API Security Engineer

Fiserv

Quick summary

Work type: On-site
Location: Berkeley Heights, NJ
Salary: $110,000–$186,000 / yr
Posted: 1 day ago

Market check

Salary context

Competitive pay

How this pay compares to similar roles

Similar $176k

This role $148k

$98k most similar roles pay here $221k

This role pays less than 66% of similar roles. Most pay $142,437–$209,500 — the shaded band above. At the midpoint, this role pays about $148k versus about $176k for comparable roles.

Based on 240 similar postings.

Employer

About Fiserv

Fiserv is a global leader in financial services technology, providing core banking platforms, payment processing, digital banking, and merchant acquiring solutions to financial institutions and businesses. Industry: Financial Technology & Payments

Fiserv currently has 83 open roles on FindRole.

Listed pay typically runs $110,000–$186,000 across 53 roles with salary data.

Most-posted roles

View all roles at Fiserv

At a glance

TL;DR · API Security Engineer

Apply Now Log in to save

As an API Security Engineer at a leading financial services company, you will join a dynamic security team to develop and implement a best-in-class API security program that ensures the integrity of critical API ecosystems through secure-by-design guidance and runtime protections. Your daily responsibilities include implementing runtime controls such as behavioral detection and schema enforcement across various layers, providing secure API design guidance aligned with OWASP standards, building automation for CI/CD integration, developing data analytics to measure risk and control effectiveness, and defining governance frameworks for consistent security practices. You will work closely with engineering teams to integrate these measures into the DevSecOps lifecycle, ensuring that security requirements are met without hindering development velocity. The role requires expertise in API gateways, WAF/WAAP, service mesh, and specialized API security platforms, along with experience in automation, data analytics, and aligning controls with industry frameworks like NIST and ISO 27001.

Skills

API OAuth2 OIDC JWT RateLimiting SchemaValidation WAF ServiceMesh CI/CD Git OpenAPI SaltSecurity Traceable ThreatModeling NIST ISO27001 PCI_DSS FAPI OWASP DevSecOps SAST DAST API_Tests Fuzzing Metrics Logs Traces CISSP

What you'll do

Implement and tune runtime controls for API gateways and service mesh.
Define secure API patterns and provide guidance aligned with OWASP standards.
Build automation to embed API security into CI/CD pipelines and cloud environments.
Develop dashboards using API telemetry to measure risk and control effectiveness.
Help define governance for API inventories, ownership, and classification across teams.
Integrate security requirements into DevSecOps lifecycle processes and incident response.

What we're looking for

5+ years of IT and cyber protection experience in API security.
Strong foundation in OAuth2/OIDC, JWT, rate limiting, schema validation, and common abuse patterns.
Practical runtime protection experience with API gateways or specialized platforms.
Experience building CI/CD automation for cloud-native environments.
Ability to use telemetry data for issue detection and priority setting.
Expert knowledge of cyber technologies protecting operational API systems.
Familiarity with threat modeling approaches and aligning controls to financial industry standards.

Save