APIM Engineer (DevOps Engineer with API Gateway ))

About the RoleOur GenAI platform uses an API Gateway as the central integration point for all services, including AI agents, third-party APIs, and internal microservices. While Kong API Gateway is the primary platform used within the environment, we welcome candidates with strong experience in other enterprise APIM platforms (e.g., Apigee, MuleSoft, Azure APIM, AWS API Gateway, WSO2, etc.).As our APIM Engineer, you will own the design, deployment, and operation of the API management platform, ensuring high availability, security, and optimal performance for enterprise workloads, with Kong experience considered a strong advantage.Key ResponsibilitiesDesign, deploy, and operate Kong API Gateway (v3.9.x)Manage API routing using Kubernetes Gateway API (HTTPRoute, Gateway, ReferenceGrant)Design and implement API routing strategies for multi-tenant use casesConfigure and maintain Kong plugins (key-auth, rate-limiting, request-transformer, session, ACL, JWT, prometheus)Build and maintain Helm charts and Terraform configurations for multi-environment deploymentBuild abstraction layer for 3rd party APIs (Salesforce / CRM Systems, Journey Analytics Systems, Microsoft Graph, ElevenLabs)Implement request/response transformation and protocol translationConfigure circuit breakers, retry policies, and failover strategiesEstablish API versioning and deprecation policiesConfigure and troubleshoot Kubernetes Network Policies for service isolationManage GCP services: Secret Manager, Cloud Armor WAF, Certificate Manager, Workload Identity, IAPMaintain observability stack: Prometheus metrics, Google Managed Prometheus, Cloud Logging/MonitoringDocument API standards and onboarding guides for use case teamsSupport LLM provider integration with caching and cost optimisationTech stack:API Gateway: Kong 3.9.xContainer Orchestration: Kubernetes (GKE Autopilot), Gateway API v1IaC: Terraform 1.7+, Helm 3GitOps: ArgoCDCI/CD: GitHub ActionsCloud: GCP (GKE, Secret Manager, Cloud Armor, Certificate Manager, IAP, Workload Identity, GMP)Observability: Prometheus, Google Managed Prometheus, Cloud LoggingSecurity: ESO, Network Policies, mTLS, TrivyLanguages: YAML, Bash, JSON, Lua (for custom plugins)Workflow: GitFlowRequired Skills(Candidates with strong experience in any enterprise APIM platform are encouraged to apply. Kong expertise is highly preferred.)4+ years experience with API gateway such as Istio, Cilium,Envoy (kong is preferable)Can explain and deploy pods, services, deployments, namespaces, network policies, CRDs. Has debugged production K8s issues.Proficiency in Kong plugin configuration and custom plugin development (Lua)Strong knowledge of API security patterns (OAuth 2.0, API keys, JWT validation)Can read/write Helm charts, understand values overrides, template syntaxHas written Terraform modules, managed state, done plan/apply cycles or equivalent IaCHas built or maintained GitHub Actions, GitLab CI, or Jenkins pipelinesUnderstanding of REST API design principles and OpenAPI specificationsFamiliarity with service mesh concepts and ingress controllersCloud provider experience GCP preferred; AWS/Azure transferable if strongDesirable SkillsKnowledge of declarative configuration and GitOps workflowsGKE Autopilot Has specific constraints (no DaemonSets, enforced resource requests)Background in CRM and enterprise application integrationExperience with Kong Enterprise features (Dev Portal, Analytics)Prometheus / PromQLLua programming