Out of the box, Express is a very good tool for building your RESTful server, or to provide any other kind of service. However, unless you take some extra precautions, Express doesn't apply all security best practices, which may doom your server. Not everything is lost, in any case, because there are some packages that can help you with those practices, and Helmet (at https://helmetjs.github.io/) is one of the best for this.
Don't think of Helmet—or any other similar package, by the way—as a magic silver bullet that will somehow solve all of your possible present and future security headaches! Use it as a step in the right direction, but you must keep on top of possible menaces and security holes, and not trust any single package to manage everything.