U.S. Bank Senior API Security Engineer in Montgomery, Alabama

U.S. Bank is seeking a Senior API Security Engineer with demonstrated competence and thought leadership capability to contribute toward the success of our technology initiatives.

In this role the Sr. API Security Engineer supports efforts to minimize security risk by managing, monitoring, and reporting on API security systems, advising the technical community as a Subject Matter Expert (SME) while supporting the organization’s DevSecOps practice, particularly with Agile DevOps pipelines.

Duties may include working with Agile teams, reviewing project documentation, researching and referencing Information Security policy, delivering recommendations and guidance, and performing other tasks in the pursuit of securing systems, processes, and software applications.

The ideal candidate will possess extensive experience developing and securing applications and web services, or web APIs (Application Programming Interfaces). The team member will work with application development personnel and other technical team members to review existing and/or new APIs/web services in support of quality implementations that align with Information Security policies, procedures, and generally-accepted best practices.

Role responsibilities/duties include participation in the creation and maintenance of API security specifications, reviewing software designs to ensure appropriate/required security controls have been included in designs, administering API security testing tools, performing API code reviews, attesting compliance with the security requirements, and advising development teams on API-related technical issues and questions. The candidate should eventually be recognized as an API security SME within the organization.


Basic Qualifications:

-Bachelor's degree in Computer Science, Engineering, Information Systems, Information Security, Mathematics, Physics, or a related discipline or equivalent work experience

-Certified Information System Security Professional

-At least 7 years experience with processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organizational data.

Required Skills/Experience:

• Experience with the implementation and support of security testing tools and technologies.

• Experience with web-based and/or mobile application development.

• Experience with web services and Web API development.

• Experience with REST and SOAP development.

• Experience with XML, SQL Server, JQuery, JSON, and JavaScript.

• Experience with the security testing of web services and web APIs.

• Having a strong understanding of API creation, management, hardening, and defense.

• Experience with Java and/or C# application development.

• Having a good understanding of Object-Oriented (OO) and Functional programming concepts.

• Having full SDLC knowledge/experience with Waterfall and Agile methodologies.

• Experience with Information Security policy, its interpretation, reference, and usage when delivering opinions, recommendations, and guidance.

• Experience with multiple operating systems including competency with Windows Server, Windows Desktop, and Linux/Unix operating systems.

• Experience with at least one database technology (i.e., Oracle, MySQL, or MS SQL).

• Experience with scripting languages, data manipulation, and tools (e.g., UNIX shell, PowerShell, Python, Perl, or Excel macros).

• Familiarity with Open Web Application Security Project (OWASP), National Institute of Standards and Technology (NIST) Special Publications, and the Open Source Security Testing Methodology Manual (OSSTMM).

• Having a strong understanding of secure software authorization methods and communications transports (OAuth, SSL/TLS).

• Having a solid understanding of secure software design standards, principles, and practices.

• Having professional experience with software application security and its associated standards and practices (e.g., secure development, secure development lifecycle).

• Having professional experience with securing mobile devices and applications (e.g., understanding attack vectors, and system/code vulnerabilities).

• Having a good understanding of risk management, security architecture, common design flaws/weaknesses, and vulnerability analysis.

• Strong planning, execution, interpersonal, organizational, communications, and negotiation skills.

• Strong technical, logical, analytical, and problem-solving skills.

• Team-oriented player, self-directed, confident, personable, professional.

• CSSLP, CISSP, CPSSE, GIAC GWEB, and/or similar certifications a plus.

Job: Information Technology

Primary Location: Georgia-GA-Atlanta

Shift: 1st - Daytime

Average Hours Per Week: 40

Requisition ID: 180010662

Other Locations: United States

U.S. Bank is an Equal Opportunity Employer committed to creating a diverse workforce.

U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors.