Apply on Employer Site

FIS · 1 week ago

Technology Security Analyst (API)

Jacksonville, FL

Full-time

Hybrid

Mid, Senior Level

$86K/yr - $145K/yr

5+ years exp

FIS is a leading provider of technology that powers the world’s economy, and they are seeking an IT Security Analyst to help protect and secure highly-sensitive financial data. The role involves developing and maintaining policies for API security, collaborating with development teams to implement security controls, and ensuring the overall security of applications and APIs.

BankingFinancial ServicesFinTechPayments

No H1B

Responsibilities

Develop and maintain policy and standards for FIS API security program

Collaborate with internal development teams to build/advocate security controls in Application Programming Interface (API), and performing the secure design review of the APIs

Assist in the security standards, and processes of SDLC to protect Application, APIs, and CI/CD

Primarily responsible for API and Application security but with a good working knowledge of other security domains (Cryptography, Identity and Access Management, Threat and Vulnerability Management)

Manage the API runtime monitoring tool and work with vendor to tune/configure to provide the maximum but accurate coverage to FIS software

Identify the gaps in SAST/SCA/Container/IAC and other tool’s rule/configuration and work with vendor to engineer them to provide the maximum scanning coverage to FIS software

Crate software/automated workflows and collaborate with other stakeholders to integrate security tooling to track the API findings and work with development team to remediate them

Collaborate with WAF team to define/modify the rules to protect the APIs

Qualification

API SecurityApplication SecuritySecure Design ReviewsSASTOWASP Top 10JavaC#Communication SkillsOrganizational Skills

Required

Bachelor of Computer Science

Total 5+ years of hands-on professional software development and security experience, with a strong foundation in security practices and expertise in languages such as Java or C#

Proven experience in API Security and Application security, including secure design reviews

Collaborated closely with development teams to integrate security control and remediate vulnerabilities

Collaborated with development team and DevOps team to integrate security tools and workflows into automated development environments

Good understanding of SAST, SCA, IaC, and container security tools (e.g., Checkmarx One) working and tuning of such tools to maximize coverage and reduce false positives

Strong knowledge of OWASP Top 10 and OWASP API Top 10, with the ability to identify, assess, and guide remediation of vulnerabilities through both manual and automated methods

Excellent communication skills, with the ability to convey complex security concepts to both technical and non-technical stakeholders

Strong organizational and time management skills, with a track record of driving security initiatives across cross-functional teams in a remote or hybrid environment