RBC

API Security Specialist Lead (Global Security)

PayCompetitive
LocationToronto/Ontario
Employment typeFull-Time

This job is now closed

Apply to similar jobs

  • Job Description

      Req#: R-0000104761

      Job Summary

      Job Description

      What is the opportunity?

      The API Security Specialist Lead will play a pivotal role in the assessment and implementation of runtime API security solution(s), coordinating with cross-functional teams, and ensuring seamless integration across cloud and on-prem environments within the bank. Additionally, the specialist will be responsible for enhancing API security practices and contributing to the implementation of the API security roadmap.

      What will you do?

      API Security Runtime Platform Deployment:

      • Lead the end-to-end deployment of API security solution(s) within the bank.

      • Collaborate with development, operations, and security teams to ensure smooth integration within the bank’s cloud and on-prem infrastructure.

      • Monitor platform performance and ensure it aligns with the agreed KPIs and SLAs.

      • Optimize platform configurations to detect, block, and prevent API-related threats.

      API Security Roadmap Implementation:

      • Contribute to the planning, execution, and delivery of API security initiatives as part of the broader security improvement roadmap.

      • Stay ahead of emerging threats and technologies, recommending improvements to the API security framework.

      Automation & Pipeline Integration:

      • Collaborate with Application Security Engineering and DevOps teams to automate security processes, such as API vulnerability detection, policy enforcement, and compliance checks.

      • Help integrate API security solutions into CI/CD pipelines for continuous testing and monitoring.

      • Develop scripts and tools to streamline processes and conducting data analysis.

      Stakeholder Engagement & Documentation:

      • Act as a technical lead, liaising with internal teams (including IT, Compliance, and Risk) and vendors to drive the implementation forward.

      • Document processes, configurations, and lessons learned to ensure knowledge transfer across the organization.

      • Provide regular updates to senior leadership on work initiatives, risks, and mitigation strategies.

      What do you need to succeed?

      Must-have:

      • 5+ years of experience in Application & API security.

      • Strong knowledge of API protocols/frameworks (e.g., REST, SOAP, GraphQL, gRPC), API gateways (e.g., Apigee, Kong), Authentication and Authorization Protocols (OAuth2/OIDC/JWT etc.).

      • Strong Understanding of OWASP API Security Top 10 and secure coding practices.

      • Strong knowledge of Kubernetes, Docker, and CI/CD tools (e.g., Jenkins, GitHub Actions).

      • Experience working in cloud environments such as AWS, Azure, or GCP.

      • Strong scripting skills (e.g., Python, Bash) for automation and monitoring tasks.

      • Familiarity with runtime security, eBPF, and traffic monitoring for API discovery.

      • Familiarity with workflow management tools (e.g., Jira, GitHub Issues) for issue tracking and collaboration.

      Nice-to-have:

      • Expertise in API Security frameworks and experience with API Security Testing tools (DAST, AST, etc.) and Runtime API protection platforms

      • Experience working within financial institutions or other highly regulated industries.

      • Security certifications such as CISSP, CSSLP, CASP, CEH or Certified DevSecOps Engineer.

      • Knowledge of data residency requirements and compliance frameworks (e.g., GDPR, PCI-DSS, NIST CSF).

      What’s in it for you?

      We thrive on the challenge to be our best, progressive thinking to keep growing, and working together to deliver trusted advice to help our clients thrive and communities prosper. We care about each other, reaching our potential, making a difference to our communities, and achieving success that is mutual.

      • A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation, commissions, and stock where applicable

      • Leaders who support your development through coaching and managing opportunities

      • Ability to make a difference and lasting impact

      • Work in a dynamic, collaborative, progressive, and high-performing team

      • A world-class training program in financial services

      • Flexible work/life balance options

      • Opportunities to do challenging work

      #Ll-Hybrid
      #Ll-POST
      #TECHPJ

      Job Skills

      API Gateway, API Specifications, API Testing, Application Programming Interface (API) Security, Atlassian JIRA, CloudBees Jenkins, DevSecOps, Dynamic Application Security Testing (DAST), GitHub Actions, GitHub Issues, IT Security Architecture, IT Systems Integration, Kubernetes, OAuth, OWASP Top 10, Python (Programming Language), Secure Coding Practices, Security Engineering, Security Information and Event Management (SIEM), Web Application Penetration Testing

      Additional Job Details

      Address:

      330 FRONT ST W:TORONTO

      City:

      TORONTO

      Country:

      Canada

      Work hours/week:

      37.5

      Employment Type:

      Full time

      Platform:

      TECHNOLOGY AND OPERATIONS

      Job Type:

      Regular

      Pay Type:

      Salaried

      Posted Date:

      2024-11-05

      Application Deadline:

      2025-02-28

      Note: Applications will be accepted until 11:59 PM on the day prior to the application deadline date above

      Inclusion and Equal Opportunity Employment

      At RBC, we embrace diversity and inclusion for innovation and growth. We are committed to building inclusive teams and an equitable workplace for our employees to bring their true selves to work. We are taking actions to tackle issues of inequity and systemic bias to support our diverse talent, clients and communities.

      We also strive to provide an accessible candidate experience for our prospective employees with different abilities. Please let us know if you need any accommodations during the recruitment process.

      Join our Talent Community

      Stay in-the-know about great career opportunities at RBC. Sign up and get customized info on our latest jobs, career tips and Recruitment events that matter to you.

      Expand your limits and create a new future together at RBC. Find out how we use our passion and drive to enhance the well-being of our clients and communities at jobs.rbc.com.

  • About the company

      Royal Bank of Canada (RBC), is a diversified financial services company. The Company provides personal and commercial banking, wealth management services, insurance, investor services and capital markets products and services on a global basis. The Com...

Notice

Talentify is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.

Talentify provides reasonable accommodations to qualified applicants with disabilities, including disabled veterans. Request assistance at accessibility@talentify.io or 407-000-0000.

Federal law requires every new hire to complete Form I-9 and present proof of identity and U.S. work eligibility.

An Automated Employment Decision Tool (AEDT) will score your job-related skills and responses. Bias-audit & data-use details: www.talentify.io/bias-audit-report. NYC applicants may request an alternative process or accommodation at aedt@talentify.io or 407-000-0000.

Other job opportunities

lead talent acquisition business partner remote jobs
remote creative lead jobs
ammex global business remote jobs
fis global relationship manager remote
global remote investment analyst roles
More information about RBC