Fiserv

API Security Engineer

Fiserv$110K — $186K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years of IT and cyber protection experience
  • Strong foundation in API security concepts such as OAuth2/OIDC and JWT
  • Practical experience with runtime protection in API security platforms
  • Experience building automation in CI/CD environments
  • Ability to analyze data and telemetry for security insights
  • Proactive collaboration skills with various teams
  • Expertise in maintaining cyber technologies for API protection
  • Bachelor’s degree in computer science or related field.

Responsibilities

  • Implement and tune runtime API protection controls across various layers.
  • Provide secure API design guidance to engineering teams.
  • Build automation to embed API security into CI/CD processes.
  • Develop analytics dashboards using API telemetry for risk measurement.
  • Define governance for API inventories and security requirements.
  • Collaborate on integrating security into the DevSecOps lifecycle.
  • Align security controls with relevant industry frameworks and standards.
  • Evaluate emerging technologies for API security enhancement.

Benefits

  • Opportunities for professional development and training.
  • Exposure to cutting-edge technologies and methodologies.
  • Collaborative work environment emphasizing in-person interactions.
  • Flexible working with some expectations for onsite presence.
  • Participation in innovative projects within the financial services sector.
Full Job Description

Job Title

API Security Engineer

About your role:

You will help build a best-in-class API security program designed for the speed of modern financial services and shape how APIs are secured end-to-end, design through runtime, using cutting-edge protection technologies and analytics, partnering closely with top engineers across product, platform, and security. You will help turn API telemetry into actionable intelligence, reduce risk at scale, and raise the bar for secure engineering across the organization. As an API Security Engineer, you will focus on protecting critical API ecosystems by combining secure-by-design guidance, runtime protections, automation, and data-driven governance. You will be hands-on with modern API security capabilities (discovery, posture, threat detection, abuse prevention, and response) and help integrate them into the DevSecOps lifecycle so teams can move fast without compromising trust.

What you will do:

  • Runtime API protection: Implement and tune runtime controls (e.g., behavioral detection, anomaly and abuse prevention, bot defense, schema enforcement, mTLS/OAuth validation, rate limiting, and threat response) across API gateways, service mesh, and edge layers.

  • Secure API design guidance: Partner with engineering teams to define and promote secure API patterns (authentication/authorization, input validation, error handling, pagination, idempotency, versioning, and least-privilege access). Provide practical guidance aligned to OWASP API Security Top 10 and modern design standards (Open API/JSON Schema).

  • Automation and integration: Build automation that embeds API security into CI/CD (policy-as-code, automated checks against Open API specs, secrets scanning, SAST/DAST/API testing, and runtime-to-ticket workflows). Reduce friction through reusable tooling and self-service guardrails.

  • Data analytics and insights: Develop dashboards and analytics using API telemetry and security findings to measure risk, adoption, control effectiveness, and program outcomes. Translate signals into prioritized actions for engineering and leadership.

  • API security governance: Help define governance for API inventories, ownership, classification, security requirements, exception handling, and control validation. Drive consistent standards across teams while enabling delivery velocity.

  • DevSecOps lifecycle partnership: Work with product and platform teams to integrate security requirements into backlog planning, threat modeling, design reviews, testing, release readiness, and incident response.

  • Framework alignment (financial services): Map controls and program outcomes to relevant industry frameworks and expectations (e.g., NIST, ISO 27001, PCI DSS, FAPI, and OWASP guidance). Support audit readiness through clear control documentation and evidence automation.

  • Continuous improvement and innovation: Evaluate emerging technologies and techniques for API discovery, posture management, and runtime detection. Pilot, measure, and scale what works.

What you will need to have:

  • 5+ years related IT and cyber protection experience desired.

  • Strong foundation in API security concepts: authN/authZ (OAuth2/OIDC, JWT), session/token handling, scopes/claims, rate limiting, schema validation, and common API abuse patterns.

  • Practical experience with runtime protection in one or more of API gateways, WAF/WAAP, service mesh, ingress controllers, or specialized API security platforms.

  • Experience building automation in CI/CD and cloud-native environments (policy-as-code, scripting, pipelines, Git-based workflows).

  • Ability to use data and telemetry (logs, traces, metrics) to detect issues, tell a clear story, and drive priorities and working knowledge of secure software development and DevSecOps practices, and the ability to influence engineering outcomes through partnerships.

  • Comfort collaborating across security, SRE, platform, and application teams with clear communication, pragmatic decision-making, and strong follow-through.

  • Expert knowledge of and experience with maintaining cyber technologies that can protect operational API systems, such as:

    • Traceable

    • Salt Security

    • NoName

  • Bachelor’s degree in computer science, or a relevant field, or an equivalent combination of education, work, and/or military experience

What would be great to have:

  • Experience with Open API tooling, API testing, fuzzing, and contract testing.

  • Familiarity with threat modeling approaches and abuse-case analysis for APIs.

  • Experience aligning security controls to financial industry expectations and. producing evidence that stands up to audit scrutiny.

  • CISSP or other professional cyber certification desirable.

How you’ll work

  • This role is on-site Monday through Friday. Fiserv considers in-person collaboration to be an essential part of this role as in-person office experiences help you with your overall onboarding experience and leads to stronger productivity.

Travel

  • Approximately 10% travel off-site or to other office locations is expected.

Sponsorship

  • You must currently possess valid and unrestricted U.S. work authorization to be considered for this role. Individuals with temporary visas including, but not limited to, F-1 (OPT, CPT, STEM), H-1B, H-2, or TN, or any candidate requiring sponsorship, now or in the future, will not be considered.

#LI-RM1

Salary Range

$110,000.00 - $186,000.00

These pay ranges apply to employees in New Jersey and New York. Pay ranges for employees in other states may differ.

It is unlawful to discriminate against a prospective employee due to the individual's status as a veteran.

For incentive eligible associates, the successful candidate is eligible for an annual incentive opportunity which may be delivered as a mix of cash bonus and equity awards in the Company’s sole discretion.

Thank you for considering employment with Fiserv.  Please:

  • Apply using your legal name
  • Complete the step-by-step profile and attach your resume (either is acceptable, both are preferable).

About Fiserv

CashEdge(R) provides infrastructure that global financial institutions rely on to extend their online channels and enhance customer profitability. CashEdge delivers secure Online Money Movement and Advanced Account Aggregation platforms that power specialized retail banking and advisor applications. These proven solutions enable CashEdge's clients to create compelling online offerings that attract customers, generate revenues, and reduce costs. CashEdge serves top-tier financial institutions around the world. Clients and partners include Vanguard, RBC Financial Group, CIBC, Yahoo! Finance, Digital Insight, First Data, TD Canada Trust, NYCE, Laurentian Bank, Financial Fusion and Corillian. CashEdge has offices in New York and Silicon Valley.

Fiserv Careers

Join the Fiserv team today and be part of a dynamic company known for innovation, leadership, and a commitment to the professional growth of its employees. At Fiserv, we offer more than just job opportunities; we provide a platform where skills are honed, leadership is cultivated, and career aspirations are achieved. Work You’ll Do At Fiserv, we are constantly on the lookout for talented individuals eager to thrive in a culture that fosters growth and diversity. Our team is composed of professionals who lead the way in financial services technology. By joining us, you will collaborate with some of the brightest minds in the industry, working together to solve complex challenges and deliver innovative solutions that impact millions of people every day. Explore Our Job Opportunities Whether you're seeking an entry-level position or a more senior role, Fiserv offers a range of career paths in areas such as software development, project management, financial analysis, and client services. Our hiring process is designed to identify and attract individuals who are not only technically proficient but who also embody our values of integrity and responsibility. Internship Programs Kickstart your career with a Fiserv internship. Our internships provide invaluable workplace experience and networking opportunities that often lead to full-time employment. As an intern, you’ll gain hands-on experience while working on meaningful projects that directly contribute to the company’s goals. Benefits and Culture Fiserv is committed to the well-being and continuous development of our employees. We offer competitive benefits including health, dental, and vision insurance, as well as opportunities for professional development through leadership training and diversity programs. Our culture is one of inclusion, where every team member is valued and has the opportunity to contribute to our success. Career Growth and Development We believe in nurturing the potential of our employees through career development initiatives and continuous learning opportunities. At Fiserv, you will find a supportive environment where you can grow your career through on-the-job experiences, mentoring, and formal training. Stay Connected Join Our Team Search open positions that match your skills and interests. We look for passionate, curious, creative, and solution-driven team players. Start your journey with Fiserv today and help shape the future of financial services. Keep Up to Date Stay ahead with career tips, insider perspectives, and industry-leading insights you can put to use today—all from the people who work here. Job Alert Emails Personalize your subscription to receive job alerts, latest news, and insider tips tailored to your preferences. Discover the exciting and rewarding career opportunities that await at Fiserv. Explore, innovate, and grow with Fiserv. Let your career journey begin here, where you can make a real difference in the world of finance.
Learn more about Fiserv
Size
44,000 employees
Market Cap
$63.4 billion
Industry
Net Income
$958 million
Founded
1984
5 Year Trend
+24.1%
Revenue
$14.8 billion
NASDAQ

Similar Jobs

More Jobs at Fiserv

More Information Technology Jobs

Find similar API Security Engineer jobs: