API Security Engineer

Skills

Daily work will be tying up and remediating API Develop standards and architecture on API Development the Cybersecurity network engineering team’s main objective is to detect network threats and implement controls to defend against malicious actors before they can cause damage to the organization. Protecting healthcare systems and data is an important aspect of Banner Health’s cybersecurity and business strategy. As an API Security Engineer you will get to work with industry tools and technologies needed to protect the organization. You will be responsible for driving an initiative on API Security to implement near-term risk reductions and simultaneously work with leadership to define a long-term strategy for a holistic API lifecycle management process. The candidate will have an emphasis in network and web application security space which include web application firewalls (WAF) network governance traffic analysis certificate management IPS/IDS and API security. We are looking for a cybersecurity engineer that will take charge track and achieve established metrics be innovative collaborative and drive efficiency.

Description

API experience moving applications to the cloud (AZURE) Noname Security Platform experience (or similar)

Work experience within an Azure Environment

Need to get involved with SDLC early and often PIN Testing on API's

Responsibilities

• • Automate Discovery, Security Testing & Validation of Externally Facing APIs
• • Reduce Developer Friction and the Risk of Data Breach through APIs
• • Enable playbooks to monitor, alert proactively and respond to potential abuse and misuse of Banner Health’s accessible API endpoints
• • Responsible for designing, developing, and maintaining secure APIs.
• • Supports efforts to minimize API security risk by discovering, managing, monitoring, and reporting on API security vulnerabilities
• • Advise and provide oversight to the technical community as a Subject Matter Expert (SME) for the Automation of DevSecOps practice and pipeline
• • Administrate API security testing tools, perform API code reviews, and advise development teams on API-related technical issues and questions
• • Work with the development and other technical teams to review existing and new APIs, Web Services in support of Security control implementations that align with Banner Health’s Information Security policies and procedures
• • Strong understanding of API technologies and security concepts, as well as the ability to work collaboratively with development teams and other security professionals
• • Develop and implement API security policies and procedures
• • Conduct vulnerability assessments and penetration testing of APIs
• • Ensuring compliance with relevant regulations and standards
• • Providing guidance and support to development teams on API security best practices
• • Identifying and mitigating security risks associated with APIs
• • Conducting security audits and reviews of API implementations
• • Collaborating with other security teams to share information and resolve security incidents
• • Experience automating API security assessments into continuous integration and continuous deployment (CI/CD) pipelines of authentication and authorization infrastructure (e.g., SAML, OpenID, OAuth)
• • Knowledge in evaluating OWASP API top 10, National Institute of Standards and Technology (NIST) Special Publications