System Engineer- Platform/API Gateway
O'Reilly Auto Parts · Springfield, MO · 1 wk ago
On-siteInformation TechnologyFull-time
Responsibilities
- Design and build secure, high-performance APIs for distributed systems.
- Define API specifications (OpenAPI/Swagger), enforce consistent standards, and implement traffic management (rate limiting, transformations, logging).
- Develop API functionality in Java/Python, integrate with microservices and third-party systems, and optimize for GCP services (Cloud Functions, Run, Pub/Sub, Storage).
- Manage API gateways (Apigee X, Kong) including proxies, portals, and platform infrastructure across cloud and hybrid environments.
- Monitor performance, troubleshoot issues, and optimize reliability, latency, and scalability.
- Develop custom policies/plugins and improve developer onboarding through well-designed portals and documentation.
- Automate infrastructure with Terraform and build CI/CD pipelines (Jenkins) for API proxies and gateway configurations.
- Support secure, multi-environment deployments with integrated testing, approvals, rollback, and connections to Git, secrets management, and artifact repositories.
- Leverage GCP tools for scalable pipeline operations.
- Implement API security using OAuth2, JWT, SAML, and API keys, integrated with identity providers (Okta, Azure AD).
- Enforce compliance (PCI, SOC2, HIPAA), apply OWASP best practices, and adopt Zero Trust principles using mTLS, IAM, and network controls to protect data and access.
- Monitor APIs using tools like Prometheus, Grafana, ELK, and GCP observability services.
- Track performance metrics, detect anomalies, and optimize latency and reliability.
- Define alerts, automate remediation, support on-call operations, and lead incident analysis.
- Collaborate across architecture, DevOps, and security teams to ensure aligned API design and governance.
- Mentor engineers, promote API-first development, and contribute to design reviews, resilience testing, and product alignment.
- Manage the full API lifecycle from design to retirement.
- Maintain API catalogs, enforce governance standards (naming, access, SLAs), and ensure alignment with GCP policies and audit requirements.
- Stay current with API and cloud trends, evaluate new tools, and lead PoCs to improve performance, security, and developer experience.
- Continuously refine services for better scalability and reuse.
Requirements
- 3+ years in software engineering, platform development, or systems integration, with strong backend and cloud-native architecture experience.
- 2+ years specializing in API management using Apigee (Edge/X) and Kong, including proxy development, policies, security, and traffic management.
- Past experience designing and implementing RESTful and event-driven APIs, integrating Java/Python services within microservices and DevOps environments.
- Hands-on experience with GCP (Cloud Run, Functions, Pub/Sub, Logging, IAM) and deploying/managing APIs in Apigee X.
- 3+ years working with Apigee (Edge/X) and strong experience with Kong API Gateway, including proxy development, custom policies, and managing multiple gateways in parallel.
- Expertise in designing scalable, secure RESTful APIs using OpenAPI/Swagger, with strong knowledge of versioning, rate limiting, quotas, and caching.
- Advanced programming skills in Java and Python for backend services, integrations, and gateway extensions (Node.js/scripting as plus).
- Hands-on experience with GCP services (Apigee X, Cloud Run, Functions, Pub/Sub, IAM, VPC, Monitoring/Logging) and hybrid/multi-cloud networking.
- Deep understanding of API security (OAuth2, JWT, SAML, API keys), encryption, and compliance standards (PCI, SOC2, HIPAA).
- Experience with observability tools (Cloud Monitoring, Prometheus, Grafana, ELK), including alerting, tracing, dashboards, and RCA.
- Proven ability to integrate APIs with microservices and event-driven systems (e.g., Kafka, Pub/Sub).
- Skilled in API gateway performance tuning, including caching, load balancing, fault tolerance, and low-latency optimization.
Desired Experience
- With Kubernetes (GKE preferred) and Docker-based containerization, plus familiarity with service meshes like Istio or Linkerd.
- Knowledge of managing and customizing developer portals in Apigee or Kong.
- Exposure to modern API technologies and patterns including GraphQL, gRPC, WebSockets, and asynchronous messaging.
- Experience with advanced API security tools such as Cloud Armor, WAFs, and bot mitigation solutions.
- Proficiency in modern CI/CD tools (GitLab CI, ArgoCD, Spinnaker) and secrets management (HashiCorp Vault, GCP Secret Manager).
- Experience with API testing tools like Postman, SoapUI, ReadyAPI, or Karate.
- Familiarity with observability and tracing tools (OpenTelemetry, Jaeger, Zipkin) and integration with incident response platforms (PagerDuty, Opsgenie).
- Relevant certifications (Google Cloud, Apigee, Professional Cloud Architect, CKA) and industry experience in regulated sectors (e.g., finance, healthcare) with knowledge of standards like GDPR and HIPAA.