129 applicants

Company

HealthEquity · 1 day ago

API Software Security Engineer

United States

Full-time

Remote

Entry, Mid Level

$92K/yr - $130K/yr

2+ years exp

Maximize your interview chances

Financial ServicesHealth Care

Growth Opportunities

H1B Sponsor Likely

Insider Connection @HealthEquity

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Own the API security program, including strategic planning, tool selection, and demonstrating program value through metrics.

Implement and manage API security tools, focusing on identifying full-featured API security solutions.

Work closely with development teams to integrate security principles in API development and ensure compliance with security standards.

Support the DevSecOps team in areas such as container security, application security testing tools, and infrastructure as code scanning.

Strategically manage, identify, and track new technologies to ensure a comprehensive security tool stack configuration to address threats and gaps, particularly related to API security.

Build and present business cases on new technologies to address new and emerging risks, as well as gaps identified by external and internal assessors.

Lead work in security controls and requirements identification for large and small technology and business initiatives.

Build strong relationships with other technical personnel to create trust in guidance and insight on security topics.

Maintain and improve policy and standards documentation relating to API security.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

API Management toolsAzure cloud environmentsSecurity risk assessmentsAPI SecurityAdvanced security certificationOWASP API Top 10NIST Cybersecurity FrameworkISO27001/2CIS Top 20 ControlsThreat modelingAgile/ScrumFinancial services experienceHealthcare industry experienceContainer securityApplication security testing toolsInfrastructure as code scanningDocumentation skills

Required

Bachelor’s degree in Information Systems, Cybersecurity or a related field and minimum 2 years’ relevant experience; or equivalent combination of education and experience.

Demonstrated experience as a professional security engineer and/or software engineer, particularly regarding APIs and modern software architecture.

Experience with Azure cloud environments and familiarity with API management tools like Azure APIM and Kong.

Experience executing and performing security risk assessments for on-premise and cloud-based services.

Expert knowledge of leading information security frameworks and best practices (OWASP API Top 10, NIST Cybersecurity Framework, ISO27001/2, and CIS Top 20 Controls), and extensive experience applying frameworks to identify appropriate security measures and applying multiple risk treatments.

An API attacker mindset that is only satisfied when defense-in-depth controls are in place but will still question assumptions about our existing security posture.

Ability to perform high-quality and effectual threat modeling.

Ability to present complex security recommendations and influence both senior leaders and technology SMEs.

Ability to research, identify and iterate on new security metrics to provide greater visibility on program status and improvement opportunities to senior leadership.

Ability to clearly and logically document all procedures related to this role and a passion for keeping documentation up to date.

Excellent interpersonal skills including the ability to interact effectively and professionally with individuals at all levels; both internal and external.

Team player capable of developing strong collaborative working relationships with internal partners and able to effectively engage and build consensus among cross-functional teams.

Preferred

Advanced security certification (e.g., CISSP, CSSLP, CEH) or demonstrable level of competency preferred.

Agile/Scrum and Microsoft Azure experience are beneficial with expert-level working knowledge of API Security and the concepts and tooling that can help protect them.

Experience in financial services or healthcare industries, dealing with sensitive data protection is a plus.

Familiarity with container security, application security testing tools, and infrastructure as code scanning is a plus.

Benefits

Medical, dental, and vision

HSA contribution and match

Dependent care FSA match

Uncapped paid time off

Adventure accounts

Paid parental leave

401(k) match

Personal and healthcare financial literacy programs

Ongoing education & tuition assistance

Gym and fitness reimbursement

Wellness program incentives

Company

HealthEquity

Glassdoor

4.1

HealthEquity connects health and wealth by administering Health Savings Accounts (HSAs) and other consumer-directed benefits.

Founded in 2002

Draper, Utah, USA

1,001-5,000 employees

http://www.healthequity.com

H1B Sponsorship

HealthEquity has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2023 (27)

2022 (7)

2021 (1)

2020 (2)