The role
The successful candidate will mature Truist’s API security tools, policies and practices, integrating API security into Software Development Life Cycle (SDLC) practices, with an overall goal to drive innovation in the security and compliance of Truist’s API ecosystem.
Your responsibilities
- Drive innovation in securing Truist’s Application Programming Interface (API) ecosystem, incorporating pragmatic security architecture solutions to meet business requirements that best balance business agility, operational costs, and security risk
- Become a trusted partner with enterprise API stakeholders
- Partner with stakeholders, Subject Matter Experts (SMEs), and Enterprise Architecture to design and deliver target API security architecture models and documentation, as well as reference implementations, in alignment with organizations policies, standards and procedures
- Evolve and mature Truist’s API security tools, policies, standards and practices
- Serve as an evangelist for secure API practices, communicating with individuals with individuals both at the technical and executive levels, and training internal resources as needed
- Engage business and technology stakeholders at all levels to gather long term goals and requirements
- Collaborate with internal customers, influencing and driving solutions towards API target security architecture
- Develop API security patterns so as to support our platform and software designs
- Build an executable API Security roadmap, aligning the roadmap to a Security Maturity Model, and driving the implementation of the milestones
- Integrate API security personnel, processes and technology at all stages of the Software Development Life Cycle (SDLC)
- Be a key member of the team driving the API Security Architecture for the enterprise
- Lead Truist’s API ecosystem towards industry leading practices around managing cyber risks and delivering API security
- Perform security assessments of API platforms, environments, vendor solutions, and individual API implementation based on industry frameworks and corporate standards
- Contribute new intellectual capital to Truist through deep specialization in the API Security Architecture technical domain.
The must-have skill sets
- Bachelor’s degree and 7 years of experience in development or an equivalent combination of education and work experience. In-depth knowledge in information systems and ability to identify, apply, and implement best practices
- 3 years of cyber information security experience focused on API-related areas such as identity federation leveraging OAuth 2/Open ID Connect, API token/key management, data-in-transit encryption, API filtering/validation, and broader information security concepts such as segregation of duties and least privilege
- 2 years of experience architecting, engineering, and/or implementing highly performant, secure, and scalable enterprise grade APIs, delivering solutions, leveraging API tools, and deploying API vendor products
- 2 years of hands on API development experience
- 2 years of experience driving security architectures in a modern SDLC, DevOps environment, de-coupling applications and data using approaches such as micro-services, service mesh, and integrating DevSecOps into the SDLC
- 1 year of experience drafting and delivering enterprise policies, standards, and mature, repeatable processes and practices
- Excellent communication and persuasion skills (verbal and written), including presentations, discussions, and documentation (artifacts) that is targeted and can relate to the intended audience
- Understanding of multiple information technology disciplines/processes related to the position.
- Experience applying and utilizing enterprise architecture standards. Understanding of key business processes and competitive strategies related to the IT function
- Ability to plan, manage, and drive projects and architecture efforts
- Ability to solve complex problems by applying best practices
- Ability to provide direction and mentor less experienced teammates
- Ability to interpret and convey complex, difficult, or sensitive information
Qualification (Not Mandatory)
- 2 years designing, implementing, and operating API management / security tools such as Mulesoft, Apigee, and/or DataPower
- Bachelor degree in Computer Science/Software Engineering or related field
- 2 years of experience architecting, engineering, and/or implementing solutions built in Cloud Service Provider (CSP) environments such as Amazon Web Services (AWS) and Microsoft Azure
- Broad range of cyber security experience in a variety of areas, such as Identity and Access Management, Data Protection, logging / monitoring, and network segmentation
- Broad range of Information Technology experience in a variety of areas, such as application development, systems management, database design, resiliency
- Public cloud vendor certifications (such as AWS Certified Solutions Architect or Microsoft Azure Architect Technologies)
- Experience with API and cyber security industry standard/guidelines such as OWASP API Security Top 10 guidelines, OpenAPI Specification, NIST 800-53 framework, and other Information Security tools/frameworks (such as National Vulnerability Database
Equal employment opportunity
Rezilyens is an equal opportunity employer and is dedicated to fostering an inclusive and diverse environment for employees from all walks of life. We hire based on talent and we’re proud of our global perspective.
