Software Security Engineer - API Management Job Locations

US-Remote

Overview

We areCONNECTING HEALTH AND WEALTH.Come be part of remarkable. How you can make a difference HealthEquity is hiring a Security Engineer specializing in API Management tools to join our DevSecOps team. The ideal candidate will play a crucial role in enhancing our API-centric development approach, managing API security tools, and ensuring the security of our systems within an Azure environment. Our DevSecOps team is focused on high performance, tracking work in a management system to demonstrate progress towards our goals. We value meaningful security work over security theater, emphasizing evidence-backed security measures. What you'll be doing (Job Duties and Responsibilities) Own the API security program, including strategic planning, tool selection, and demonstrating program value through metrics. * Implement and manage API security tools, focusing on identifying full-featured API security solutions. * Work closely with development teams to integrate security principles in API development and ensure compliance with security standards. * Support the DevSecOps team in areas such as container security, application security testing tools, and infrastructure as code scanning. * Strategically manage, identify, and track new technologies to ensure a comprehensive security tool stack configuration to address threats and gaps, particularly related to API security. * Build and present business cases on new technologies to address new and emerging risks, as well as gaps identified by external and internal assessors. * Lead work in security controls and requirements identification for large and small technology and business initiatives. * Build strong relationships with other technical personnel to create trust in guidance and insight on security topics. * Maintain and improve policy and standards documentation relating to API security. What you will need to be successful (Skills, Knowledge, and Experience) * Bachelor's degree in Information Systems, Cybersecurity or a related field and minimum 2 years' relevant experience; or equivalent combination of education and experience. * Demonstrated experience as a professional security engineer and/or software engineer, particularly regarding APIs and modern software architecture. * Experience with Azure cloud environments and familiarity with API management tools like Azure APIM and Kong.. * Experience executing and performing security risk assessments for on-premise and cloud-based services. * Advanced security certification (e.g., CISSP, CSSLP, CEH) or demonstrable level of compentency preferred * Agile/Scrum and Microsoft Azure experience are beneficial with expert-level working knowledge of API Security and the concepts and tooling that can help protect them. * Expert knowledge of leading information security frameworks and best practices (OWASP API Top 10, NIST Cybersecurity Framework, ISO27001/2, and CIS Top 20 Controls), and extensive experience applying frameworks to identify appropriate security measures and applying multiple risk treatments * An API attacker mindset that is only satisfied when defense-in-depth controls are in place but will still question assumptions about our existing security posture. * Ability to perform high-quality and effectual threat modeling. * Ability to present complex security recommendations and influence both senior leaders and technology SMEs. * Ability to research, identify and iterate on new security metrics to provide greater visibility on program status and improvement opportunities to senior leadership * Ability to clearly and logically document all procedures related to this role and a passion for keeping documentation up to date * Excellent interpersonal skills including the ab ility to interact... For full info follow application link.