API Security Engineer
Fiserv · Berkeley Heights, NJ · Today
Information Technology$110k–$186k/yrFull-time
About the role
You will help build a best-in-class API security program designed for the speed of modern financial services and shape how APIs are secured end-to-end, design through runtime, using cutting-edge protection technologies and analytics, partnering closely with top engineers across product, platform, and security.
Responsibilities
- Implement and tune runtime controls (e.g., behavioral detection, anomaly and abuse prevention, bot defense, schema enforcement, mTLS/OAuth validation, rate limiting, and threat response) across API gateways, service mesh, and edge layers.
- Partner with engineering teams to define and promote secure API patterns (authentication/authorization, input validation, error handling, pagination, idempotency, versioning, and least-privilege access).
- Build automation that embeds API security into CI/CD (policy-as-code, automated checks against Open API specs, secrets scanning, SAST/DAST/API testing, and runtime-to-ticket workflows).
- Develop dashboards and analytics using API telemetry and security findings to measure risk, adoption, control effectiveness, and program outcomes.
- Map controls and program outcomes to relevant industry frameworks and expectations (e.g., NIST, ISO 27001, PCI DSS, FAPI, and OWASP guidance).
- Evaluate emerging technologies and techniques for API discovery, posture management, and runtime detection.
Requirements
- 5+ years related IT and cyber protection experience desired.
- Strong foundation in API security concepts: authN/authZ (OAuth2/OIDC, JWT), session/token handling, scopes/claims, rate limiting, schema validation, and common API abuse patterns.
- Experience building automation in CI/CD and cloud-native environments (policy-as-code, scripting, pipelines, Git-based workflows).
- Practical experience with runtime protection in one or more of API gateways, WAF/WAAP, service mesh, ingress controllers, or specialized API security platforms.
- Comfort collaborating across security, SRE, platform, and application teams with clear communication, pragmatic decision-making, and strong follow-through.
Qualifications
- Expert knowledge of and experience with maintaining cyber technologies that can protect operational API systems, such as: TraceableSalt Security NoName Bachelor’s degree in computer science, or a relevant field, or an equivalent combination of education, work, and/or military experience.
Skills
- Experience with Open API tooling, API testing, fuzzing, and contract testing.
- Familiarity with threat modeling approaches and abuse-case analysis for APIs.
- Experience aligning security controls to financial industry expectations and producing evidence that stands up to audit scrutiny.
- CISSP or other professional cyber certification desirable.
Benefits
Not specified.
Pay
$110,000.00 - $186,000.00
Schedule
On-site Monday through Friday. Fiserv considers in-person collaboration to be an essential part of this role as in-person office experiences help you with your overall onboarding experience and leads to stronger productivity.
Application Instructions
Please complete the step-by-step profile and attach your resume (either is acceptable, both are preferable).