U.S. Bank API/Microservices Information Security Specialist - REMOTE in Montpelier, Vermont
At U.S. Bank, we're passionate about helping customers and the communities where we live and work. The fifth-largest bank in the United States, we’re one of the country's most respected, innovative and successful financial institutions. U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors.
U.S. Bank is seeking an API/Microservices Principal Information Security Engineer to secure bank APIs and Microservices. Collaborating with key stakeholders around the organization, you will identify security gaps and provide solutions & guidance to mitigate information security risks to bank assets and data. With a finger on the pulse of industry trends and concerns, you will be in front of the curve by researching new tools, technologies, and methodologies to assure solutions are readily available to the organization. This is a high visibility role that requires deep technical expertise, comfort among intellectual peers, and motivation to improve the information security posture of the bank.
This person will build and adapt high-impact security solutions and tools for the APIs to enable new business opportunities by mitigating associated risks. Work on designing, implementing and promoting intuitive, on-demand, self-serve security controls for the business line teams producing APIs that are context relevant, low maintenance and always available. Collaborate with other teams across the organization and embrace challenging, complex environment with focus on delivering valued services based on continuous improvement and visibility.
Learn and become a Subject Matter Expert (SME) in the API Security domain.
Maintain body of knowledge (APISec BoK) on emerging API Security threats and vulnerabilities.
Contribute to authoring of the API security governance documentation and processes.
Explore and analyze the existing architectures and controls around the APIs for security gaps and inefficiencies.
Champion API security requirements and mitigations.
Reason about and propose security improvements to the API designs, implementations and deployments.
Create context-relevant and risk-based systematic solutions for the APIs.
Develop tooling for automated and continuous verification of the security posture of the APIs.
Research, implement, and manage API security tooling and solutions.
Attributes / Skills:
A "builder-enabler" mindset with positive approach to security
Hands on software development skills and extreme programming methods
Passion for security automation, security-as-utility and security-by-default
Strive for continuous learning, results oriented inter-personal team member
Understanding and appreciation of the attack surface, and security related concerns associated with APIs
Working knowledge of relevant, up-to-date security industry standards
Hands-on building automated tools integrated with CI/CD
Capability to work under pressure to produce solutions in tight timelines
Bachelor's degree in Engineering or Science, or equivalent work experience
Eight or more years of experience in Information Security
Two or more years of experience in IT infrastructure, systems architecture, risk management, and project management.
Experience Should Include
2+ years' experience with container and service mesh environments
2+ years' experience in software development that includes designing & engineering secure applications/APIs
2+ years DevSecOps experience with CI/CD (Jenkins) and supplemental tooling & automation
5+ years' experience in a Cloud environment (AWS, Azure, GCP)
5+ years of Information Security expertise covering secure coding, communications (ingress/egress), hosting environment hardening and monitoring, database connectivity, etc.
5+ years of Information Security Tooling expertise in vulnerability scanning & exploitation, encryption, logging and monitoring, key management, identity access management (IAM), etc.
5+ years of experience researching and evaluating products/technologies and gaining consensus to formally adopt within the organization
5+ years extensive collaboration experience in large /complex organization consulting with and advising stakeholders, coordinating and leading meetings
5+ years' experience documenting policies, standards, and establishing best practices
CISSP, Security+, CSSLP, or equivalent Certification
3+ years' experience leading small to medium size teams
Azure/AWS security relevant certifications
Advanced scripting (Python, NodeJS, Ruby)
Advanced Gitlab, Jenkins, Hashicorp Vault integrations
Advanced OAuth and OpenID
Familiarity with container and service mesh environments
3+ years' experience working with IT audit and control, governance, asset management, change control, training delivery, and technical writing/documentation
Experience and knowledge of API/Microservice frameworks (.Net, JAVA, NodeJs) and technologies including REST, SOAP, GraphQL, gRPC, JSON
Any experience in a regulated industry (Financial, Healthcare, Government)
If there’s anything we can do to accommodate a disability during any portion of the application or hiring process, please refer to our disability accommodations for applicants (https://careers.usbank.com/global/en/disability-accommodations-for-applicants) .
Take care of yourself and your family with U.S. Bank employee benefits. We know that healthy employees are happy employees, and we believe that work/life balance should be easy to achieve. That's why we share the cost of benefits and offer a variety of programs, resources and support you need to bring your full self to work and stay present and committed to the people who matter most - your family.
Learn all about U.S. Bank employee benefits, including tuition reimbursement, retirement plans and more, by visiting careers.usbank.com .
EEO is the Law
Applicants can learn more about the company’s status as an equal opportunity employer by viewing the federal EEO is the Law (https://www.dol.gov/sites/dolgov/files/ofccp/regs/compliance/posters/pdf/eeopost.pdf) poster.
U.S. Bank participates in the U.S. Department of Homeland Security E-Verify program in all facilities located in the United States and certain U.S. territories. The E-Verify program is an Internet-based employment eligibility verification system operated by the U.S. Citizenship and Immigration Services. Learn more about the E-Verify program (https://careers.usbank.com/verification-of-eligibility-for-employment) .
Salary range reflected is an estimate of base pay and is for the primary location. Base pay range may vary if an offer is made for work in a different location. Pay Range: $112,880.00 - $132,800.00 - $146,080.00
Due to legal requirements, U.S. Bank requires that the successful candidate hired for some positions be fully-vaccinated for COVID-19, absent being granted an accommodation due to a medical condition, pregnancy, or sincerely held religious belief or other legally required exemption. For these positions, as part of the conditional offer of employment, the successful candidate will be asked to provide proof of vaccination or approval for an accommodation or exemption upon hire.
U.S. Bank will consider qualified applicants with criminal histories in a manner consistent with the San Francisco Fair Chance Ordinance.
U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors.