drjobs Security Engineer

Security Engineer

Employer Active

The job posting is outdated and position may be filled
drjobs

Job Alert

You will be updated with latest job alerts via email
Valid email field required
Send jobs
Send me jobs like this
drjobs

Job Alert

You will be updated with latest job alerts via email

Valid email field required
Send jobs
Job Location drjobs

Boston, TX - USA

Salary drjobs

Not Disclosed

drjobs

Salary Not Disclosed

Job Description

We are hiring a Security Engineer with a specialization in APIs to join our DevSecOps team. The ideal candidate will play a crucial role in enhancing our APIcentric development approach managing API security tools and ensuring the security of our systems within an Azure environment. Our DevSecOps team is focused on high performance tracking work in a management system to demonstrate progress towards our goals. We value meaningful security work over security theater emphasizing evidencebacked security measures.

What youll be doing

Own the API security program including strategic planning tool selection and demonstrating program value through metrics.

Implement and manage API security tools focusing on identifying fullfeatured API security solutions.

Work closely with development teams to integrate security principles in API development and ensure compliance with security standards.

Support the DevSecOps team in areas such as container security application security testing tools and infrastructure as code scanning.

Strategically manage identify and track new technologies to ensure a comprehensive security tool stack configuration to address threats and gaps particularly related to API security.

Build and present business cases on new technologies to address new and emerging risks as well as gaps identified by external and internal essors.

Lead work in security controls and requirements identification for large and small technology and business initiatives.

Build strong relationships with other technical personnel to create trust in guidance and insight on security topics.

Maintain and improve policy and standards doentation relating to API security.

What you will need to be successful

Bachelors degree in Information Systems Cybersecurity or a related field and minimum 2 years relevant experience; or equivalent combination of education and experience.

Demonstrated experience as a professional security engineer and/or software engineer particularly regarding APIs and modern software architecture.

Experience with Azure cloud environments and familiarity with API management tools like Azure APIM and Kong..

Experience executing and performing security risk essments for onpremise and cloudbased services.

Advanced security certification (e.g. CISSP CSSLP CEH) or demonstrable level of compentency preferred

Agile/Scrum and Microsoft Azure experience are beneficial with expertlevel working knowledge of API Security and the concepts and tooling that can help protect them.

Expert knowledge of leading information security frameworks and best practices (OWASP API Top 10 NIST Cybersecurity Framework ISO27001/2 and CIS Top 20 Controls) and extensive experience applying frameworks to identify appropriate security measures and applying multiple risk treatments

An API attacker mindset that is only satisfied when defenseindepth controls are in place but will still question umptions about our existing security posture.

Ability to perform highquality and effectual threat modeling.

Ability to present complex security recommendations and influence both senior leaders and technology SMEs.

Ability to research identify and iterate on new security metrics to provide greater visibility on program status and improvement opportunities to senior leadership

Ability to clearly and logically doent all procedures related to this role and a pion for keeping doentation up to date

Excellent interpersonal ss including the ability to interact effectively and professionally with individuals at all levels; both internal and external

Team player capable of developing strong collaborative working relationships with internal partners and able to effectively engage and build consensus among crossfunctional teams

Experience in financial services or healthcare industries dealing with sensitive data protection is a plus.

Familiarity with container security application security testing tools and infrastructure as code scanning is a plus.

No phone calls or third parties. Candidates must be United States citizens or legal permanent residents. Proof of legal residence and work authorization in the United States is required.

Remote Work :

No

Employment Type

Full Time

Company Industry

Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.