API & Database Auditor

Minimum of a Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field (or equivalent experience).

Certifications in one or more of the following will be an added advantage - CISA, ACA, CISSP, CISM, CRISC, MICROSOFT certifications, ORACLE, etc.

Experience:
Minimum of 5 years experience in application security, database administration, software engineering, or IT audit.

Strong understanding of RESTful APIs and SQL-based databases.

Experience reviewing authentication and authorization mechanisms (OAuth 2.0, JWT, API keys).

Working knowledge of SQL querying and database security concepts.

Audit & Compliance

Audit of Application Program Interfaces Security Controls.

Audit REST, GraphQL, and internal APIs for governance, and compliance with organizational standards.

Audit of Database Security Controls (e.g., MySQL, PostgreSQL, SQL Server, Oracle) for data integrity, availability, and confidentiality.

Assess compliance with regulatory and industry frameworks (e.g., SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR).

Evaluate API versioning, lifecycle management, and deprecation controls.

Security & Risk Assessment

Identify risks related to authentication, authorization, rate limiting, and input validation.

Review protection mechanisms against common threats (e.g., injection attacks, broken object-level authorization).

Evaluate encryption practices (in transit and at rest).

Assess secrets management for database credentials and API keys.

Review database patching, vulnerability management, and hardening practices.

Data Governance & Integrity

Assess data classification, retention, and deletion policies.

Review database schema design, constraints, indexing, and referential integrity controls.

Evaluate logging, monitoring, and audit trails for data access and changes.

Verify segregation of duties for database administration and application access.

Process & Controls Review

Review backup, replication, and disaster recovery processes.

Assess performance monitoring, capacity planning, and availability controls.

Evaluate change management processes for schema and API changes.

Review third-party API integrations and data-sharing agreements.

Reporting & Advisory

Document audit findings with risk ratings and evidence.

Provide clear, actionable remediation recommendations.

Present findings to engineering, security, and data governance stakeholders.

Track remediation progress and validate corrective actions.

Participates in the other regular audits in the IT Audit Plan as assigned by the Head, IT Audit.

Skills & Competencies

SQL (analysis, permissions, schema review)

API documentation and testing tools (Postman, Swagger/OpenAPI)

Database security controls (roles, grants, auditing)

Logging and monitoring solutions

Encryption and key management concepts

Strong analytical and investigative skills

Ability to translate technical risks into business impact

Clear written documentation and reporting

Professional skepticism and attention to detail

Ability to collaborate with engineering and security teams