API Business Security Analyst

Job Summary :The API Security Business Analyst acts as a crucial liaison between business stakeholders, development teams, and security engineers. The primary responsibility is to elicit, analyse, and document security requirements for applications and APIs that leverage HashiCorp / CyberArk Vault. You will translate business needs and security policies into technical specifications for development and ensures that authentication and authorization processes meet security standards and compliance regulations. You will report to the Senior Engineering Manager. Your Responsibilities: Collaborate with product owners, architects, and business stakeholders to define and document business requirements related to secret management, identity, and access control. Conduct interviews and workshops to gather and clarify security-related business requirements for our applications and APIs. Work with technical teams to design and implement API security policies and access models within HashiCorp Vault. Translate business needs into actionable API specifications, including authentication methods (e.g., JWT, OAuth), request-response formats, and policy-based authorization. Create detailed API documentation, security policies, and procedural guides for developers and other internal teams. Develop and deliver training to internal teams on Vault integration and API security best practices. Conduct API security assessments, penetration testing, and remediation planning. Ensure data handling for API interactions. Ensure that HashiCorp Vault configurations and API security measures follow regulatory and compliance standards (e.g., ISO 27001, PCI-DSS). Support internal and external audits by generating reports from Vault's audit logs and providing documentation of security controls. The Essentials - You Will Have: Bachelor's / Masters Degree in computer science, software engineering, management information systems, or related field or equivalent relevant years of experience. The Preferred - You Might Also Have: Requires minimum 5-8 years of experience in Cyber Security, API Security & Vault Management. Experience with secrets management solutions (e.g., HashiCorp Vault, CyberArk Conjur). Working knowledge of HashiCorp Vault and its components, including secret engines (KV, PKI, Transit), auth methods, and policies. Experience defining security for REST APIs, including knowledge of JSON, API security best practices, and authentication protocols (OAuth, JWT). Experience with API testing tools such as Postman or SoapUI. Familiarity with modern software development methodologies (Agile, Scrum) and DevOps practices. Ability to translate complex business needs into clear, actionable technical requirements. Proficiency with visualisation and documentation tools (e.g., Visio, Confluence, or JIRA). Familiarity with configuration management and automation tools (e.g., SALT, Ansible, or Terraform). Experience with OAuth2, OpenID Connect, JWT, and API gateway security patterns. Good exposure with cloud-native environments (AWS, Azure, or GCP). What We Offer: Our benefits package includes … Comprehensive mindfulness programme with a premium membership to Calm. Volunteer Paid Time off available after 6 months of employment for eligible employees. Company volunteer and donation matching programme – Your volunteer hours or personal cash donations to an eligible charity can be matched with a charitable donation. Employee Assistance Program. Personalised wellbeing programmes through our OnTrack programme. On-demand digital course library for professional development. ... and other local benefits #LI-Hybrid #LI-RS1 Rockwell Automation’s hybrid policy aligns that employees are expected to work at a Rockwell location at least Mondays, Tuesdays, and Thursdays unless they have a business obligation out of the office.