Senior Security API Subject Matter Expert

About The Position

Requirements

• Programming: Proficiency in Java, Python, Node.js, and Go.
• Security: Deep knowledge of OpenID Connect, token-based authentication, and API threat detection.
• Infrastructure: Experience with Cloud-based API development (AWS or Azure), Kubernetes, Docker, and Terraform.
• Tools: Proficiency in the IT Tool Chain, including Jira, Confluence, Bitbucket/GitHub, and Jenkins.
• Domain Expertise: Strong understanding of Mortgage Loan Origination Systems (LOS), Uniform Residential Loan Applications (URLA), and MISMO compliant XML datasets.
• Experience: 8+ years of senior-level experience with leadership in API strategy, security, and enterprise-wide governance.
• Certification: Must possess a related industry-standard certification in server, database, or developer areas.
• Must be a U.S. Citizen or Lawful Permanent Resident (Green Card holder).
• Clearance: Ability to pass federal suitability requirements and obtain HSPD-12 credentials.

Responsibilities

• API Architecture & Design: Review and validate API architectures for financial and mortgage-related applications to ensure they meet RESTful and OpenAPI standards.
• Security Implementation: Implement and oversee robust authentication and authorization mechanisms, including OAuth 2.0, mutual TLS (mTLS), and JWT.
• Governance & Compliance: Ensure all API integrations comply with federal security mandates such as NIST 800-53, FISMA, and Zero Trust Architecture.
• API Gateway Management: Provide administration and architecture expertise for integration platforms, specifically leveraging MuleSoft Anypoint to manage inter-process data transfers.
• Vulnerability Management: Regularly scan for OWASP API Top 10 vulnerabilities and integrate automated security testing (SAST/DAST) into the DevSecOps lifecycle.
• Performance Optimization: Conduct performance tuning and monitoring to ensure high availability (99.9% uptime) and rapid response times (<200ms).
• Stakeholder Collaboration: Provide technical oversight for B2G (Business-to-Government) specifications and participate in industry working groups like MISMO.