Web & API Security Architect

We are looking for a senior Web & API Security Architect to take full hands on ownership of securing its public websites, customer interfaces, and external integrations in a mission‑critical, high‑traffic, global enterprise environment.

This is a deeply technical, implementation‑focused role for someone who truly lives and breathes Web: understands how large‑scale websites are built, how traffic flows, how APIs are consumed, and how to design and apply security architectures that work in real production—not on paper.

What You’ll Be Doing

• End‑to‑end responsibility for securing public websites and Web/APIs, including high‑exposure business campaigns and external partnerships.
• Hands‑on design and implementation of application‑level protections (WAF, API Gateway, CDN‑based security).
• Architecting and implementing secure interactions with external vendors and partners (APIs, integrations, joint projects).
• Acting as the Web Security authority for the organization—defining architectures, standards, and security patterns.
• Translating business needs into concrete technical security solutions.
• Working closely with development, infrastructure, security, and business teams.
• Guiding and professionally leading a small team (approx. 4 people) that handles ongoing operational security tasks.

Must‑Have Experience

• 10+ years of hands‑on experience in Web / Application / API Security in Enterprise environments.
• Very strong, practical knowledge of HTML and how Web applications actually work.
• Proven experience securing large‑scale, customer‑facing websites.
• Strong background in Application WAF security (design + implementation).
• Hands‑on experience with API Gateways and securing REST / SOAP APIs.
• Experience implementing—not just designing—security controls in production.
• Background in global, distributed environments (e.g., fintech, payments, travel, large consumer platforms).

Strong Advantages

• Experience in global companies with high availability requirements (e.g., payments, travel, large consumer platforms).
• Ability to break down business requirements into technical execution plans.
• Previous technical leadership or people management experience.
• Understanding of GDPR and regulatory environments.
• Strong communication skills and ability to work across many interfaces, including business stakeholders.