Lead Infrastructure Engineer (Encryption Security-Hashicorp Vault)

About The Position

Requirements

• 5+ years of Technology Infrastructure Engineering and Solutions experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 3+ years of hands-on experience with HashiCorp Vault, with a proven track record in enterprise-grade Vault design, deployment, and automation
• Practical experience with Enterprise Change Management, change control processes, and operating within procedural, compliance-driven environments
• Hands-on expertise with Terraform, Ansible, CI/CD pipelines, and GitHub, with strong understanding of modern automation pipelines for Vault provisioning and configuration
• Solid understanding of Linux system administration, required for installing, configuring, securing, and troubleshooting Vault clusters
• Deep understanding of the Vault lifecycle, including installation, upgrades, HA deployment, scaling, and cluster maintenance.

Nice To Haves

• Proven experience designing, integrating, and maintaining Vault Secret Engines, including: KV, Database, PKI, Azure, GCP, LDAP, Dynamic secret engines, and secret rotation flows
• Strong experience designing, implementing, and maintaining Vault Auth Engines, such as: LDAP, AppRole, Kubernetes, JWT/OIDC, TLS Certificate authentication.
• Hands-on experience implementing Vault Auto-Unseal using HSM-based solutions.
• Experience configuring and maintaining Vault audit logging, monitoring, and metrics, using tools like Splunk, Grafana, and other observability platforms.
• Hands-on expertise with Vault Agent, templates, auto-auth, and Vault Proxy integrations.
• Should have hands on experience in using Hashicorp Vault service like (Key management system, Secret and certificate management)
• Good knowledge of DevOps and SDLC for IaC CI/CD concepts, GitHub, branching strategies
• Professional HashiCorp Vault Certification (HVCP or equivalent)

Responsibilities

• Independently design, implement, and manage secure, highly available HashiCorp Vault platform with minimal oversight from lead engineers
• Contribute to end-to-end automation of Vault provisioning, configuration, and lifecycle management using Ansible and Terraform
• Develop and enforce platform standards for secrets management, authentication, authorization, and Vault best practices across the organization
• Analyze and solve complex technical challenges, including cloud native and multi-cloud integrations, Kubernetes auth setups, PKI hierarchies, replication, and performance optimization
• Collaborate directly with cross-functional teams—security, platform engineering, application teams, product owners, and vendors—to deliver architecturally sound Vault solutions
• Troubleshoot deep technical issues independently, including HA failures, unseal workflows, auth method problems, and secret engine configuration errors
• Implement advanced Vault capabilities, such as static and dynamic secrets, PKI secret engine, dynamic Database secrets, and namespace management
• Guide and support engineering teams, providing Vault expertise, technical recommendations, and onboarding assistance without requiring constant supervision
• Drive continuous improvement, identifying opportunities for automation, performance tuning, reliability enhancements, and security hardening across Vault deployments
• Provide on-call support on rotational basis per team’s schedule.

Benefits

• Health benefits
• 401(k) Plan
• Paid time off
• Disability benefits
• Life insurance, critical illness insurance, and accident insurance
• Parental leave
• Critical caregiving leave
• Discounts and savings
• Commuter benefits
• Tuition reimbursement
• Scholarships for dependent children
• Adoption reimbursement