Job added in hotlist
Applied job
Contract job
Recruiter job
Employer job
Expanded search
Apply online not available
View more jobs in Richmond, IN
View more jobs in Indiana

Job Details

Senior API Security Engineer

Company name
U.S. Bank.

Richmond, IN

Apply for this job

10 hit(s)  


Senior API Security Engineer

U.S. Bank



Job #631225206

U.S. Bank is seeking a Senior API Security Engineer

with demonstrated competence and thought leadership capability to contribute toward the success of our technology initiatives.

In this role the Sr. API Security Engineer supports efforts to minimize security risk by managing, monitoring, and reporting on API security systems, advising the technical community as a Subject Matter Expert (SME) while supporting the organization’s DevSecOps practice, particularly with Agile DevOps pipelines.

Duties may include working with Agile teams, reviewing project documentation, researching and referencing Information Security policy, delivering recommendations and guidance, and performing other tasks in the pursuit of securing systems, processes, and software applications.

The ideal candidate will possess extensive experience developing and securing applications and web services, or web APIs (Application Programming Interfaces). The team member will work with application development personnel and other technical team members to review existing and/or new APIs/web services in support of quality implementations that align with Information Security policies, procedures, and generally-accepted best practices.

Role responsibilities/duties include participation in the creation and maintenance of API security specifications, reviewing software designs to ensure appropriate/required security controls have been included in designs, administering API security testing tools, performing API code reviews, attesting compliance with the security requirements, and advising development teams on API-related technical issues and questions. The candidate should eventually be recognized as an API security SME within the organization.


Basic Qualifications:

-Bachelor's degree in Computer Science, Engineering, Information Systems, Information Security, Mathematics, Physics, or a related discipline or equivalent work experience

-Certified Information System Security Professional

-At least 7 years experience with processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organizational data.

Required Skills/Experience:

• Experience with the implementation and support of security testing tools and technologies.

• Experience with web-based and/or mobile application development.

• Experience with web services and Web API development.

• Experience with REST and SOAP development.

• Experience with XML, SQL Server, JQuery, JSON, and JavaScript.

• Experience with the security testing of web services and web APIs.

• Having a strong understanding of API creation, management, hardening, and defense.

• Experience with Java and/or C# application development.

• Having a good understanding of Object-Oriented (OO) and Functional programming concepts.

• Having full SDLC knowledge/experience with Waterfall and Agile methodologies.

• Experience with Information Security policy, its interpretation, reference, and usage when delivering opinions, recommendations, and guidance.

• Experience with multiple operating systems including competency with Windows Server, Windows Desktop, and Linux/Unix operating systems.

• Experience with at least one database technology (i.e., Oracle, MySQL, or MS SQL).

• Experience with scripting languages, data manipulation, and tools (e.g., UNIX shell, PowerShell, Python, Perl, or Excel macros).

• Familiarity with Open Web Application Security Project (OWASP), National Institute of Standards and Technology (NIST) Special Publications, and the Open Source Security Testing Methodology Manual (OSSTMM).

• Having a strong understanding of secure software authorization methods and communications transports (OAuth, SSL/TLS).

• Having a solid understanding of secure software design standards, principles, and practices.

• Having professional experience with software application security and its associated standards and practices (e.g., secure development, secure development lifecycle).

• Having professional experience with securing mobile devices and applications (e.g., understanding attack vectors, and system/code vulnerabilities).

• Having a good understanding of risk management, security architecture, common design flaws/weaknesses, and vulnerability analysis.

• Strong planning, execution, interpersonal, organizational, communications, and negotiation skills.

• Strong technical, logical, analytical, and problem-solving skills.

• Team-oriented player, self-directed, confident, personable, professional.

• CSSLP, CISSP, CPSSE, GIAC GWEB, and/or similar certifications a plus.


Information Technology

Primary Location:



1st - Daytime

Average Hours Per Week:


Requisition ID:


Other Locations:

United States

U.S. Bank is an Equal Opportunity Employer committed to creating a diverse workforce.

U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors.

Updated 04/14/2018

Company info

U.S. Bank.
Website :

Company Profile
U.S. Bancorp is a diversified financial services company with headquarters in Minneapolis, Minnesota. We offer a comprehensive range of financial products and services to meet the needs of individuals, businesses, institutions and government entities.

EmploymentCrossing was helpful in getting me a job. Interview calls started flowing in from day one and I got my dream offer soon after.
Jeremy E - Greenville, NC
  • All we do is research jobs.
  • Our team of researchers, programmers, and analysts find you jobs from over 1,000 career pages and other sources
  • Our members get more interviews and jobs than people who use "public job boards"
Shoot for the moon. Even if you miss it, you will land among the stars.
SQLCrossing - #1 Job Aggregation and Private Job-Opening Research Service — The Most Quality Jobs Anywhere
SQLCrossing is the first job consolidation service in the employment industry to seek to include every job that exists in the world.
Copyright © 2018 SQLCrossing - All rights reserved. 168