Job Description:
The Team
This is a Senior Cyber Engineering role in the API Security team, which is part of the Application and Infrastructure Security Product Area within the Enterprise Cybersecurity business unit.
The focus of this team is to enable API Security Solutions and processes that will help improve the security posture of our APIs across our infrastructure.
The Expertise You Have
* 5+ years of experience in software engineering, ideally with a focus on Application or API Security.
* Strong knowledge of API protocols and frameworks (e.g., REST, SOAP, GraphQL, gRPC), API gateways, and Authentication and Authorization Protocols (OAuth2/OIDC/JWT).
* Strong understanding of OWASP API Security Top 10 and secure coding practices.
* Familiarity with common API vulnerabilities.
* Familiarity with runtime security, eBPF, and traffic monitoring for API discovery is a plus.
* Experience with API security frameworks and API security testing tools (DAST, AST) and runtime API protection platforms is a plus.
* Application security experience, including Pen Testing, SCA, SAST, DAST, and WAF, is a plus.
The Skills You Bring
* Proven knowledge of engineering principles, patterns, and practices.
* Experience with modern agile engineering approaches and operational excellence.
* Ability to collaborate effectively with teams or vendors to achieve positive outcomes.
* Excellent interpersonal and communication skills.
* Strong analytical skills to address issues and work through ambiguous situations, making timely decisions based on facts and experience.
* A passion for continuous learning and mentoring team members.
The Value You Deliver
* You will help tackle real-world problems and meet consumer needs.
* Lead the deployment of API security solutions end-to-end.
* Collaborate with development, operations, and security teams for smooth integrations.
* Monitor platform performance, ensuring alignment with KPIs and SLAs.
* Optimize configurations to detect and prevent API threats.
* Contribute to planning, executing, and delivering API security initiatives within the broader security roadmap.
* Stay updated on emerging threats and technologies, recommending improvements.
* Integrate API security solutions into CI/CD pipelines for continuous testing and monitoring.
* Develop scripts and tools to streamline processes and perform data analysis.
* Document processes, configurations, and lessons learned for knowledge transfer.
Fidelity will reasonably accommodate associates with disabilities who need adjustments during the application or interview process or to perform essential job functions.
Category: Information Technology
#J-18808-Ljbffr