As a Senior Secrets Management PAM Engineer, you will play a key role in designing, deploying, and managing enterprise-wide secrets management solutions with a primary focus on HashiCorp Vault. You will work closely with Cybersecurity Architects, IAM, PAM, and DevSecOps teams to deliver secure, scalable, and automated credential management across HPE s hybrid infrastructure.
You will serve as a technical SME and hands-on implementer, ensuring seamless integration of secrets management with privileged access and identity platforms, while strengthening the company s overall security posture.
Key Responsibilities
Implementation & Engineering
- Deploy, configure, and manage HashiCorp Vault Enterprise clusters, including replication, DR, namespaces, secrets engines, and authentication methods
- Implement dynamic and static secrets, short-lived credentials, and automated rotation for accounts, APIs, and services
- Integrate secrets management with PAM platforms (e.g., CyberArk, BeyondTrust) and CI/CD pipelines (Jenkins, GitHub, GitLab, Azure DevOps)
- Build and maintain Vault policies, AppRoles, OIDC/JWT integrations, and RBAC models
- Automate secrets onboarding and lifecycle management using APIs, Terraform, and scripting languages (Python, PowerShell, Bash)
- Ensure secure integration of Vault with cloud workloads (AWS, Azure, GCP) and container platforms (Kubernetes, Docker)
- Support migration from legacy key stores or password vaults to centralized secrets management platforms
- Maintain secure configurations, audit logging, and event forwarding to SIEM/SOAR systems
- Ensure Vault operational health, monitoring, and performance tuning
- Perform upgrades, patching, and disaster recovery operations for secrets management platforms
- Troubleshoot authentication, access, and vault replication issues
Security & Compliance
- Enforce least-privilege access, policy-based control, and segregation of duties for secrets and credentials
- Maintain compliance with corporate and regulatory standards (SOX, FedRAMP, ISO 27001, NIST 800-53)
- Partner with cybersecurity and audit teams to ensure effective logging, monitoring, and attestation of secrets management activities
- Conduct periodic reviews of Vault policies, ACLs, and access models to ensure continuous compliance
Collaboration & Continuous Improvement
- Collaborate with IAM, PAM, and DevSecOps teams to align secrets management with enterprise identity strategy
- Identify and implement automation and efficiency improvements in secrets management and PAM processes
- Contribute to engineering documentation, knowledge articles, and operational runbooks
- Support training and knowledge transfer to operations and development teams
What you need to bring:
About You
You are a hands-on cybersecurity engineer with deep expertise in secrets management, privileged access, and identity operations. You enjoy building secure, automated, and resilient systems and thrive in complex enterprise environments. You re detail-oriented, collaborative, and driven to continuously improve security and operational maturity.
Education & Experience Requirements
- Bachelor s degree in Cybersecurity, Computer Science, Information Technology, or related field (or equivalent experience)
- 10+ years of experience in IT or cybersecurity, with 6+ years focused on secrets management, PAM
- Hands-on experience with HashiCorp Vault Enterprise, including configuration, replication, DR, policies, and secrets engines
- Experience integrating Vault with PAM tools (CyberArk, BeyondTrust) and DevOps toolchains (Jenkins, GitHub, GitLab, Azure DevOps, Kubernetes)
- Strong scripting and automation skills (Python, PowerShell, Bash, Terraform, REST APIs)
- Experience with cloud identity and secrets services (AWS Secrets Manager, Azure Key Vault, GCP Secret Manager)
- Working knowledge of authentication standards (OIDC, JWT, LDAP, Kerberos, SAML, OAuth2)
- Experience implementing Zero Trust and Just-in-Time access models
- Understanding of security compliance frameworks (SOX, FedRAMP, ISO 27001, NIST 800-53)
- Preferred certifications: HashiCorp Certified Vault Associate, CyberArk Defender/Sentry, CISSP, or equivalent
