USI - FY26 - Cyber Enterprise Security - API Security - SA

Cyber

Deloitte Cyber understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful insights to help our clients navigate the ever-changing threat landscape. Through powerful insights and managed services that simplify complexity, we enable businesses to operate with resilience, grow with confidence, and proactively manage to secure achievements.

Position Summary

Level: Solution Advisor

Work you'll do:

As a Consultant in the API Security domain, you are responsible following activities to secure APIs:

• Support and consult with development, engineering teams for API security to discover and inventory all APIs and their exposed data across environments.

• Integrate automated security testing (e.g., SAST, DAST, API-specific scanners) into CI/CD pipelines. Provide remediation guidance and support to development teams for identified vulnerabilities.

• Implement and enforce security guardrails for API development, including authentication, authorization, and data protection.

• Collaborate with DevOps, cloud, and security teams to ensure consistent delivery of secure APIs and microservices.

• Monitor API traffic for anomalous behavior and potential threats.

• Stay current with emerging API security threats, tools, and best practices.

• Research and help develop security solutions to help secure applications (API Security, Data Protection, Identity Protection)

• Experience working with AWS or other cloud environments (development/architecture)

• Experience with cloud and API security standards (OWASP API Top 10, CIS Top 20)

• Perform security risk assessments for all proposed application-related (APIs) changes.

The Team:

Enterprise Security teams embed cybersecurity across all facets of digital transformation by securing a client's technical infrastructure, while enabling innovation and agility. Their services span security architecture, secure development, cloud cyber capabilities, application and emerging technology security, and secure-by-design initiatives. DevSecOps further integrates automated security into the software development lifecycle, embedding testing and remediation within CI/CD pipelines for agile, risk-aware deployment. Through Deloitte's DevSecOps framework, teams drive operational efficiency and secure design principles, ensuring robust protection in cloud and application environments.

Qualifications

Must Have Skills/Project Experience/Certifications:

• 3-5 years of experience in software development in one or more of the following programming languages, .NET, Python, Java/Springboot (REST), JavaScript (Node/React), and/or Go

• Experience with tools like OWASP ZAP, Veracode, Postman, etc.

• 2+ years of experience with API Security (Design patterns, Architecture, B2B/A2A/B2C Integration)

• Experience with API security tools like Noname, Salt, Neosec, etc.

• Experience with API Management solutions like Mulesoft, Apigee, etc.

• Technical and foundational knowledge of software engineering, computer systems, security engineering, authentication, and/or applied cryptography.

• Excellent knowledge of all web technologies, especially web services, web applications, Service Oriented Architectures, and network/web protocols

• Knowledge of application threat modeling, Remediation of OWASP API Top 10, CIS Top 10, SANS Top 25 a plus

• Strong understanding of authentication (OAuth2, JWT), authorization, and encryption for APIs.

• Familiarity with cloud-native environments, containers, and microservices architectures.

• Experience with attacker tactics, techniques, and procedures, and corresponding mitigation methods.

• Sound knowledge of all procedures, standards, and regulations for authorization and authentication, applied cryptography, and security vulnerabilities.

Good to Have Skills/Project Experience/Certifications:

• Experience with application monitoring, Managed Services business primarily on DevOps, Threat and Vulnerability Management for Application infrastructure, source code verification, link analysis, and threat modeling.

• Solid and demonstrable comprehension of Information Security including OWASP/SANS, Security Test Case development (or mis-use case), OOAD notations, emerging threats, attacks, and vulnerability management.

• Experience with automated monitoring, alerting, and incident response for APIs.

• Knowledge of regulatory and compliance requirements relevant to API security.

• Ability to research and characterize security threats to include identification and classification of application related threat indicators.

• Certification such as SANS Secure Coding, Security Engineering, Web Application Security, ISC2 CSSLP, OSCP etc. are preferred.

• Experience with integrating and operating SAST tools to identify code-level vulnerabilities early in the development lifecycle.

• Familiarity with DAST tools and methodologies for identifying runtime vulnerabilities in web applications and APIs.

• Proficiency in using SCA tools to detect and manage risks from third-party and open-source components,
  
  CI/CD integration

• Hands-on experience embedding security controls and automated testing (SAST, DAST, SCA) into CI/CD pipelines

Education:

• Bachelor's degree or higher in Computer Science, or equivalent experience.

Location:

Bangalore, Hyderabad, Pune, Chennai, Kolkata

Our purpose

Deloitte's purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities.

Our people and culture

Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work.

Professional development

At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India.

Benefits to help you thrive

At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you.

Recruiting tips

From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters.

Requisition code: 316231