DevSecOps Platform Engineer
Role details
Job location
Tech stack
Job description
We are seeking a Senior DevSecOps Engineer to design and automate an enterprise dual?stack secrets management ecosystem built on CyberArk (PAM) and HashiCorp Vault (machine/app secrets). This role is responsible for transforming the platforms into a fully automated, highly available, platform-as-a-service" capability, with zero/low-touch operations for: This candidate will operate at the intersection of DevOps, SRE, and Security Engineering, building automation-first solutions that scale across multi-cloud, hybrid environments, and CI/CD ecosystems., 1) Dual-Platform Strategy Integration Own the operating model for dual vaulting platforms, clearly delineating: CyberArk ? human privileged access (PAM) Vault ? application, dynamic, and non-human secrets Support enterprise initiatives for centralized secrets management across cloud and on-prem platforms.
-
Full Automation of Day-2 Operations Eliminate manual operations by engineering: Automated patching pipelines Automated version upgrades Lifecycle workflows (certificate rotation, secret rotation, platform hardening) Build reusable frameworks for: Safe maintenance windows Automated rollback Continuous compliance validation Standardize Day-2 operational patterns, runbooks, and platform engineering playbooks.
-
Upgrade, Patching, and Release Engineering Design and implement enterprise-grade upgrade strategies, including: Rolling upgrades (HA clusters) Blue/green or parallel cluster deployments Controlled failover patterns Introduce automated validation: Pre-checks (dependency/version compatibility) Post-checks (cluster health, secret access integrity) Ensure Vault and CyberArk platforms remain aligned to: Security patch baselines Enterprise upgrade cadences
-
Infrastructure as Code Pipeline Engineering Build and maintain modular IaC for secrets platform deployment and lifecycle: CyberArk components (Vault, CPM, PSM, connectors) Vault clusters (HA raft, DR, auto-unseal) Develop CI/CD pipelines to: Build, validate, and promote platform changes Securely inject and manage secrets in pipelines (DevSecOps alignment) Integrate secrets management securely into CI/CD systems, avoiding credential sprawl.
-
Observability, Health, and Self-Healing Define operational health KPIs for both platforms, including: Vault: seal/unseal state, raft performance, resource utilization, transaction latency CyberArk: component availability, credential lifecycle success, access workflows Implement: Automated health checks and drift detection Event-driven remediation End-to-end alerting integrated into enterprise monitoring tools Primary SkillDevOps Desired Skills
- Experience building Vault as a Service" / PAM as a platform capabilities
- Knowledge of:
- Dynamic secrets / short-lived credentials
- JIT access models
- Token-based or OIDC-based auth patterns
- Experience with:
- Kubernetes / container platforms
- Multi-cloud environments (AWS, Azure)
- Familiarity with CyberArk automation tooling (e.g., Ansible-based approaches) ?, * Ensure all automation aligns with:
- Audit requirements
- Security best practice
- IaC methodology
- Infrastructure as Code (IaC) CICD: Terraform, Ansible GitOps workflows version control (Git) API automation: REST, CLI, SDK-based orchestration Vault platforms: HashiCorp Vault, CyberArk, cloud secret managers
Requirements
-
- High Availability, Resilience, and DR
- Engineer resilient, high uptime architectures for secrets platforms:
- Multi-zone / multi-region deployment patterns
- Disaster recovery and failover automation
- Validate resilience continuously via:
- Failure injection
- Controlled DR drills
- Recovery validation pipelines
-
- Security, Governance, and Compliance
- Implement strong governance patterns:
- Segregation of duties (admin vs usage)
- Approval workflows and just-in-time access
- Least-privilege enforcement