Senior IAM Engineer (API Security/NHI) at Rockwell Automation

pune, maharashtra, India -

Full Time

Start Date

Immediate

Expiry Date

19 Jun, 26

Salary

0.0

Posted On

21 Mar, 26

Experience

10 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

IAM, API Security, Non-Human Identity, Machine Identity, Secrets Management, API Governance, HashiCorp Vault, OAuth 2.0, OpenID Connect, JWT, mTLS, API Gateway, MuleSoft, Kong, Apigee, AWS API Gateway

Industry

Automation Machinery Manufacturing

Description

Rockwell Automation is a global technology leader focused on helping the world’s manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility - our people are energized problem solvers that take pride in how the work we do changes the world for the better. We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that’s you we would love to have you join us! Job Description Summary: You will focus on Non‑Human and Machine Identity & Access Management (NHI/IAM) with a emphasis on API security, secrets management, and centralised API governance. You will define, implementing, and operationalizing secure identity, authentication, authorization, and secrets management for application of APIs, service accounts, and machine identities across the enterprise. This is an IAM engineering and architecture role, centred on API protection, non‑human identities, machine credentials, and application‑to‑application security. The role partners with application, DevOps, platform, and security teams to embed secure API identity controls, enforce least‑privilege access, and improve adoption of centralised API and secrets management capabilities. You will report to the Enterprise IAM Leader. Your Responsibilities Design and implement Non‑Human and Machine Identity controls for service accounts, API tokens, application credentials, and CI/CD system identities. Establish centralised secrets management using HashiCorp Vault (or equivalent), enforcing secure storage, automated rotation and expiration, auditing, and removal of hard‑coded credentials. Define API authentication and authorization standards, including OAuth 2.0, OpenID Connect, JWT, and mTLS, with least‑privilege access models. Design and enforce API security policies using API Gateway platforms (MuleSoft, Kong, Apigee, AWS API Gateway, or equivalent), including rate limiting, throttling, and traffic control. Lead centralised API governance, covering API registration, lifecycle management, and policy enforcement by an enterprise API gateway. Increase adoption of the centralised IAM and API security stack, establishing and operationalizing the enterprise API gateway. Implement API logging and monitoring, ensuring we forward API and identity events to the enterprise SIEM for visibility and threat detection. Partner with SOC, platform, DevOps, and application teams to detect API abuse, anomalous behaviour, and misconfiguration. Maintain architecture standards and reference designs for API identity, secrets management, and non‑human access control. Ensure understanding of industry standards such as OWASP API Security Top 10, NIST, GDPR, HIPAA, and PCI‑DSS. The Essentials - You Will Have: Bachelor's degree in computer science, Engineering, or equivalent practical experience. 8–10+ years of experience in IAM, API Security, or Application Security, with a focus on Non‑Human and Machine Identities. Hands‑on experience with API Gateway platforms such as MuleSoft, Apigee, Kong, or AWS API Gateway, postman, Salt Security cloud-native API discovery, including policy enforcement and traffic control. 1+ years experience with secrets management HashiCorp Vault, including token lifecycle management, rotation, and auditability. Experience with API authentication and authorization using OAuth 2.0, OpenID Connect, JWT, and mTLS. Experience with API discovery and non‑human identity inventory, including service accounts and API tokens. Working knowledge of API security risks and controls, including OWASP API Security Top 10 and mitigation strategies. Experience with network and API‑adjacent security concepts (WAF, firewalls, traffic inspection, rate limiting). The Preferred – You Might Also Have 3+ years of experience integrating IAM and API security controls into CI/CD pipelines and developer platforms. Familiarity with infrastructure‑as‑code and automation (Terraform, Ansible, YAML‑based pipelines). 1+ years of experience in cloud and hybrid environments (Azure, AWS, GCP). Knowledge of API logging, monitoring, and SIEM integrations, with Microsoft Sentinel preferred. Proficiency in scripting and automation (Python, Bash, or YAML). Security or IAM‑related certifications (CISSP, CCSP, or API/IAM‑focused credentials), but not mandatory. What We Offer: Our benefits package includes … Comprehensive mindfulness programme with a premium membership to Calm. Volunteer Paid Time off available after 6 months of employment for eligible employees. Company volunteer and donation matching programme – The company matches your volunteer hours or personal cash donations to an eligible charity with a charitable donation. Employee Assistance Program. Personalised wellbeing programmes through our OnTrack programme. On-demand digital course library for professional development. ... and other local benefits! At Rockwell Automation, we are dedicated to building a diverse, inclusive, and authentic workplace. If you're excited about this role but your experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right person for this or other roles. #LI-Hybrid #LI-SM1 Rockwell Automation’s hybrid policy aligns that employees are expected to work at a Rockwell location at least Mondays, Tuesdays, and Thursdays unless they have a business obligation out of the office. Rockwell Automation, Inc. (NYSE: ROK), is a global leader in industrial automation and digital transformation. We connect the imaginations of people with the potential of technology to expand what is humanly possible, making the world more productive and more sustainable. Headquartered in Milwaukee, Wisconsin, Rockwell Automation employs approximately 28,000 problem solvers dedicated to our customers in more than 100 countries. To learn more about how we are bringing the Connected Enterprise to life across industrial enterprises, visit www.rockwellautomation.com. We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that’s you we would love to have you join us!

Responsibilities

The role involves defining, implementing, and operationalizing secure identity, authentication, authorization, and secrets management for APIs, service accounts, and machine identities across the enterprise. Responsibilities include designing controls, establishing centralised secrets management, defining API security standards, and leading API governance.