP API Top 10, CIS Top 20)

       Perform security risk assessments for all proposed application-related (APIs) changes.

Required skills

• • • • 5+ years of experience in software development in one or more of the following programming languages, .NET, Python, Java/Springboot (REST), JavaScript (Node/React), and/or Go
      • Experience with tools like OWASP ZAP, Veracode, Postman, etc.
      • 3+ years of experience with API Security (Design patterns, Architecture, B2B/A2A/B2C Integration)
      • Experience with API security tools like Noname, Salt, Neosec, etc.
      • Experience with API Management solutions like Mulesoft, Apigee, etc.
      • Technical and foundational knowledge of software engineering, computer systems, security engineering, authentication, and/or applied cryptography.
      • Excellent knowledge of all web technologies, especially web services, web applications, Service Oriented Architectures, and network/web protocols
      • Knowledge of application threat modeling, Remediation of OWASP API Top 10, CIS Top 10, SANS Top 25 a plus
      • Strong understanding of authentication (OAuth2, JWT), authorization, and encryption for APIs.
      • Familiarity with cloud-native environments, containers, and microservices architectures.
      • Experience with attacker tactics, techniques, and procedures, and corresponding mitigation methods.
      • Sound knowledge of all procedures, standards, and regulations for authorization and authentication, applied cryptography, and security vulnerabilities.

Qualification

       Bachelor's degree or higher in Computer Science, or equivalent experience.

       Experience with application monitoring, Managed Services business primarily on DevOps, Threat and Vulnerability Management for Application infrastructure, source code verification, link analysis, and threat modeling.

       Solid and demonstrable comprehension of Information Security including OWASP/SANS, Security Test Case development (or mis-use case), OOAD notations, emerging threats, attacks, and vulnerability management.

       Experience with automated monitoring, alerting, and incident response for APIs.

       Knowledge of regulatory and compliance requirements relevant to API security.

       Ability to research and characterize security threats to include identification and classification of application related threat indicators.

       Certification such as SANS Secure Coding, Security Engineering, Web Application Security, ISC2 CSSLP, OSCP etc. are preferred. 

Good to have:

• • • • Experience with integrating and operating SAST tools to identify code-level vulnerabilities early in the development lifecycle.
      • Familiarity with DAST tools and methodologies for identifying runtime vulnerabilities in web applications and APIs.
      • Proficiency in using SCA tools to detect and manage risks from third-party and open-source components,
      • CI/CD integration
      • Hands-on experience embedding security controls and automated testing (SAST, DAST, SCA) into CI/CD pipelines

How youll grow

At Deloitte, weve invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunitiesincluding exposure to leaders, sponsors, coaches, and challenging assignmentsto help accelerate their careers along the way. No two people learn in the same way. So, we provide a range of resources including live classrooms, team-based learning, and eLearning. DU: The Leadership Center in India, our state-of-the-art, world-class learning Center in the Hyderabad offices is an extension of the Deloitte University (DU) in Westlake, Texas, and represents a tangible symbol of our commitment to our peoples growth and development. Explore DU: The Leadership Center in India.

Deloittes culture

Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. Deloitte is committed to achieving diversity within its workforce, and encourages all qualified applicants to apply, irrespective of gender, age, sexual orientation, disability, culture, religious and ethnic background. We offer well-being programs and are continuously looking for new ways to maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte.

Corporate citizenship

Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with Deloittes clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloittes impac