Software Security Engineer - API Management
at HealthEquity
Remote, Oregon, USA -
Start Date | Expiry Date | Salary | Posted On | Experience | Skills | Telecommute | Sponsor Visa |
---|---|---|---|---|---|---|---|
Immediate | 31 Jan, 2025 | USD 92000 Annual | 31 Oct, 2024 | 2 year(s) or above | Threat Modeling,Security Certification,Documentation,Security Metrics,Software Architecture,Interpersonal Skills,Testing Tools,Infrastructure,Gym,Addition,Financial Services,Information Systems | No | No |
Required Visa Status:
Citizen | GC |
US Citizen | Student Visa |
H1B | CPT |
OPT | H4 Spouse of H1B |
GC Green Card |
Employment Type:
Full Time | Part Time |
Permanent | Independent - 1099 |
Contract – W2 | C2H Independent |
C2H W2 | Contract – Corp 2 Corp |
Contract to Hire – Corp 2 Corp |
Description:
WHAT YOU WILL NEED TO BE SUCCESSFUL (SKILLS, KNOWLEDGE, & EXPERIENCE)
- Bachelor’s degree in Information Systems, Cybersecurity or a related field and minimum 2 years’ relevant experience; or equivalent combination of education and experience.
- Demonstrated experience as a professional security engineer and/or software engineer, particularly regarding APIs and modern software architecture.
- Experience with Azure cloud environments and familiarity with API management tools like Azure APIM and Kong..
- Experience executing and performing security risk assessments for on-premise and cloud-based services.
- Advanced security certification (e.g., CISSP, CSSLP, CEH) or demonstrable level of compentency preferred
- Agile/Scrum and Microsoft Azure experience are beneficial with expert-level working knowledge of API Security and the concepts and tooling that can help protect them.
- Expert knowledge of leading information security frameworks and best practices (OWASP API Top 10, NIST Cybersecurity Framework, ISO27001/2, and CIS Top 20 Controls), and extensive experience applying frameworks to identify appropriate security measures and applying multiple risk treatments
- An API attacker mindset that is only satisfied when defense-in-depth controls are in place but will still question assumptions about our existing security posture.
- Ability to perform high-quality and effectual threat modeling.
- Ability to present complex security recommendations and influence both senior leaders and technology SMEs.
- Ability to research, identify and iterate on new security metrics to provide greater visibility on program status and improvement opportunities to senior leadership
- Ability to clearly and logically document all procedures related to this role and a passion for keeping documentation up to date
- Excellent interpersonal skills including the ability to interact effectively and professionally with individuals at all levels; both internal and external
- Team player capable of developing strong collaborative working relationships with internal partners and able to effectively engage and build consensus among cross-functional teams
- Experience in financial services or healthcare industries, dealing with sensitive data protection is a plus.
- Familiarity with container security, application security testing tools, and infrastructure as code scanning is a plus.
LI-Remote
This is a remote position.
Salary Range: $92,000.00 To $130,000.00 / year Benefits & Perks:
The compensation range describes the typical minimum or maximum base pay range for this position. The actual compensation offer is determined based on job-related knowledge, education, skills, experience, and work location. This position will be eligible for performance-based incentives as part of the total compensation package, in addition to a full range of benefits including:
- Medical, dental, and vision
- HSA contribution and match
- Dependent care FSA match
- Uncapped paid time off
- Adventure accounts
- Paid parental leave
- 401(k) match
- Personal and healthcare financial literacy programs
- Ongoing education & tuition assistance
- Gym and fitness reimbursement
- Wellness program incentives
Come be your authentic self:
Responsibilities:
- Own the API security program, including strategic planning, tool selection, and demonstrating program value through metrics.
- Implement and manage API security tools, focusing on identifying full-featured API security solutions.
- Work closely with development teams to integrate security principles in API development and ensure compliance with security standards.
- Support the DevSecOps team in areas such as container security, application security testing tools, and infrastructure as code scanning.
- Strategically manage, identify, and track new technologies to ensure a comprehensive security tool stack configuration to address threats and gaps, particularly related to API security.
- Build and present business cases on new technologies to address new and emerging risks, as well as gaps identified by external and internal assessors.
- Lead work in security controls and requirements identification for large and small technology and business initiatives.
- Build strong relationships with other technical personnel to create trust in guidance and insight on security topics.
- Maintain and improve policy and standards documentation relating to API security.
REQUIREMENT SUMMARY
Min:2.0Max:7.0 year(s)
Information Technology/IT
IT Software - Network Administration / Security
Software Engineering
Graduate
Information Systems
Proficient
1
Remote, USA