Senior IAM Engineer (API Security/NHI)

Rockwell Automation is a global technology leader focused on helping the world’s manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility - our people are energized problem solvers that take pride in how the work we do changes the world for the better.

We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that’s you we would love to have you join us!

Summary

Job Description

You will focus on Non‑Human and Machine Identity & Access Management (NHI/IAM) with a emphasis on API security, secrets management, and centralised API governance. You will define, implementing, and operationalizing secure identity, authentication, authorization, and secrets management for application of APIs, service accounts, and machine identities across the enterprise.

This is an IAM engineering and architecture role, centred on API protection, non‑human identities, machine credentials, and application‑to‑application security. The role partners with application, DevOps, platform, and security teams to embed secure API identity controls, enforce least‑privilege access, and improve adoption of centralised API and secrets management capabilities.

You will report to the Enterprise IAM Leader.

Your Responsibilities

• Design and implement Non‑Human and Machine Identity controls for service accounts, API tokens, application credentials, and CI/CD system identities.
• Establish centralised secrets management using HashiCorp Vault (or equivalent), enforcing secure storage, automated rotation and expiration, auditing, and removal of hard‑coded credentials.
• Define API authentication and authorization standards, including OAuth 2.0, OpenID Connect, JWT, and mTLS, with least‑privilege access models.
• Design and enforce API security policies using API Gateway platforms (MuleSoft, Kong, Apigee, AWS API Gateway, or equivalent), including rate limiting, throttling, and traffic control.
• Lead centralised API governance, covering API registration, lifecycle management, and policy enforcement by an enterprise API gateway.
• Increase adoption of the centralised IAM and API security stack, establishing and operationalizing the enterprise API gateway.
• Implement API logging and monitoring, ensuring we forward API and identity events to the enterprise SIEM for visibility and threat detection.
• Partner with SOC, platform, DevOps, and application teams to detect API abuse, anomalous behaviour, and misconfiguration.
• Maintain architecture standards and reference designs for API identity, secrets management, and non‑human access control.
• Ensure understanding of industry standards such as OWASP API Security Top 10, NIST, GDPR, HIPAA, and PCI‑DSS.

The Essentials - You Will Have

• Bachelor's degree in computer science, Engineering, or equivalent practical experience.
• 8–10+ years of experience in IAM, API Security, or Application Security, with a focus on Non‑Human and Machine Identities.
• Hands‑on experience with API Gateway platforms such as MuleSoft, Apigee, Kong, or AWS API Gateway, postman, Salt Security cloud-native API discovery, including policy enforcement and traffic control.
• 1+ years experience with secrets management HashiCorp Vault, including token lifecycle management, rotation, and auditability.
• Experience with API authentication and authorization using OAuth 2.0, OpenID Connect, JWT, and mTLS.
• Experience with API discovery and non‑human identity inventory, including service accounts and API tokens.
• Working knowledge of API security risks and controls, including OWASP API Security Top 10 and mitigation strategies.
• Experience with network and API‑adjacent security concepts (WAF, firewalls, traffic inspection, rate limiting).

The Preferred – You Might Also Have

• 3+ years of experience integrating IAM and API security controls into CI/CD pipelines and developer platforms.
• Familiarity with infrastructure‑as‑code and automation (Terraform, Ansible, YAML‑based pipelines).
• 1+ years of experience in cloud and hybrid environments (Azure, AWS, GCP).
• Knowledge of API logging, monitoring, and SIEM integrations, with Microsoft Sentinel preferred.
• Proficiency in scripting and automation (Python, Bash, or YAML).
• Security or IAM‑related certifications (CISSP, CCSP, or API/IAM‑focused credentials), but not mandatory.

What We Offer

Our benefits package includes …

• Comprehensive mindfulness programme with a premium membership to Calm.
• Volunteer Paid Time off available after 6 months of employment for eligible employees.
• Company volunteer and donation matching programme – The company matches your volunteer hours or personal cash donations to an eligible charity with a charitable donation.
• Employee Assistance Program.
• Personalised wellbeing programmes through our OnTrack programme.
• On-demand digital course library for professional development.
• and other local benefits!

At Rockwell Automation, we are dedicated to building a diverse, inclusive, and authentic workplace. If you're excited about this role but your experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right person for this or other roles.

Rockwell Automation’s hybrid policy aligns that employees are expected to work at a Rockwell location at least Mondays, Tuesdays, and Thursdays unless they have a business obligation out of the office.