API & Database Auditor at Moniepoint Inc.

Role Overview

• The API & SQL Database Auditor is responsible for assessing the design, security, reliability, and compliance of application programming interfaces (APIs) and relational database systems.
• This role evaluates how data is accessed, processed, stored, and protected across applications, ensuring adherence to security standards, regulatory requirements, and internal controls.

Key Responsibilities Audit & Compliance

• Audit of Application Program Interfaces Security Controls.
• Audit REST, GraphQL, and internal APIs for governance, and compliance with organizational standards.
• Audit of Database Security Controls (e.g., MySQL, PostgreSQL, SQL Server, Oracle) for data integrity, availability, and confidentiality.
• Assess compliance with regulatory and industry frameworks (e.g., SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR).
• Evaluate API versioning, lifecycle management, and deprecation controls.

Security & Risk Assessment

• Identify risks related to authentication, authorization, rate limiting, and input validation.
• Review protection mechanisms against common threats (e.g., injection attacks, broken object-level authorization).
• Evaluate encryption practices (in transit and at rest).
• Assess secrets management for database credentials and API keys.
• Review database patching, vulnerability management, and hardening practices.

Data Governance & Integrity

• Assess data classification, retention, and deletion policies.
• Review database schema design, constraints, indexing, and referential integrity controls.
• Evaluate logging, monitoring, and audit trails for data access and changes.
• Verify segregation of duties for database administration and application access.

Process & Controls Review

• Review backup, replication, and disaster recovery processes.
• Assess performance monitoring, capacity planning, and availability controls.
• Evaluate change management processes for schema and API changes.
• Review third-party API integrations and data-sharing agreements.

Reporting & Advisory

• Document audit findings with risk ratings and evidence.
• Provide clear, actionable remediation recommendations.
• Present findings to engineering, security, and data governance stakeholders.
• Track remediation progress and validate corrective actions.
• Participates in the other regular audits in the IT Audit Plan as assigned by the Head, IT Audit.

Skills & Competencies

• SQL (analysis, permissions, schema review)
• API documentation and testing tools (Postman, Swagger/OpenAPI)
• Database security controls (roles, grants, auditing)
• Logging and monitoring solutions
• Encryption and key management concepts
• Strong analytical and investigative skills
• Ability to translate technical risks into business impact
• Clear written documentation and reporting
• Professional skepticism and attention to detail
• Ability to collaborate with engineering and security teams

Qualifications

• Minimum of a Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field (or equivalent experience).
• Certifications in one or more of the following will be an added advantage - CISA, ACA, CISSP, CISM, CRISC, MICROSOFT certifications, ORACLE, etc.
• Experience: Minimum of 5 years experience in application security, database administration, software engineering, or IT audit.
• Strong understanding of RESTful APIs and SQL-based databases.
• Experience reviewing authentication and authorization mechanisms (OAuth 2.0, JWT, API keys).
• Working knowledge of SQL querying and database security concepts.