Senior API Security Engineer

Job description

Job Summary: The API Security Architect/Engineer is responsible for embedding secure-by-design practices across Vertiv’s device, gateway, and platform APIs. This role defines authentication, encryption, and security validation patterns aligned with the organization’s API governance framework and exposure-based lifecycle enforcement. The role also collaborates with the IT Security and Data Governance teams to ensure that APIs support privacy, classification, and compliance requirements without compromising developer agility or system interoperability. Key Responsibilities: Implement OAuth2/OIDC-based authentication and token models (e.g., JWT), and define access control mechanisms (RBAC/ABAC) aligned with API exposure levels (Internal, Protected, Public). Design and enforce TLS/mTLS configurations, token validation logic, and credential storage policies for both edge and cloud APIs. Participate in API design reviews and conduct threat modeling to identify and mitigate risks for new and updated APIs. Automate static and dynamic API security checks using CI/CD tools (e.g., Spectral, ZAP, Snyk, secret scanners). Enforce governance gates during key lifecycle phases (e.g., Design, Valida...