**Introduction** We are looking for a passionate and detail-oriented Junior API Security Consultant to join our cybersecurity team. This role is ideal for someone with foundational experience in API development or security and a strong interest in securing modern applications. You will support senior consultants in assessing and improving API security, including hands-on testing and secure design practices. **Your role and responsibilities** '- Assist in conducting Vulnerability Assessment and Penetration Testing (VAPT) on APIs using industry-standard tools. - Support Static Application Security Testing (SAST) efforts to identify insecure coding patterns in API source code. - Help review API specifications (OpenAPI/Swagger) for potential security gaps. - Collaborate with development teams to implement secure API design and coding practices. - Participate in the integration of security controls into CI/CD pipelines. - Document findings, remediation steps, and best practices for internal and client use. - Stay updated on API security trends, tools, and vulnerabilities. **Required technical and professional expertise** Experience: - 1-3 years of experience in application development, cybersecurity, or API support. - Basic understanding of RESTful and GraphQL APIs, including authentication methods (OAuth2, JWT). - Exposure to VAPT tools such as Burp Suite, OWASP ZAP, Postman, or similar. - Familiarity with SAST tools like SonarQube, Checkmarx, Fortify or equivalent. - Awareness of OWASP API Security Top 10 and secure coding principles. - Basic scripting or programming skills (e.g., Python, JavaScript). - Exposure to cloud platforms (AWS, Azure, GCP) and API gateways. - Understanding of DevSecOps concepts and CI/CD integration. Soft Skills: - Strong analytical and problem-solving abilities with keen attention to detail. **Preferred technical and professional experience** Preferred Certifications - API Security Fundamentals (Cloud Academy, Salt Security, etc.) - CompTIA Security+, CySA+, or equivalent - Familiarity with MITRE ATT&CK for APIs or OWASP API Security IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.