DevOps Engineer (Hashicorp/CyberArk)

About The Position

Requirements

• 7+ years in platform, infrastructure, or security engineering roles.
• Strong hands‑on experience with HashiCorp Vault and CyberArk, including: HA architectures, Primary / DR cluster designs, Multi‑lane environments (Dev / UAT / Prod), Privileged account vaulting, Password rotation and lifecycle management.
• Experience with operating secrets management platforms as shared enterprise services.
• Strong knowledge of Active Directory integration with authentication and secrets platforms.
• Experience with database credential management and rotation.
• Practical understanding of human vs non‑human identity separation.
• Expertise in RBAC, policy design, and least‑privilege access enforcement.
• Strong understanding of OS and service authentication (PAM, OIDC, Certs, etc).
• Strong Linux and Windows based systems knowledge.
• Experience with TLS, certificates, and secure networking.
• Infrastructure‑as‑Code experience (e.g., Terraform or similar).
• Familiarity with operating highly resilient, security‑critical platforms.

Nice To Haves

• Experience running HashiCorp Vault and/or CyberArk in a Cloud Service Provider.
• Familiarity with HSM integration, auto‑unseal mechanisms, and key management.
• Experience in financial services or regulated environments.
• Ability to mentor engineers and influence enterprise‑wide security architecture decisions.

Responsibilities

• Design, deploy, and operate enterprise‑grade HashiCorp Vault environments, including: Primary and DR cluster pairs, Multi‑AZ / multi‑data‑center resilient architectures, Lane‑based isolation (Dev / UAT / Production).
• Engineer and support Password Vault solutions for: Privileged and service account password management, Credential rotation and policy enforcement.
• Define clear functional boundaries between: Human and interactive privileged access, Non‑human, non‑interactive identities and application secrets.
• Implement high‑availability and disaster recovery designs for secrets platforms addressing: Node loss, Data center loss, Regional failure scenarios.
• Own backup, restore, and DR testing strategies for Vault and CyberArk platforms.
• Ensure secrets platforms meet Tier‑0 availability and resiliency expectations.
• Integrate Vault and CyberArk with enterprise Active Directory for: Authentication, Authorization, Group and role‑based access controls.
• Implement and manage database credential integrations using: Vault dynamic and static secrets engines, CyberArk‑managed credentials where required.
• Design secret‑zero resolution and identity‑based authentication patterns, minimizing reliance on long‑lived static credentials.
• Enforce least‑privilege, role‑based access models across both platforms.
• Own day‑2 operations for enterprise secrets platforms, including: Health monitoring and alerting, Access logging and audit readiness, Performance tuning and capacity planning.
• Participate in incident response, root cause analysis, and security events related to secrets and credential exposure.
• Maintain standard operating procedures and runbooks for enterprise teams.
• Automate provisioning and configuration using IaC (Infrastructure as Code) and configuration management tools.
• Define standardized onboarding patterns for applications leveraging Vault or CyberArk.
• Publish reference architectures, integration patterns, and engineering standards.
• Partner with application, infrastructure, and security teams to drive adoption at scale.

Benefits

• Medical, dental & vision
• Critical Illness, Accident, and Hospital
• 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
• Life Insurance (Voluntary Life & AD&D for the employee and dependents)
• Short and long-term disability
• Health Spending Account (HSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)