ZERONOISE
ZERONOISE
Back to Signal
Ghost Lynx

API Security Engineer

MidOffensive Security & AI Red TeamingRemoteSydney, NSW
$195k
Actively Looking

Quick Match Check

Company Size

Scale-up (100-1000)

Company Type

TechFintechSaaS

Key Skills

OWASP API Security Top 10OpenAPI/SwaggerDAST/SAST (e.g., ZAP, Burp Suite)Python (for automation)Kubernetes/DockerAWS SecurityCI/CD Integration (e.g., Jenkins, GitLab CI)WAF/API Gateway Security

Roles Worked

Application Security Engineer
Software Developer
Security Champion

Industry Experience

TechSaaSFintech

CyberSec People will make the introduction

Skills Assessment

1st PrinciplesCode BiasTech DepthCuriosityWar Stories7.07.07.08.07.0
1st Principles7/10

Breaks down complex problems into fundamental truths and builds solutions from the ground up

Code Bias7/10

Prefers building and shipping code over meetings and documentation

Tech Depth7/10

Deep technical expertise across security domains, tools, and architectures

Curiosity8/10

Constantly learning, experimenting, and staying ahead of emerging threats

War Stories7/10

Battle-tested experience solving real-world security incidents and challenges

Profile Summary

This API Security Engineer builds robust security into the core of application development, focusing on automating vulnerability detection and prevention. They are passionate about shifting security left, empowering development teams at companies like Airwallex to write secure code from the outset and integrate security seamlessly into the CI/CD pipeline.

Problems Solved

  • Implemented automated API security testing within CI/CD, reducing critical API vulnerabilities found in production by 40% over 12 months.
  • Developed and deployed custom WAF rulesets for critical API endpoints, blocking over 15,000 malicious requests weekly and preventing potential data breaches.
  • Streamlined API security review processes, decreasing the average time-to-production for new API features by 25% while maintaining security standards.

What They Build

They build and integrate security tools and processes specifically for API ecosystems, including automated testing frameworks, custom security policies, and developer-friendly security guidelines. Their work ensures APIs are secure by design and continuously monitored for threats.

What Would Make Them Move

Looking for a mid-level AppSec role where I can transition from pure development into security full-time. Want a company that values developers who understand security — not just security people who read code. Pair reviews and threat modeling are my thing.

Mission & Values

Driven to help teams build security into the development lifecycle. Believe in shifting left and empowering developers to write secure code.

Growth Areas

LeadershipStrategic ThinkingTeam Building

Open to

Mid Application Security RoleSecurity LeadershipTechnical Architecture