Companies Encora Senior API Security Engineer

About the role

Encora · Onsite

Key Responsibilities: 
● API Logic Security: Hunt for Business Logic vulnerabilities (BOLA/IDOR, Mass 
Assignment) that traditional firewalls miss. 
● Authentication & Authorization: Design and validate OAuth2, OIDC, and JWT 
implementations to ensure users can only access their own data. 
● Attack Simulation: Script automated attacks against the API Gateway to test rate limiting 
and fraud detection rules. 
● Gateway Hardening: Work with the Platform team to configure the API Gateway (Kong, 
or Azure API Gateway) for maximum security. 
● Auth & Partner Integration: Deliver new security design patterns and components for 
authentication, authorization, SSO, MFA, and Partner security. Standardize how we 
consume external APIs (Open Banking) and how we secure our own exposed endpoints. 

Technical Requirements: 
● Strong scripting skills (Python) to automate API attacks. 
● Expertise in REST and GraphQL security. 
● Deep knowledge of OAuth 2.0 and OpenID Connect (OIDC) flows. 
● Experience with API Security tools (Postman, Burp Suite, 42Crunch).

Ready to apply to Encora?
Apply to Encora
Apply now
🤖

Whoa — hold up

JobsRadar was built for real people having a rough time in their job search — not for automated requests. You're clicking way too fast and you're now temporarily blocked.

Come back later. If you're genuinely job hunting, we've got your back — just act like a human.

Catch your next role the second it’s posted.

Create a free account and we’ll watch the boards for you — the instant a job matches your search, it lands in your inbox or Telegram. No digging, no refreshing.

Create free account

Free forever · takes 30 seconds · already have one?

Get the worldwide-remote edge.

Join our Telegram channel for the stuff that helps you land the role — salary benchmarks, the weekly market pulse, and new-feature drops. No spam, just signal.

Join the channel — it's free