{"schemaVersion":"jobsearcher.job.v1","id":"7b09d2ecca4a944b9fc7078e","url":"https://jobsearcher.com/jobs/7b09d2ecca4a944b9fc7078e","canonicalUrl":"https://jobsearcher.com/jobs/7b09d2ecca4a944b9fc7078e","title":"API Security Engineer","description":"About OpenLoop\r\nOpenLoop was co-founded by CEO Dr. Jon Lensing and COO Christian Williams with a vision to bring healing anywhere. Our tele-health support solutions are designed to streamline and simplify the go-to-market care delivery for companies offering meaningful virtual support to patients across a wide range of specialties throughout all 50 states.\r\nCompany Culture\r\nWe maintain a relatively flat organizational structure where everyone is encouraged to bring ideas to the table and make things happen. This aligns with our core values of Autonomy, Competence, and Belonging, empowering employees to perform their best work.\r\nThe Role\r\nOpenLoop is hiring an API Security Engineer (remote or Des Moines, IA). The engineer will design, implement, and maintain security controls that protect our organization's APIs, integration layers, and service-to-service communication. This role ensures that APIs are securely designed, thoroughly tested, continuously monitored, and compliant with internal policies and external regulations.\r\nWhat You'll Do\r\nBuild relationships with developers and stakeholders to incorporate security principles into engineering design and deployments.\r\nDefine and maintain API security standards, guidelines, and best practices.\r\nWork with engineering and product teams to incorporate security requirements into API design, including authentication, authorization, rate limiting, encryption, and data validation.\r\nAssess architecture diagrams and integration flows for security risks and propose mitigation strategies.\r\nPerform manual and automated security testing of APIs (e.g., fuzzing, penetration testing, misuse-case reviews).\r\nIdentify & validate vulnerabilities, such as injection flaws, broken authentication, access control issues, insecure deserialization, and misconfigurations.\r\nIntegrate security testing tools into CI/CD pipelines (SAST, DAST, API-specific scanners).\r\nImplement API-level logging, anomaly detection, runtime protections, and threat monitoring.\r\nInvestigate and respond to API-related security incidents, breaches, or suspicious activity.\r\nCollaborate with SOC, DevSecOps, and engineering teams to develop alerting and mitigation processes.\r\nDevelop and enforce API security policies aligned with organizational risk management.\r\nConduct regular security reviews and maintain documentation for audits and assessments.\r\nProvide guidance to developers on secure API design and coding practices.\r\nDeliver training sessions, code-review feedback, and threat-modeling workshops.\r\nDocument security findings, outline remediation options, and oversee mitigation.\r\nSupport the rollout and adoption of API gateways, identity platforms, and secure coding tools.\r\nFocus on automation to aid efficiencies with both testing and remediation of findings.\r\nAttend and participate in product meetings addressing security requirements for new and existing products.\r\nBuild services and tools to enable developers and engineers to easily use security components.\r\nSupport the ability to \"shift left\" and incorporate security early on and throughout the development lifecycle.\r\nCommunicate vulnerability results to both technical and non-technical users with influential messaging.\r\nResearch and learn new tactics, techniques, and procedures (TTPs) in public and closed forums, and work with colleagues to assess risk and implement or validate controls via the CI/CD pipeline.\r\nEnrich DevSecOps architecture with security standards and best practices.\r\nPartner with teams to define key performance indicators (KPIs) and metrics across business units.\r\nEnsure regulatory compliance (PCI, HIPAA, HITRUST, NIST CSF) through effective security controls and processes.\r\nOther duties as assigned.\r\nWho You Are\r\nBachelor's degree in computer science (preferred), information assurance, MIS, or related field, or equivalent.\r\n7+ years of security and systems administration-related experience, with at least 3 years in cloud and security engineering.\r\nExperience operating and securing platforms on Amazon Web Services (AWS) and/or Google Cloud Platform (GCP).\r\nStrong understanding of API architectures (REST, GraphQL, gRPC, WebSockets).\r\nExperience with OAuth2, OIDC, JWT, API keys, mTLS, and other authN/authZ models.\r\nHands-on experience with API gateways (e.g., Kong, Apigee, AWS API Gateway, NGINX).\r\nAbility to obtain and maintain technical team and business support to influence a collaborative effort to reduce attack surface while implementing rapid, continuous solutions.\r\nUnderstanding of OWASP, CVSS, the MITRE ATT&CK framework, and the software development lifecycle (SDLC).\r\nKnowledge of PCI, HIPAA, GLBA, NIST, ISO standards or other compliance requirements.\r\nSelf-starter with minimal supervision.\r\nExcellent communication of business risk and remediation requirements from assessments.\r\nAnalytical and problem-solving abilities with a proactive, risk-based approach.\r\nHighly organized and efficient.\r\nDemonstrated strategic and tactical thinking, along with decision-making skills and business acumen.\r\nExperience in healthcare or digital health is a plus.\r\nStrong customer service orientation.\r\nAdaptability to handle dynamic and challenging environments.\r\nEnergetic, resourceful, and possesses appropriate work intensity to get the work done.\r\nStrong people acumen and relationship skills.\r\nBenefits\r\nMedical, Dental, and Vision plans\r\nFlexible Spending/Health Savings Accounts\r\nFlexible PTO\r\n401(k) with company match\r\nLife Insurance, Pet Insurance, and more\r\nSound like a good fit? We'd love to meet you.\r\nJ-18808-Ljbffr","company":"Openloop","rawCompany":"openloop","city":"New York","state":"NY","isRemote":false,"isActive":false,"createdAt":"2026-05-23T06:48:25.850Z","occupations":[{"code":"15-1299.05","title":"Information Security Engineers","slug":"information-security-engineers"},{"code":"15-1299.08","title":"Computer Systems Engineers/Architects","slug":"computer-systems-engineers-architects"},{"code":"15-1212.00","title":"Information Security Analysts","slug":"information-security-analysts"}],"industries":[{"code":"541512","title":"Computer Systems Design Services","slug":"computer-systems-design-services"},{"code":"541511","title":"Custom Computer Programming Services","slug":"custom-computer-programming-services"},{"code":"513210","title":"Software Publishers","slug":"software-publishers"}],"jobPosting":{"@context":"https://schema.org","@type":"JobPosting","title":"API Security Engineer","description":"About OpenLoop\r\nOpenLoop was co-founded by CEO Dr. Jon Lensing and COO Christian Williams with a vision to bring healing anywhere. Our tele-health support solutions are designed to streamline and simplify the go-to-market care delivery for companies offering meaningful virtual support to patients across a wide range of specialties throughout all 50 states.\r\nCompany Culture\r\nWe maintain a relatively flat organizational structure where everyone is encouraged to bring ideas to the table and make things happen. This aligns with our core values of Autonomy, Competence, and Belonging, empowering employees to perform their best work.\r\nThe Role\r\nOpenLoop is hiring an API Security Engineer (remote or Des Moines, IA). The engineer will design, implement, and maintain security controls that protect our organization's APIs, integration layers, and service-to-service communication. This role ensures that APIs are securely designed, thoroughly tested, continuously monitored, and compliant with internal policies and external regulations.\r\nWhat You'll Do\r\nBuild relationships with developers and stakeholders to incorporate security principles into engineering design and deployments.\r\nDefine and maintain API security standards, guidelines, and best practices.\r\nWork with engineering and product teams to incorporate security requirements into API design, including authentication, authorization, rate limiting, encryption, and data validation.\r\nAssess architecture diagrams and integration flows for security risks and propose mitigation strategies.\r\nPerform manual and automated security testing of APIs (e.g., fuzzing, penetration testing, misuse-case reviews).\r\nIdentify & validate vulnerabilities, such as injection flaws, broken authentication, access control issues, insecure deserialization, and misconfigurations.\r\nIntegrate security testing tools into CI/CD pipelines (SAST, DAST, API-specific scanners).\r\nImplement API-level logging, anomaly detection, runtime protections, and threat monitoring.\r\nInvestigate and respond to API-related security incidents, breaches, or suspicious activity.\r\nCollaborate with SOC, DevSecOps, and engineering teams to develop alerting and mitigation processes.\r\nDevelop and enforce API security policies aligned with organizational risk management.\r\nConduct regular security reviews and maintain documentation for audits and assessments.\r\nProvide guidance to developers on secure API design and coding practices.\r\nDeliver training sessions, code-review feedback, and threat-modeling workshops.\r\nDocument security findings, outline remediation options, and oversee mitigation.\r\nSupport the rollout and adoption of API gateways, identity platforms, and secure coding tools.\r\nFocus on automation to aid efficiencies with both testing and remediation of findings.\r\nAttend and participate in product meetings addressing security requirements for new and existing products.\r\nBuild services and tools to enable developers and engineers to easily use security components.\r\nSupport the ability to \"shift left\" and incorporate security early on and throughout the development lifecycle.\r\nCommunicate vulnerability results to both technical and non-technical users with influential messaging.\r\nResearch and learn new tactics, techniques, and procedures (TTPs) in public and closed forums, and work with colleagues to assess risk and implement or validate controls via the CI/CD pipeline.\r\nEnrich DevSecOps architecture with security standards and best practices.\r\nPartner with teams to define key performance indicators (KPIs) and metrics across business units.\r\nEnsure regulatory compliance (PCI, HIPAA, HITRUST, NIST CSF) through effective security controls and processes.\r\nOther duties as assigned.\r\nWho You Are\r\nBachelor's degree in computer science (preferred), information assurance, MIS, or related field, or equivalent.\r\n7+ years of security and systems administration-related experience, with at least 3 years in cloud and security engineering.\r\nExperience operating and securing platforms on Amazon Web Services (AWS) and/or Google Cloud Platform (GCP).\r\nStrong understanding of API architectures (REST, GraphQL, gRPC, WebSockets).\r\nExperience with OAuth2, OIDC, JWT, API keys, mTLS, and other authN/authZ models.\r\nHands-on experience with API gateways (e.g., Kong, Apigee, AWS API Gateway, NGINX).\r\nAbility to obtain and maintain technical team and business support to influence a collaborative effort to reduce attack surface while implementing rapid, continuous solutions.\r\nUnderstanding of OWASP, CVSS, the MITRE ATT&CK framework, and the software development lifecycle (SDLC).\r\nKnowledge of PCI, HIPAA, GLBA, NIST, ISO standards or other compliance requirements.\r\nSelf-starter with minimal supervision.\r\nExcellent communication of business risk and remediation requirements from assessments.\r\nAnalytical and problem-solving abilities with a proactive, risk-based approach.\r\nHighly organized and efficient.\r\nDemonstrated strategic and tactical thinking, along with decision-making skills and business acumen.\r\nExperience in healthcare or digital health is a plus.\r\nStrong customer service orientation.\r\nAdaptability to handle dynamic and challenging environments.\r\nEnergetic, resourceful, and possesses appropriate work intensity to get the work done.\r\nStrong people acumen and relationship skills.\r\nBenefits\r\nMedical, Dental, and Vision plans\r\nFlexible Spending/Health Savings Accounts\r\nFlexible PTO\r\n401(k) with company match\r\nLife Insurance, Pet Insurance, and more\r\nSound like a good fit? We'd love to meet you.\r\nJ-18808-Ljbffr","datePosted":"2026-05-23T06:48:25.850Z","dateModified":"2026-05-23T06:48:25.850Z","hiringOrganization":{"@type":"Organization","name":"Openloop","sameAs":"https://jobsearcher.com"},"jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"New York","addressRegion":"NY","addressCountry":"US"}},"identifier":{"@type":"PropertyValue","name":"JobSearcher","value":"7b09d2ecca4a944b9fc7078e"},"url":"https://jobsearcher.com/jobs/7b09d2ecca4a944b9fc7078e"}}