Sr. HashiCorp Vault Specialist

About The Position

Requirements

• Production HashiCorp Vault experience at a senior level, with hands-on ownership of secret engines, policies, and auth methods on a platform used by other teams.
• Fluent in reading Vault audit logs and acting upon them.
• Strong Terraform practitioner, experienced in configuring Vault and adjacent platforms via IaC, and capable of reviewing other engineers' Terraform for safety and drift.
• Experience with CI/CD-driven workflows (GitHub Actions, GitLab CI, or equivalent), including end-to-end debugging of pipeline failures.
• Direct experience with the static-to-dynamic secrets shift, including production use of dynamic-secret engines (databases, cloud IAM, PKI, or similar).
• Experience handling incidents on a critical platform after tier-1 and tier-2 triage, with the judgment to prioritize fixes and hardening.
• Experience mentoring junior engineers in a shadowable manner, including explaining reasoning, documenting patterns, and making deliberate decisions.
• Ability to drive assigned goals to completion in agile/scrum and align execution with product and domain architects without needing task-level strategy.
• Language profile: primary working language in Quebec French, International French, or English; complementary English at C1 (French-primary) or native/C1+ (English-primary).
• Ability to read dense technical documentation (HashiCorp Vault, Terraform, CI/CD, cloud providers), parse Vault audit logs or Terraform errors to identify issues, and follow GitHub issues, RFCs, and vendor blog posts.
• Ability to synthesize information from multiple sources to infer solutions when direct answers are not available.

Nice To Haves

• HashiCorp Vault Associate or Operations Professional certification, or equivalent demonstrable expertise.
• Experience with adjacent HashiCorp tools, particularly Boundary and Consul.
• Experience in regulated sectors (financial services, healthcare, government, critical infrastructure) with non-classic security controls, audit, and change management.
• Experience with Cloud IAM and secret management on major clouds (AWS, Azure, GCP).
• Prior consulting or staff-augmentation experience, including quickly learning team conventions and adding value without imposing.

Responsibilities

• Write and review Terraform for configuring Vault: secret engines (KV v2, dynamic-secret engines), policies, auth methods.
• Ship changes through the team's GitHub Actions pipeline.
• Maintain the health of the self-service endpoint as more consumer teams onboard, refactoring for configuration-based onboarding.
• Anticipate and address load and shape changes associated with the shift to dynamic, short-lived credentials.
• Handle Vault incidents after tier-1 and tier-2 triage, including root-cause analysis, fixing, and follow-up hardening.
• Fully participate in agile/scrum ceremonies and documentation.
• Mentor and pair with junior engineers, explaining reasoning, documenting patterns, and making deliberate decisions for replication.
• Drive assigned goals to completion, aligning execution with product and domain architects.

Benefits

• Contract-first through end of 2026, renewable up to end of 2028
• Possible conversion to permanent by Arctiq or the client
• Client-issued laptop, VPN, and MFA likely provided