Manager - Secure Data

About The Position

Requirements

• 3-5+ years of experience in Site Reliability Engineering, platform engineering, or security engineering.
• 3+ years of experience managing secrets management platforms (e.g., HashiCorp Vault, AWS KMS, Azure Key Vault, GCP Secret Manager).
• Hands-on expertise with cloud-native environments (AWS, Azure, GCP).
• Experience embedding security into DevSecOps pipelines and Infrastructure-as-Code.
• Familiarity with cloud-native secret services such as AWS Secrets Manager, Azure Key Vault, or GCP Secret Manager.
• Understanding of secret lifecycle management, cryptographic key handling, and secure credential practices.
• Experience with Terraform or similar Infrastructure-as-Code tools.
• Experience integrating secrets into CI/CD pipelines and cloud-native workloads.
• Strong troubleshooting and system analysis skills; ability to work across distributed systems.
• Demonstrated ability to manage complex services and present technical solutions to stakeholders.

Nice To Haves

• Certifications such as CISSP, CCSP, AWS/Azure Security Specialty, or HashiCorp Vault Certification.
• Experience with automation frameworks, containerization (Docker/Kubernetes), and CI/CD tools.
• Familiarity with SRE practices and monitoring/observability tools.
• Experience with Kubernetes, containers, and modern workload identity approaches (JWT, OIDC, SPIFFE/SPIRE).
• Basic understanding of compliance frameworks and security standards.

Responsibilities

• Secrets Management & Operations Support day-to-day operations of HashiCorp Vault and cloud-native secret stores (AWS Secrets Manager, Azure Key Vault, GCP Secret Manager).
• Configure, maintain, and troubleshoot Vault clusters, namespaces, auth methods, secret engines, and policies.
• Develop and maintain processes for secure storage, rotation, and lifecycle management of credentials, certificates, and keys.
• Ensure vault services are reliable, monitored, and available for global teams with defined SLAs.
• Build automation for provisioning, storing, rotating, and managing credentials, certificates, and keys.
• Apply SRE principles to enhance reliability, performance, and scalability of secrets management services.
• Build and maintain monitoring, alerting, and dashboards for vault performance, access patterns, anomalies, and system health.
• Participate in incident response for secrets-related issues and contribute to root cause analysis and long-term corrective actions.
• Assist with capacity planning and performance tuning of Vault and related infrastructure.
• Monitor systems for performance and security events; partner with incident response teams for remediation.
• Define and track operational KPIs and SLOs for secrets management services.
• Align secrets management processes with BCG compliance requirements
• Ensure audit logging, rotation policies, classification tags, and least-privilege controls are accurately enforced.
• Support security teams in audit readiness, evidence gathering, and policy validation.
• Partner with governance and security teams to ensure enforceable policies are embedded into processes and tools.
• Support audits and implement automated compliance checks within secrets management workflows.
• Work closely with platform, DevOps, and application teams to integrate secrets management into CI/CD pipelines and workflows.
• Provide guidance and enablement to developers and engineers on using vault services securely and effectively.
• Contribute to documentation, standards, and training to improve adoption and consistent usage of secrets management platforms.
• Support technical engagement with vendors and cloud providers.
• Manage and mentor engineers responsible for secrets management operations.
• Drive a culture of continuous improvement, knowledge sharing, and accountability.
• Identify opportunities to improve reliability, automation, and developer usability of secrets platforms.
• Support optimization efforts across Vault and cloud-vault services.
• Collaborate with senior engineers on enhancements to architecture, controls, and processes.

Benefits

• Zero dollar ($0) health insurance premiums for BCG employees, spouses, and children
• Low $10 (USD) copays for trips to the doctor, urgent care visits and prescriptions for generic drugs
• Dental coverage, including up to $5,000 in orthodontia benefits
• Vision insurance with coverage for both glasses and contact lenses annually
• Reimbursement for gym memberships and other fitness activities
• Fully vested Profit Sharing Retirement Fund contributions made annually, whether you contribute or not, plus the option for employees to make personal contributions to a 401(k) plan
• Paid Parental Leave and other family benefits such as elective egg freezing, surrogacy, and adoption reimbursement
• Generous paid time off including 12 holidays per year, an annual office closure between Christmas and New Years, and 15 vacation days per year (earned at 1.25 days per month)
• Paid sick time on an as needed basis