Senior Cyber Engineering Role: API Security Team
Fidelity Investments seeks a Senior Cyber Engineer to join the API Security team within the Enterprise Cybersecurity business unit.
The focus of this team is to enhance the security posture of our APIs across the infrastructure through effective API Security Solutions and processes.
Required Expertise:
* 2+ years of experience in software engineering with a focus on Application or API Security
* Strong knowledge of API protocols/frameworks (e.g., REST, SOAP, GraphQL, gRPC), API gateways, Authentication and Authorization Protocols (OAuth2/OIDC/JWT etc.)
* Deep understanding of OWASP API Security Top 10 and secure coding practices
* Familiarity with common API vulnerabilities
* Experience with API security frameworks and testing tools (DAST, AST, etc.) and runtime API protection platforms
* Application security experience, including Pen Testing, SCA, SAST, DAST, and Web Application Firewalls (WAF)
Key Skills:
* Proven knowledge of engineering principles, patterns, and practices
* Experience with modern agile engineering approaches and operational excellence
* Ability to collaborate effectively with other teams or vendors
* Excellent interpersonal and communication skills
* Strong analytical skills to address issues and work through ambiguous situations
* Passion for continual learning and mentoring team members
Value Delivered:
* Develop solutions to tackle real-life problems and meet consumer needs
* Collaborate with development, operations, and security teams for seamless integration
* Monitor platform performance and ensure alignment with KPIs and SLAs
* Optimize platform configurations to detect and prevent API threats
* Contribute to API security initiatives within the broader security roadmap
* Stay ahead of emerging threats and technologies, recommending improvements
* Integrate API security into CI/CD pipelines for continuous testing and monitoring
* Develop scripts and tools to streamline processes and analyze data
* Document processes, configurations, and lessons learned for knowledge transfer