Senior IAM Engineer – API Security/NHI
Pune, Maharashtra, India
Full Time
2 weeks ago
Visa Sponsorship
Key skills
AWSCloudFirewallsSaltStackVaultIAMAPI GatewayOAuthJWTPostmanKongApigeeCI/CDOWASPWAF
About this role
Role Overview
- Design and implement Non‑Human and Machine Identity controls for service accounts, API tokens, application credentials, and CI/CD system identities.
- Establish centralised secrets management using HashiCorp Vault (or equivalent), enforcing secure storage, automated rotation and expiration, auditing, and removal of hard‑coded credentials.
- Define API authentication and authorization standards, including OAuth 2.0, OpenID Connect, JWT, and mTLS, with least‑privilege access models.
- Design and enforce API security policies using API Gateway platforms (MuleSoft, Kong, Apigee, AWS API Gateway, or equivalent), including rate limiting, throttling, and traffic control.
- Lead centralised API governance, covering API registration, lifecycle management, and policy enforcement by an enterprise API gateway.
- Increase adoption of the centralised IAM and API security stack, establishing and operationalizing the enterprise API gateway.
- Implement API logging and monitoring, ensuring we forward API and identity events to the enterprise SIEM for visibility and threat detection.
- Partner with SOC, platform, DevOps, and application teams to detect API abuse, anomalous behaviour, and misconfiguration.
- Maintain architecture standards and reference designs for API identity, secrets management, and non‑human access control.
- Ensure understanding of industry standards such as OWASP API Security Top 10, NIST, GDPR, HIPAA, and PCI‑DSS.
Requirements
- Bachelor's degree in computer science, Engineering, or equivalent practical experience.
- 8–10+ years of experience in IAM, API Security, or Application Security, with a focus on Non‑Human and Machine Identities.
- Hands‑on experience with API Gateway platforms such as MuleSoft, Apigee, Kong, or AWS API Gateway, postman, Salt Security cloud-native API discovery, including policy enforcement and traffic control.
- 1+ years experience with secrets management HashiCorp Vault, including token lifecycle management, rotation, and auditability.
- Experience with API authentication and authorization using OAuth 2.0, OpenID Connect, JWT, and mTLS.
- Experience with API discovery and non‑human identity inventory, including service accounts and API tokens.
- Working knowledge of API security risks and controls, including OWASP API Security Top 10 and mitigation strategies.
- Experience with network and API‑adjacent security concepts (WAF, firewalls, traffic inspection, rate limiting).
Tech Stack
- AWS
- Cloud
- Firewalls
- SaltStack
- Vault
Benefits
- Comprehensive mindfulness programme with a premium membership to Calm.
- Volunteer Paid Time off available after 6 months of employment for eligible employees.
- Company volunteer and donation matching programme – The company matches your volunteer hours or personal cash donations to an eligible charity with a charitable donation.
- Employee Assistance Program.
- Personalised wellbeing programmes through our OnTrack programme.
- On-demand digital course library for professional development.
- ... and other local benefits!