Specialist in API Security and Zero Trust Architecture

Techrytera AB

Stockholms län, Stockholm

Previous experience is desired

~56 800 kr / per month ->
Fixed monthly, weekly, or hourly salary

Published 2026-05-25 Permanent employment Full time

170 days left
to apply for the job

Apply now

About Us At Techrytera AB, recruitment starts with you. We are a staffing and recruitment company with top-tier expertise and a clear focus on IT and Engineering. With our industry knowledge and close dialogue with both candidates and clients, we create precise matches where the right skills meet the right needs.

We believe that a truly great match is not just about a job description – it is about your experience, your potential, and what you actually want to develop within. Therefore, we always start from the individual. By understanding your background, your driving forces, and your ambitions, we can connect you with assignments and roles at our clients where you get the right conditions to develop and make a difference.

Our goal is to build long-term and meaningful collaborations – both for you as a candidate and for our clients.

Job Description

We are looking for a specialist with the competence to establish an API management platform with a high degree of API security. The area of competence also touches upon IAM (Identity and Access Management) and PKI (Public Key Infrastructure). The consultant will work with the entire implementation and establishment of a new API management system, from requirements, design, and technical implementation to verification. The role includes creating technical documentation and instructions, as well as spreading competence in secure API development to the receiving administration.

We are looking for you who have practical experience in establishing an API management platform (non-cloud-based) with a "zero trust" architecture with a large focus on API security.

The work is driven in project form consisting of project managers, architects, and developers, in close collaboration with the client and other IT administration.

The assignment includes the following tasks:

You are an expert in API security and can translate needs into technical requirements, security requirements, process requirements, and solution alternatives for the API platform and concrete API implementations. You also guide in the pros and cons of alternative solutions.
You work hands-on with installation, configuration, and hardening.
You specify and implement authentication and authorization solutions for different API use cases (OAuth2.0, OpenID Connect, JWT).
You participate in designing security controls such as rate limiting, and logging/monitoring of anomalies.
You specify the need for verification and perform verifications of the solution (e.g., using the OWASP framework).
You participate in creating requirements and evaluating platforms and solutions when procuring an API management platform.
You participate in creating requirements and solution proposals concerning IAM and PKI to implement the API management platform solution.
You participate in threat and risk analyses (Threat Modeling) to identify vulnerabilities in solution proposals.
You participate in setting up CI/CD pipelines for automated deployment.
You participate in creating requirements and processes for API management (e.g., API onboarding and permission management).
You participate in creating processes and routines for secure API development (e.g., policy development, API guidelines for API developers).

Requirements:

At least 3 years of experience in technical work with operations and management of API management systems on-premises, and/or at least 1 full establishment of an API management platform on-premises.
At least 10 years of experience in IT with a focus on communication solutions and IT security, with knowledge in one or more of the following areas: API gateway, integration platform, authentication, authorization, IAM, PKI, and IT security.
At least 2 years of experience implementing OAuth 2.0 and OpenID Connect.
At least 1 year of experience with solution patterns using opaque tokens for external clients.
At least 2 years of experience working with zero trust architecture in API flows (the principle "trust nothing, verify everything").

Preferred Qualifications:

Experience in having implemented at least 1 API implementation with FAPI 2.0 Security Profile or a corresponding customized OAuth 2.1-based profile.
Experience in contributing to the creation of API guidelines for API design and API security for development teams.
Experience in having implemented IDP/IAM systems for API management and OAuth/OpenID standards.
Experience in having implemented API flows with OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens (RFC 8705) or OAuth 2.0 Demonstrating Proof of Possession (DPoP) (RFC 9449).

Preliminary start date: After approved security clearance.

End date: Latest by 2029-12-31.

Scope: Estimated at 80-100% of full-time.

Application When you apply via Techrytera AB, you are not just applying for a job – you are starting a dialogue about your continued career. We want to get to know you, your experience, and your ambitions to be able to match you with the right opportunities at our clients.

Does this sound interesting? Send in your application or contact us, and we will tell you more. We look forward to finding the next step in your career together with you.