Jobs · Information Technology · Massachusetts

API Security Engineer

Moderna · Cambridge, MA · 5 days ago
Information Technology$146k–$234k/yrFull-time

About the role

This role is a Cybersecurity Engineer position at Moderna, focusing on API security across various applications, platform services, and AI-enabled use cases. The role involves designing, implementing, and maturing API security capabilities, working with engineering, architecture, and security teams, and addressing API security risks.

Responsibilities

  • Help design, implement, and mature Moderna’s API security capabilities across enterprise applications, shared services, integrations, and AI-related platforms.
  • Support the evaluation, deployment, and operationalization of API security technologies used for API discovery, posture assessment, traffic monitoring, anomaly detection, and policy enforcement.
  • Partner with application, platform, and engineering teams to identify insecure API designs, weak authentication or authorization patterns, excessive data exposure, and other common API security risks.
  • Perform API-focused threat modeling and security assessments for modern services, microservices, integrations, and AI-enabled workflows.
  • Define and promote secure API engineering practices, including strong authentication, authorization, rate limiting, schema validation, secrets handling, and secure service-to-service communication.
  • Help shape security approaches for non-human and agentic identity models, including how services, automation, and software agents authenticate to APIs, obtain scoped access, and interact with sensitive systems safely.
  • Analyze API telemetry and findings to identify abuse paths, misconfigurations, shadow APIs, and control gaps, then work with stakeholders to drive remediation.
  • Collaborate with broader security teams to connect API security findings with cloud, application, identity, and detection engineering workflows.
  • Provide practical engineering guidance that helps teams improve API security while preparing for new trust and identity challenges introduced by automation and AI-enabled systems.

Requirements

  • 5+ years of experience in cybersecurity, application security, platform security, or a related engineering discipline, with meaningful hands-on experience in API security.
  • A strong understanding of API security risks and controls, including authentication, authorization, token handling, rate limiting, data exposure, input validation, and service-to-service trust models.
  • Experience assessing or securing REST, GraphQL, or other modern API patterns in cloud-native or distributed application environments.
  • Experience working with engineering and platform teams to improve API design, security posture, and operational controls.
  • Familiarity with API gateways, service meshes, reverse proxies, or related control points used to secure and observe API traffic.
  • Ability to perform threat modeling and technical risk assessments for APIs, integrations, backend services, and machine-to-machine interaction patterns.
  • Familiarity with cloud and application security fundamentals, including identity, secrets management, logging, and common security design patterns.
  • Working knowledge of identity and access concepts relevant to non-human identities, workload identities, and emerging agentic access patterns is strongly preferred.
  • Strong analytical and troubleshooting skills, with the ability to turn technical findings into pragmatic remediation guidance.
  • Strong written and verbal communication skills, with the ability to work across technical and non-technical stakeholder groups.

Qualifications

  • Strong understanding of API security risks and controls, including authentication, authorization, token handling, rate limiting, data exposure, input validation, and service-to-service trust models.
  • Experience assessing or securing REST, GraphQL, or other modern API patterns in cloud-native or distributed application environments.
  • Experience working with engineering and platform teams to improve API design, security posture, and operational controls.
  • Familiarity with API gateways, service meshes, reverse proxies, or related control points used to secure and observe API traffic.
  • Ability to perform threat modeling and technical risk assessments for APIs, integrations, backend services, and machine-to-machine interaction patterns.
  • Familiarity with cloud and application security fundamentals, including identity, secrets management, logging, and common security design patterns.
  • Working knowledge of identity and access concepts relevant to non-human identities, workload identities, and emerging agentic access patterns is strongly preferred.
  • Strong analytical and troubleshooting skills, with the ability to turn technical findings into pragmatic remediation guidance.
  • Strong written and verbal communication skills, with the ability to work across technical and non-technical stakeholder groups.

Skills

  • Strong understanding of API security risks and controls, including authentication, authorization, token handling, rate limiting, data exposure, input validation, and service-to-service trust models.
  • Experience assessing or securing REST, GraphQL, or other modern API patterns in cloud-native or distributed application environments.
  • Experience working with engineering and platform teams to improve API design, security posture, and operational controls.
  • Familiarity with API gateways, service meshes, reverse proxies, or related control points used to secure and observe API traffic.
  • Ability to perform threat modeling and technical risk assessments for APIs, integrations, backend services, and machine-to-machine interaction patterns.
  • Familiarity with cloud and application security fundamentals, including identity, secrets management, logging, and common security design patterns.
  • Working knowledge of identity and access concepts relevant to non-human identities, workload identities, and emerging agentic access patterns is strongly preferred.
  • Strong analytical and troubleshooting skills, with the ability to turn technical findings into pragmatic remediation guidance.
  • Strong written and verbal communication skills, with the ability to work across technical and non-technical stakeholder groups.

Benefits

At Moderna, we offer competitive healthcare, family planning benefits, generous paid time off, savings and investments, and location-specific perks and extras. The salary range for this role is $145,900.00 - $234,200.00. This is the lowest to highest salary we in good faith believe we would pay for this role at the time of this posting. An individual’s position within the salary range will be based on several factors including, but not limited to, specific competencies, relevant education, qualifications, certifications, experience, skills, performance, and business or organizational needs.

Pay & Benefits

The salary range for this role is $145,900.00 - $234,200.00. This is the lowest to highest salary we in good faith believe we would pay for this role at the time of this posting. An individual’s position within the salary range will be based on several factors including, but not limited to, specific competencies, relevant education, qualifications, certifications, experience, skills, performance, and business or organizational needs.

Similar jobs

API Security Engineer

BioSpaceCambridge, MA· 2 days ago
Information Technology$146k–$234k/yrapply on jobs.biospace.com

API Security Engineer

STAFFXPERT LLCCharlotte, NC· 3 days ago
Engineeringapply on candidateportal.ceipal.com

Application Security Engineer

Purpose Brands, LLCBoca Raton, FL· 3 wk ago
Information Technology$120k–$140k/yrapply on purposebrands.wd503.myworkdayjobs.com