Job Specifications
Role Title:API Security Architect
Duration:contract to run until 30/11/2026
Location:Knutsford, hybrid 3 days per week onsite
Rate:up to £762.86 p/d Umbrella inside IR35
Role purpose/summary
We are looking for an API Security Architect to define, design, and oversee the implementation of enterprise-grade API security architecture. The role ensures APIs are built securely, follow best-practice standards, and align with organisational security and compliance requirements.
Key Responsibilities
Design end-to-end API security architecture across cloud and on-premise environments.
Define API security standards covering authentication, authorization, encryption, and threat protection.
Lead architectural reviews, threat modelling, and risk assessments for API integrations.
Select, architect, and optimize API gateways, WAFs, and security controls.
Develop reference architectures and reusable security patterns for engineering teams.
Provide security governance for API development, life cycle management, and CI/CD practices.
Partner with engineering, product, and security operations to embed secure-by-design principles.
Oversee remediation strategies for API vulnerabilities and guide architecture improvements.
Required Skills & Experience
Proven experience in API security architecture within large-scale environments.
Expertise in API gateways (Apigee, Azure API Management, Kong, Mulesoft).
Strong knowledge of OAuth2.0, OIDC, JWT, mTLS, TLS, and Zero Trust principles.
Deep understanding of OWASP API Security Top 10 and secure design patterns.
Experience designing security controls in cloud (Azure, AWS, or GCP).
Ability to create architectural artefacts (HLDs, LLDs, security patterns).
Nice to Have
Certifications: CISSP, CCSP, GIAC, SABSA.
Experience with DevSecOps, container security, and microservices architecture.
Knowledge of SIEM, API analytics, and threat intelligence
All profiles will be reviewed against the required skills and experience. Due to the high number of applications we will only be able to respond to successful applicants in the first instance. We thank you for your interest and the time taken to apply!
About the Company
Experis is a global leader in IT professional resourcing, project solutions, and managed services specializing in Business Transformation, Enterprise Applications, Cloud and Infrastructure, Digital Workspace and Cyber Security. As digital transformation and acute skills shortages in tech continue unabated, Experis provides talent with the powerful combination of in-demand technical skills together with the soft skills that are critical for business success. We can connect you to individuals with a specific skill set, manage ...
Know more