Senior Security API Subject Matter Expert

ASSYST is seeking a Senior Security API Subject Matter Expert (SME) to lead the end-to-end lifecycle, security, and optimization of critical API solutions within the residential mortgage domain for our client located at Washington D.C. & St Louis, MO. (Onsite Role)

This role focuses on ensuring that complex system integrations align with industry best practices, robust security protocols, and high-level business objectives.

Key Responsibilities:

• API Architecture & Design: Review and validate API architectures for financial and mortgage-related applications to ensure they meet RESTful and OpenAPI standards.
• Security Implementation: Implement and oversee robust authentication and authorization mechanisms, including OAuth 2.0, mutual TLS (mTLS), and JWT.
• Governance & Compliance: Ensure all API integrations comply with federal security mandates such as NIST 800-53, FISMA, and Zero Trust Architecture.
• API Gateway Management: Provide administration and architecture expertise for integration platforms, specifically leveraging MuleSoft Anypoint to manage inter-process data transfers.
• Vulnerability Management: Regularly scan for OWASP API Top 10 vulnerabilities and integrate automated security testing (SAST/DAST) into the DevSecOps lifecycle.
• Performance Optimization: Conduct performance tuning and monitoring to ensure high availability (99.9% uptime) and rapid response times (<200ms).
• Stakeholder Collaboration: Provide technical oversight for B2G (Business-to-Government) specifications and participate in industry working groups like MISMO.

Technical Stack & Requirements:

• Programming: Proficiency in Java, Python, Node.js, and Go.
• Security: Deep knowledge of OpenID Connect, token-based authentication, and API threat detection.
• Infrastructure: Experience with Cloud-based API development (AWS or Azure), Kubernetes, Docker, and Terraform.
• Tools: Proficiency in the IT Tool Chain, including Jira, Confluence, Bitbucket/GitHub, and Jenkins.
• Domain Expertise: Strong understanding of Mortgage Loan Origination Systems (LOS), Uniform Residential Loan Applications (URLA), and MISMO compliant XML datasets.

Qualifications:

• Experience: 8+ years of senior-level experience with leadership in API strategy, security, and enterprise-wide governance.
• Certification: Must possess a related industry-standard certification in server, database, or developer areas.
• Clearance: Ability to pass federal suitability requirements and obtain HSPD-12 credentials.

ASSYST is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, disability, military status, national origin or any other characteristic protected under federal, state, or applicable local law