Senior Associate Security Engineer (API)

About The Position

Requirements

• Bachelor’s degree or equivalent education, training, and work-related experience.
• Minimum of 3 years of experience in security engineering or related cybersecurity roles.
• Developing knowledge in cybersecurity principles, theories, and concepts.
• Experience in software development lifecycle security practices.
• Proficiency in implementing and managing information security technologies.
• English (Required) fluency.
• Experience with API security testing tools such as Akamai, API Security, Salt Security, Traceable, Data Theorem, OWASP ZAP (API extensions), SoapUI, ReadyAPI, or Burp Suite.
• Experience with Dynamic Application Security Testing (DAST) tools such as Synopsys WhiteHat, Qualys Web Application Scanning (WAS), or Burp Suite.
• Strong understanding of API security protocols and frameworks, including OAuth 2.0, OpenID Connect (OIDC), Mutual TLS (mTLS), and JSON Web Tokens (JWT).

Nice To Haves

• Working knowledge of industry security frameworks and standards, including: NIST SP 800-228 (API Security Guidance), NIST SP 800-53, NIST SP 800-63, FFIEC (Federal Financial Institutions Examination Council) guidelines, OWASP API Security Top 10, Financial-grade API (FAPI – OpenID Foundation).
• Experience within banking or financial services environments.
• Proficiency or familiarity with Python scripting.
• Relevant security certifications such as CISSP, OSCP, CEH, or Security+.
• Experience with cloud platforms such as AWS and/or Microsoft Azure.

Responsibilities

• Implements cybersecurity solutions that protect critical assets within the job area, contributing to design and configuration decisions while following established strategies, patterns, and guidance.
• Performs threat modeling, security testing, and penetration testing tasks for assigned platforms and services, using defined methods to identify and remediate vulnerabilities.
• Integrates and configures information security technologies in test and production environments, applying and adjusting approved configuration patterns, automation, and handoff steps for assigned systems.
• Investigates security issues escalated within the team for the services in scope, performing root-cause analysis and implementing practical fixes that prevent recurrence.
• Reviews relevant security threats, tools, and design options for assigned work, and provides input that supports technical plans and priorities for the job area.
• Collaborates with product and engineering teammates to apply security guidelines, securebydesign practices, and governance controls in daytoday development and delivery activities.
• Implements and updates security baselines, guardrails, and control configurations for systems and applications within the area of responsibility, helping maintain regulatory and policy compliance.
• Executes incident response and basic forensic activities for assigned services, following established playbooks, using approved tooling, and suggesting targeted improvements based on handson experience.
• Shares knowledge and best practices with technical teammates, offering informal guidance and support during code reviews, design discussions, and pairing sessions.
• Plans and manages own work to meet defined objectives and milestones, seeking feedback, pursuing selfdevelopment, and adjusting approaches to improve quality and effectiveness over time.

Benefits

• medical
• dental
• vision
• life insurance
• disability
• accidental death and dismemberment
• tax-preferred savings accounts
• 401k plan
• 10 days of vacation
• 10 sick days
• paid holidays
• defined benefit pension plan
• restricted stock units
• deferred compensation plan