API Security Lead Engineer

Rockwell Automation is a global technology leader focused on helping the world’s manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility - our people are energized problem solvers that take pride in how the work we do changes the world for the better.

We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that’s you we would love to have you join us!

Job Description

Job Summary:

You will focus on securing API interactions within an organisation, with a specific emphasis on using HashiCorp Vault for secrets management and access control. You will involve a blend of security engineering, architectural design, and leadership responsibilities. You will be also responsible for designing, implementing, and managing secure API access and secrets management solutions using HashiCorp Vault.

You will report to the Senior Engineering Manager.

Your Responsibilities:

• Designing and Implementing Vault Solutions: Architecting, deploying, and managing HashiCorp Vault for secure secrets management, identity-based access, and data encryption across different environments (cloud, on-premises).
• Leading the design and implementation of secure API authentication, authorization, and data protection mechanisms, using Vault's capabilities for dynamic secrets, token management, and encryption as a service.
• Secure API integrations across platforms, ensuring understanding of enterprise security standards and compliance requirements.
• Manage secrets and credentials for applications, including policy enforcement and automated rotation.
• Automate security configurations and enforcement across environments using infrastructure-as-code and configuration management tools.
• Collaborate with DevOps, IAM, and application teams to embed security into the API lifecycle and CI/CD pipelines.
• Conduct API security assessments, penetration testing, and remediation planning.
• Monitor API traffic and logs for anomalies, and respond to incidents involving API.
• Integrate HashiCorp Vault / CyberArk Vault with applications to secure API keys, tokens, and other credentials.
• Develop and implement secure API authentication and authorization mechanisms using Vault.
• Ensure data handling for API interactions.

The Essentials - You Will Have:

• Bachelor's / Masters Degree in computer science, software engineering, management information systems, or related field or equivalent relevant years of experience.

The Preferred - You Might Also Have:

• Requires minimum 8-10 years of experience in Cyber Security, API Security & Vault Management.
• Hands-on experience with API security tools and platforms (e.g., MuleSoft, Apigee, or AWS API Gateway).
• Experience with secrets management solutions (e.g., HashiCorp Vault, CyberArk Conjur).
• Familiarity with configuration management and automation tools (e.g., SALT, Ansible, or Terraform).
• Good exposure in OAuth2, OpenID Connect, JWT, and API gateway security patterns.
• Experience with cloud-native environments (AWS, Azure, or GCP).
• Proficiency in scripting and automation (e.g., Python, Bash, or YAML).
• Security certifications (e.g., CISSP, CCSP, GIAC, or API-specific credentials).
• Experience with container security and Kubernetes.

What We Offer:

Our benefits package includes …

• Comprehensive mindfulness programme with a premium membership to Calm.
• Volunteer Paid Time off available after 6 months of employment for eligible employees.
• Company volunteer and donation matching programme – Your volunteer hours or personal cash donations to an eligible charity can be matched with a charitable donation.
• Employee Assistance Program.
• Personalised wellbeing programmes through our OnTrack programme.
• On-demand digital course library for professional development.

... and other local benefits!

At Rockwell Automation we are dedicated to building a diverse, inclusive and authentic workplace, so if you're excited about this role but your experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right person for this or other roles.

#LI-Hybrid

#LI-RS1

Rockwell Automation’s hybrid policy aligns that employees are expected to work at a Rockwell location at least Mondays, Tuesdays, and Thursdays unless they have a business obligation out of the office.