Senior Associate Security Engineer API - Truist

Key Responsibilities

• Design, implement, and maintain API security controls, including authentication, authorization, and encryption across cloud and on‑prem environments.
• Conduct threat modeling and risk assessments for new and existing APIs, translating findings into actionable mitigation plans.
• Perform regular penetration tests and vulnerability scans, coordinating with development teams to remediate findings.
• Develop and enforce API security policies, standards, and best practices aligned with OWASP and industry regulations.
• Collaborate with cross‑functional teams to integrate security into the CI/CD pipeline and automate security testing.

Requirements

• 5+ years of experience in API security, threat modeling, and penetration testing.
• Strong knowledge of IAM, OAuth, OpenID Connect, and JWT.
• Hands‑on experience with cloud security (AWS, Azure, or GCP) and related services.
• Proficiency in scripting (Python, Bash) and security tooling (Burp Suite, OWASP ZAP, Nessus).
• Excellent communication skills and ability to translate technical findings to non‑technical stakeholders.