API Security Engineer

Responsibilities

• Runtime API protection: Implement and tune runtime controls (e.g., behavioral detection, anomaly and abuse prevention, bot defense, schema enforcement, mTLS/OAuth validation, rate limiting, and threat response) across API gateways, service mesh, and edge layers.
• Automation and integration: Build automation that embeds API security into CI/CD (policy-as-code, automated checks against Open API specs, secrets scanning, SAST/DAST/API testing, and runtime-to-ticket workflows). Reduce friction through reusable tooling and self-service guardrails.
• Data analytics and insights: Develop dashboards and analytics using API telemetry and security findings to measure risk, adoption, control effectiveness, and program outcomes. Translate signals into prioritized actions for engineering and leadership.
• API security governance: Help define governance for API inventories, ownership, classification, security requirements, exception handling, and control validation. Drive consistent standards across teams while enabling delivery velocity.
• DevSecOps lifecycle partnership: Work with product and platform teams to integrate security requirements into backlog planning, threat modeling, design reviews, testing, release readiness, and incident response.
• Framework alignment (financial services): Map controls and program outcomes to relevant industry frameworks and expectations (e.g., NIST, ISO 27001, PCI DSS, FAPI, and OWASP guidance). Support audit readiness through clear control documentation and evidence automation.
• Continuous improvement and innovation: Evaluate emerging technologies and techniques for API discovery, posture management, and runtime detection. Pilot, measure, and scale what works.
• What you will need to have:
• 5+ years related IT and cyber protection experience desired.
• Strong foundation in API security concepts: authN/authZ (OAuth2/OIDC, JWT), session/token handling, scopes/claims, rate limiting, schema validation, and common API abuse patterns.
• Practical experience with runtime protection in one or more of API gateways, WAF/WAAP, service mesh, ingress controllers, or specialized API security platforms.
• Experience building automation in CI/CD and cloud-native environments (policy-as-code, scripting, pipelines, Git-based workflows).
• Ability to use data and telemetry (logs, traces, metrics) to detect issues, tell a clear story, and drive priorities and working knowledge of secure software development and DevSecOps practices, and the ability to influence engineering outcomes through partnerships.
• Comfort collaborating across security, SRE, platform, and application teams with clear communication, pragmatic decision-making, and strong follow-through.
• Expert knowledge of and experience with maintaining cyber technologies that can protect operational API systems, such as:
• Traceable
• Salt Security
• NoName
• Bachelor's degree in computer science, or a relevant field, or an equivalent combination of education, work, and/or military experience
• What would be great to have:
• Experience with Open API tooling, API testing, fuzzing, and contract testing.
• Familiarity with threat modeling approaches and abuse-case analysis for APIs.
• Experi

Additional Information

Calling all innovators - find your future at Fiserv. We're Fiserv, a global leader in Fintech and payments, and we move money and information in a way that moves the world. We connect financial institutions, corporations, merchants and consumers to one another millions of times a day - quickly, reliably, and securely. Any time you swipe your credit card, pay through a mobile app, or withdraw money from the bank, we're involved. If you want to make an impact on a global scale, come make a difference at Fiserv. Job Title API Security Engineer About your role: You will help build a best-in-class API security program designed for the speed of modern financial services and shape how APIs are secured end-to-end, design through runtime, using cutting-edge protection technologies and analytics, partnering closely with top engineers across product, platform, and security. You will help turn API telemetry into actionable intelligence, reduce risk at scale, and raise the bar for secure engineering across the organization. As an API Security Engineer, you will focus on protecting critical API ecosystems by combining secure-by-design guidance, runtime protections, automation, and data-driven governance. You will be hands-on with modern API security capabilities (discovery, posture, threat detection, abuse prevention, and response) and help integrate them into the DevSecOps lifecycle so teams can move fast without compromising trust.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at fiserv? Share your experience