Key Responsibilities:
● API Logic Security: Hunt for Business Logic vulnerabilities (BOLA/IDOR, Mass
Assignment) that traditional firewalls miss.
● Authentication & Authorization: Design and validate OAuth2, OIDC, and JWT
implementations to ensure users can only access their own data.
● Attack Simulation: Script automated attacks against the API Gateway to test rate limiting
and fraud detection rules.
● Gateway Hardening: Work with the Platform team to configure the API Gateway (Kong,
or Azure API Gateway) for maximum security.
● Auth & Partner Integration: Deliver new security design patterns and components for
authentication, authorization, SSO, MFA, and Partner security. Standardize how we
consume external APIs (Open Banking) and how we secure our own exposed endpoints.
Technical Requirements:
● Strong scripting skills (Python) to automate API attacks.
● Expertise in REST and GraphQL security.
● Deep knowledge of OAuth 2.0 and OpenID Connect (OIDC) flows.
● Experience with API Security tools (Postman, Burp Suite, 42Crunch).
Coforge Limited is a global AI-native engineering and digital services leader, where artificial intelligence is core to how we design, build, and deliver intelligent, scalable solutions for enterprises across BFSI, travel, transportation, healthcare, and insurance.
Key team members
Partha Anbil
Brian Glidden
Mike Himley
Rajeev Pandey
Jobr aggregates jobs directly from company career portals — no middlemen. Our team applies on your behalf with AI-tailored resumes, reviewed by a human before submission.