Jobs · Information Technology · New Jersey

API Security Engineer

Fiserv · Berkeley Heights, NJ · Today
Information Technology$110k–$186k/yrFull-time

About the role

You will help build a best-in-class API security program designed for the speed of modern financial services and shape how APIs are secured end-to-end, design through runtime, using cutting-edge protection technologies and analytics, partnering closely with top engineers across product, platform, and security.

Responsibilities

  • Implement and tune runtime controls (e.g., behavioral detection, anomaly and abuse prevention, bot defense, schema enforcement, mTLS/OAuth validation, rate limiting, and threat response) across API gateways, service mesh, and edge layers.
  • Partner with engineering teams to define and promote secure API patterns (authentication/authorization, input validation, error handling, pagination, idempotency, versioning, and least-privilege access).
  • Build automation that embeds API security into CI/CD (policy-as-code, automated checks against Open API specs, secrets scanning, SAST/DAST/API testing, and runtime-to-ticket workflows).
  • Develop dashboards and analytics using API telemetry and security findings to measure risk, adoption, control effectiveness, and program outcomes.
  • Map controls and program outcomes to relevant industry frameworks and expectations (e.g., NIST, ISO 27001, PCI DSS, FAPI, and OWASP guidance).
  • Evaluate emerging technologies and techniques for API discovery, posture management, and runtime detection.

Requirements

  • 5+ years related IT and cyber protection experience desired.
  • Strong foundation in API security concepts: authN/authZ (OAuth2/OIDC, JWT), session/token handling, scopes/claims, rate limiting, schema validation, and common API abuse patterns.
  • Experience building automation in CI/CD and cloud-native environments (policy-as-code, scripting, pipelines, Git-based workflows).
  • Practical experience with runtime protection in one or more of API gateways, WAF/WAAP, service mesh, ingress controllers, or specialized API security platforms.
  • Comfort collaborating across security, SRE, platform, and application teams with clear communication, pragmatic decision-making, and strong follow-through.

Qualifications

  • Expert knowledge of and experience with maintaining cyber technologies that can protect operational API systems, such as: TraceableSalt Security NoName Bachelor’s degree in computer science, or a relevant field, or an equivalent combination of education, work, and/or military experience.

Skills

  • Experience with Open API tooling, API testing, fuzzing, and contract testing.
  • Familiarity with threat modeling approaches and abuse-case analysis for APIs.
  • Experience aligning security controls to financial industry expectations and producing evidence that stands up to audit scrutiny.
  • CISSP or other professional cyber certification desirable.

Benefits

Not specified.

Pay

$110,000.00 - $186,000.00

Schedule

On-site Monday through Friday. Fiserv considers in-person collaboration to be an essential part of this role as in-person office experiences help you with your overall onboarding experience and leads to stronger productivity.

Application Instructions

Please complete the step-by-step profile and attach your resume (either is acceptable, both are preferable).

Similar jobs

API Security Engineer

ModernaCambridge, MA· 6 days ago
Information Technology$146k–$234k/yrapply on modernatx.wd1.myworkdayjobs.com

API Security Engineer

BioSpaceCambridge, MA· 3 days ago
Information Technology$146k–$234k/yrapply on jobs.biospace.com

API Security Engineer

STAFFXPERT LLCCharlotte, NC· 4 days ago
Engineeringapply on candidateportal.ceipal.com