Web & API Security Engineer

Join to apply for the Web & API Security Engineer role at Axos Business Center

2 days ago Be among the first 25 applicants

Join to apply for the Web & API Security Engineer role at Axos Business Center

Get AI-powered advice on this job and more exclusive features.

About This Job
We’re seeking a highly skilled Web & API Security Engineer with deep offensive security expertise. This is a hands-on role focused on identifying and exploiting vulnerabilities in modern web applications and APIs. You’ll simulate real-world attacks, uncover complex flaws, and collaborate directly with engineering teams to strengthen our platform’s defenses. If you thrive on manual testing, creative problem-solving, and thinking like an adversary, this role is built for you.

Axos Business Center, Corp
About This Job
We’re seeking a highly skilled Web & API Security Engineer with deep offensive security expertise. This is a hands-on role focused on identifying and exploiting vulnerabilities in modern web applications and APIs. You’ll simulate real-world attacks, uncover complex flaws, and collaborate directly with engineering teams to strengthen our platform’s defenses. If you thrive on manual testing, creative problem-solving, and thinking like an adversary, this role is built for you.
As a Web & API Security Engineer, you will:

• Conduct manual security testing of production-grade web apps and APIs (REST, GraphQL, gRPC)
• Identify advanced vulnerabilities beyond standard CVEs — including logic flaws, authentication bypasses, and chained exploits
• Simulate adversarial behavior and design attack paths that mimic real-world threat actors
• Analyze and exploit security controls such as WAFs, rate limits, and token-based auth systems
• Document findings clearly for engineering teams, enabling fast and effective remediation
• Explore edge cases and abuse scenarios that automated tools often miss
  

You’ll have full autonomy over your testing strategy, tools, and targets — and your work will directly impact the security of our platform.
Qualifications:

• Proven experience in manual penetration testing of web applications and APIs
• Deep understanding of HTTP, cookies, sessions, JWTs, CORS, and authentication flows
• Expertise in AuthN/AuthZ vulnerabilities (e.g., OAuth abuse, IDOR, BOLA, SSO bypass)
• Familiarity with API attack vectors such as schema enforcement issues, replay attacks, and parameter pollution
• Proficiency with tools like Burp Suite Pro, Postman, ffuf, sqlmap, jwt_tool, mitmproxy, and scripting in Python or Bash
• Strong threat modeling mindset — you think in terms of abuse cases, not just known vulnerabilities
  

Ideal Traits:

• Operates independently with a red team mindset
• Demonstrates extreme ownership and attention to detail
• Thrives in a fast-paced, high-accountability environment
• Passionate about security and driven to uncover the unexpected
  

About Axos
Born digital-first, Axos delivers financial tools and services that allow individuals, small businesses, and companies to access and manage their money how, when, and where they want. We’re a diverse team of dynamic, insightful, and independent innovators who are excited to provide technology-driven solutions that offer unbeatable value to our customers.
Axos Financial is our holding company and is publicly traded on the New York Stock Exchange under the symbol "AX" (NYSE: AX).
Learn More about working at Axos Business Center
Pre-Employment Background Check, Medical, and Drug Test:
All offers are contingent upon the candidate successfully passing a credit check, criminal background check, and pre-employment medical and drug screening.
Equal Employment Opportunity:
Axos is an Equal Opportunity employer. We are committed to providing equal employment opportunities to all employees and applicants without regard to race, religious creed, color, sex (including pregnancy, breast feeding and related medical conditions), gender, gender identity, gender expression, sexual orientation, national origin, ancestry, citizenship status, military and veteran status, marital status, age, protected medical condition, genetic information, physical disability, mental disability, or any other protected status in accordance with all applicable federal, state, and local laws.
Job Functions and Work Environment:
While performing the duties of this position, the employee is required to sit for extended periods of time. Manual dexterity and coordination are required while operating standard office equipment such as computer keyboard and mouse, calculator, telephone, copiers, etc.
The work environment characteristics described here are representative of those an employee may encounter while performing the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position. Seniority level

• Seniority level Entry level

Employment type

• Employment type Full-time

Job function

• Job function Information Technology
• Industries Banking, Financial Services, and Investment Banking

Referrals increase your chances of interviewing at Axos Business Center by 2x

Sign in to set job alerts for “Security Engineer” roles. Jr. Cybersecurity Operations Center Analyst

Pasay, National Capital Region, Philippines 2 days ago

Manila, National Capital Region, Philippines 3 months ago

Pasig, National Capital Region, Philippines 2 weeks ago

National Capital Region, Philippines 1 week ago

Manila, National Capital Region, Philippines 2 days ago

Makati, National Capital Region, Philippines 1 month ago

National Capital Region, Philippines 2 weeks ago

Makati, National Capital Region, Philippines 3 weeks ago

Quezon City, National Capital Region, Philippines 1 week ago

Pasay, National Capital Region, Philippines 2 weeks ago

Pasig, National Capital Region, Philippines 3 days ago

Makati, National Capital Region, Philippines 5 days ago

Makati, National Capital Region, Philippines 1 day ago

Manila, National Capital Region, Philippines 3 days ago

Pasay, National Capital Region, Philippines 1 month ago

Manila, National Capital Region, Philippines 1 year ago

Manila, National Capital Region, Philippines 2 weeks ago

Quezon City, National Capital Region, Philippines 1 week ago

IT Security Analyst IV - Cloud and App Security

Makati, National Capital Region, Philippines 2 weeks ago

Manila, National Capital Region, Philippines 3 weeks ago

Makati, National Capital Region, Philippines 1 week ago

Pasig, National Capital Region, Philippines 1 month ago

Vulnerability Management Security Analyst

National Capital Region, Philippines 3 weeks ago

Quezon City, National Capital Region, Philippines 1 day ago

National Capital Region, Philippines 1 week ago

Information Security Analyst (Perimeter Security)

Makati, National Capital Region, Philippines 2 weeks ago

Information Security Analyst - Risk Management

Makati, National Capital Region, Philippines 1 week ago

Senior Security Engineer Philippines or India, Remote - 8 am - 5 pm M-F US EST hours

Manila, National Capital Region, Philippines 7 months ago

Taguig, National Capital Region, Philippines 3 weeks ago

Manila, National Capital Region, Philippines 6 months ago

Manila, National Capital Region, Philippines 2 months ago

Mandaluyong, National Capital Region, Philippines 3 weeks ago

Taguig, National Capital Region, Philippines 19 hours ago

Makati, National Capital Region, Philippines 3 weeks ago

Makati, National Capital Region, Philippines 3 weeks ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr

---