DevSecOps Platform Engineer (Secrets Management-Cyberark/Hashicorp)

Matlen Silver
Chandler, United States of America
30 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior
Compensation
$ 185K

Job location

Chandler, United States of America

Tech stack

Amazon Web Services (AWS)
Application Frameworks
Automation of Tests
Azure
Cloud Computing
Continuous Integration
DevOps
Disaster Recovery
Failover
Key Management
OpenID
Reliability Engineering
Ansible
Runbook
Cyberark
System Availability
Multi-Cloud
Infrastructure as Code (IaC)
GIT
Containerization
Kubernetes
Hashicorp
Terraform
Software Version Control
Devsecops

Job description

We are seeking a Senior DevSecOps Engineer to design and automate an enterprise dual?stack secrets management ecosystem built on CyberArk (PAM) and HashiCorp Vault (machine/app secrets). This role is responsible for transforming the platforms into a fully automated, highly available, "platform-as-a-service" capability, with zero/low-touch operations for: This candidate will operate at the intersection of DevOps, SRE, and Security Engineering, building automation-first solutions that scale across multi-cloud, hybrid environments, and CI/CD ecosystems. Key Responsibilities

  1. Dual-Platform Strategy Integration Own the operating model for dual vaulting platforms, clearly delineating: CyberArk ? human privileged access (PAM) Vault ? application, dynamic, and non-human secrets Support enterprise initiatives for centralized secrets management across cloud and on-prem platforms.

  2. Full Automation of Day-2 Operations

Eliminate manual operations by engineering: Automated patching pipelines Automated version upgrades Lifecycle workflows (certificate rotation, secret rotation, platform hardening)

Build reusable frameworks for: Safe maintenance windows Automated rollback Continuous compliance validation Standardize Day-2 operational patterns, runbooks, and platform engineering playbooks.

  1. Upgrade, Patching, and Release Engineering Design and implement enterprise-grade upgrade strategies, including: Rolling upgrades (HA clusters) Blue/green or parallel cluster deployments Controlled failover patterns

Introduce automated validation: Pre-checks (dependency/version compatibility) Post-checks (cluster health, secret access integrity)

Ensure Vault and CyberArk platforms remain aligned to: Security patch baselines Enterprise upgrade cadences

  1. Infrastructure as Code Pipeline Engineering Build and maintain modular IaC for secrets platform deployment and lifecycle: CyberArk components (Vault, CPM, PSM, connectors) Vault clusters (HA raft, DR, auto-unseal)

Develop CI/CD pipelines to: Build, validate, and promote platform changes Securely inject and manage secrets in pipelines (DevSecOps alignment) Integrate secrets management securely into CI/CD systems, avoiding credential sprawl.

  1. Observability, Health, and Self-Healing

Define operational health KPIs for both platforms, including: Vault: seal/unseal state, raft performance, resource utilization, transaction latency CyberArk: component availability, credential lifecycle success, access workflows

Implement: Automated health checks and drift detection Event-driven remediation End-to-end alerting integrated into enterprise monitoring tools Primary SkillDevOps Desired Skills, * Ensure all automation aligns with:

  • Audit requirements
  • Security best practice
  • IaC methodology
  • Infrastructure as Code (IaC) CICD: Terraform, Ansible * GitOps workflows version control (Git) * API automation: REST, CLI, SDK-based orchestration * Vault platforms: HashiCorp Vault, CyberArk, cloud secret managers

Requirements

Do you have experience in Version control systems?, * Experience building "Vault as a Service" / PAM as a platform capabilities

  • Knowledge of:
  • Dynamic secrets / short-lived credentials
  • JIT access models
  • Token-based or OIDC-based auth patterns
  • Experience with:
  • Kubernetes / container platforms
  • Multi-cloud environments (AWS, Azure)
  • Familiarity with CyberArk automation tooling (e.g., Ansible-based approaches) ?

Required Skills

    1. High Availability, Resilience, and DR
  • Engineer resilient, high uptime architectures for secrets platforms:
  • Multi-zone / multi-region deployment patterns
  • Disaster recovery and failover automation
  • Validate resilience continuously via:
  • Failure injection
  • Controlled DR drills
  • Recovery validation pipelines
    1. Security, Governance, and Compliance
  • Implement strong governance patterns:
  • Segregation of duties (admin vs usage)
  • Approval workflows and just-in-time access
  • Least-privilege enforcement

Apply for this position