Senior API Security Engineer

Vertiv•Westerville, OH

22h

About The Position

The API Security Architect/Engineer is responsible for embedding secure-by-design practices across Vertiv’s device, gateway, and platform APIs. This role defines authentication, encryption, and security validation patterns aligned with the organization’s API governance framework and exposure-based lifecycle enforcement. The role also collaborates with the IT Security and Data Governance teams to ensure that APIs support privacy, classification, and compliance requirements without compromising developer agility or system interoperability. The successful candidate will embrace Vertiv’s Core Principals & Behaviors to help execute our Strategic Priorities. OUR CORE PRINCIPALS: Safety. Integrity. Respect. Teamwork. Diversity & Inclusion. OUR STRATEGIC PRIORITIES • Customer Focus • Operational Excellence • High-Performance Culture • Innovation • Financial Strength OUR BEHAVIORS • Own It • Act With Urgency • Foster a Customer-First Mindset • Think Big and Execute • Lead by Example • Drive Continuous Improvement • Learn and Seek Out Development About Vertiv Vertiv is a $8.0 billion global critical infrastructure and data center technology company. We ensure customers’ vital applications run continuously by bringing together hardware, software, analytics and ongoing services. Our portfolio includes power, cooling and IT infrastructure solutions and services that extends from the cloud to the edge of the network. Headquartered in Columbus, Ohio, USA, Vertiv employs around 20,000 people and does business in more than 130 countries. Visit Vertiv.com to learn more.

Requirements

Bachelor’s degree in Cybersecurity, Computer Science, or a related field.
5+ years in API or application security roles, ideally in distributed or IoT-oriented environments.
Strong understanding of OAuth2, JWT, TLS/mTLS, and secure API gateway architectures (e.g., Kong, Apigee).
Familiarity with the OWASP API Security Top 10 and practical mitigation strategies.
Hands-on experience integrating security tooling into CI/CD pipelines.
Strong collaboration skills to interface with DevOps, architects, and IT Security teams.

Nice To Haves

CISSP, CCSP (security architecture)
CIPT, CDPSE (data protection technologies)
CEH or GCP Security Specialty (practical security tooling)
Familiarity with data classification frameworks, PII protection, or telemetry privacy practices.
Exposure to IoT/edge device authentication and secure provisioning concepts.
Awareness of GDPR, ISO 27001, or SOC 2 requirements in technical desig

Responsibilities

Implement OAuth2/OIDC-based authentication and token models (e.g., JWT), and define access control mechanisms (RBAC/ABAC) aligned with API exposure levels (Internal, Protected, Public).
Design and enforce TLS/mTLS configurations, token validation logic, and credential storage policies for both edge and cloud APIs.
Participate in API design reviews and conduct threat modeling to identify and mitigate risks for new and updated APIs.
Automate static and dynamic API security checks using CI/CD tools (e.g., Spectral, ZAP, Snyk, secret scanners). Enforce governance gates during key lifecycle phases (e.g., Design, Validate, Publish).
Collaborate with IT Security on vulnerability triage and mitigation for APIs. Support incident response workflows where APIs are affected.
Work with IT and Data Governance teams to align API behavior with classification policies and support secure handling of sensitive data such as telemetry, PII, or credentials.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume