Senior Software Engineer I (API): Zinnia

This is a highly specialized backend role. You are not just building APIs; you are building the Governance and Security layer around them. Zinnia deals with $180B in insurance assets. They cannot afford data leaks. Therefore, they are hiring a senior engineer to implement CIAM (Customer Identity and Access Management) using Kong (API Gateway) and NestJS.

You are the "Gatekeeper." You ensure that when a policyholder or a carrier accesses data, they are authenticated via modern standards (OAuth/SAML) and that the traffic is managed correctly via the Gateway.

Key Responsibilities
The "Kong" Master: You will develop enterprise solutions using the Kong API platform. This involves configuring plugins for rate limiting, authentication, and logging.

Identity Architect: You will implement OAuth, SAML, and OpenID Connect. You aren't just using these protocols; you are likely integrating a legacy insurance backend with a modern frontend identity provider.

Governance & Standardization: You will write the "Rules of the Road" for other developers. You define how APIs should be versioned, documented, and secured.

The Framework: You will build in TypeScript using NestJS. This is a specific flavor of Node.js that is opinionated and structured (similar to Angular or Java Spring), which is popular in enterprise environments.

Strategic Analysis
The "8+ Years" Requirement: This is a high bar for a "Senior I" title. Zinnia is looking for maturity and stability. They want someone who has seen API failures before and knows how to prevent them.

The "Frictionless" Goal: Insurance is notoriously difficult to buy and manage. Zinnia’s value prop is making this process smooth. Your job is to hide the complexity of the backend mainframe/database behind a clean, fast API.

The Tech Stack Signals: Using NestJS + Kong + AWS Lambda indicates a modern, microservices-oriented architecture. They are likely moving away from monolithic legacy apps.

Candidate Profile
The "Security-First" Developer: You understand that "Auth" is not just a login screen. You understand tokens, scopes, grant types, and the security implications of each.

The TypeScript Pro: You don't just write JavaScript; you write typed, object-oriented code in NestJS.

The API Governor: You have experience with API Governance. You know how to manage breaking changes and versioning strategies (e.g., Semantic Versioning).

Critical Application "Knockout" Questions
The application form includes specific technical filters. You must be able to answer "Yes" to these to get past the auto-screener:

"Do you have 8+ years of hands-on experience working as a software engineer?" (Strict cutoff).

"Have you developed enterprise-grade API solutions using platforms like Kong?" (This is the key differentiator).

"Have you implemented CIAM solutions...?"