API & Database Auditor at Moniepoint Inc.

Role Overview

• The API & SQL Database Auditor is responsible for assessing the design, security, reliability, and compliance of application programming interfaces (APIs) and relational database systems. This role evaluates how data is accessed, processed, stored, and protected across applications, ensuring adherence to security standards, regulatory requirements, and internal controls.

Key Responsibilities
Audit & Compliance

• Audit of Application Program Interfaces Security Controls.
• Audit REST, GraphQL, and internal APIs for governance, and compliance with organizational standards.
• Audit of Database Security Controls (e.g., MySQL, PostgreSQL, SQL Server, Oracle) for data integrity, availability, and confidentiality.
• Assess compliance with regulatory and industry frameworks (e.g., SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR).
• Evaluate API versioning, lifecycle management, and deprecation controls.

Security & Risk Assessment

• Identify risks related to authentication, authorization, rate limiting, and input validation.
• Review protection mechanisms against common threats (e.g., injection attacks, broken object-level authorization).
• Evaluate encryption practices (in transit and at rest).
• Assess secrets management for database credentials and API keys.
• Review database patching, vulnerability management, and hardening practices.

Data Governance & Integrity

• Assess data classification, retention, and deletion policies.
• Review database schema design, constraints, indexing, and referential integrity controls.
• Evaluate logging, monitoring, and audit trails for data access and changes.
• Verify segregation of duties for database administration and application access.

Process & Controls Review

• Review backup, replication, and disaster recovery processes.
• Assess performance monitoring, capacity planning, and availability controls.
• Evaluate change management processes for schema and API changes.
• Review third-party API integrations and data-sharing agreements.

Reporting & Advisory

• Document audit findings with risk ratings and evidence.
• Provide clear, actionable remediation recommendations.
• Present findings to engineering, security, and data governance stakeholders.
• Track remediation progress and validate corrective actions.
• Participates in the other regular audits in the IT Audit Plan as assigned by the Head, IT Audit.

Skills & Competencies

• SQL (analysis, permissions, schema review)
• API documentation and testing tools (Postman, Swagger/OpenAPI)
• Database security controls (roles, grants, auditing)
• Logging and monitoring solutions
• Encryption and key management concepts
• Strong analytical and investigative skills
• Ability to translate technical risks into business impact
• Clear written documentation and reporting
• Professional skepticism and attention to detail
• Ability to collaborate with engineering and security teams

Qualifications

• Minimum of a Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field (or equivalent experience).
• Certifications in one or more of the following will be an added advantage - CISA, ACA, CISSP, CISM, CRISC, MICROSOFT certifications, ORACLE, etc.
• Experience: Minimum of 5 years experience in application security, database administration, software engineering, or IT audit.
• Strong understanding of RESTful APIs and SQL-based databases.
• Experience reviewing authentication and authorization mechanisms (OAuth 2.0, JWT, API keys).
• Working knowledge of SQL querying and database security concepts.