Security Engineer for PAM and Vault Asia

Job description

Tasks

• Development of privileged access management (PAM) and secrets management (vault) solutions
• Work closely with global engineering and security teams to ensure high availability, resilience, and compliance of PAM and vault infrastructures in hybrid and cloud environments.
• Analysis of evolving business and security requirements, assessment of their technical feasibility, risk implications, and impact on existing systems, enterprise architecture standards, and regulatory obligations
• Contribution to the development of secure, scalable architectures, operational concepts, and standardized engineering processes in line with corporate IT strategies
• Maintenance of comprehensive, up-to-date technical documentation, including system designs, runbooks, configurations, and incident post-mortems, to ensure transparency and operational continuity
• Conducting troubleshooting and root cause analyses for complex technical problems to ensure timely solutions and minimize service disruptions
• Provide 2nd and 3rd line engineering support to efficiently resolve critical incidents and collaborate with cross-functional teams to ensure service reliability, security status, performance, observability, and automation.

Requirements

Professional and technical requirements

• Core competency: Hands-on experience with privileged access and secrets management solutions, preferably Delinea (formerly Thycotic) Secret Server or HashiCorp Vault, including implementation, administration, and integration into enterprise systems
• Security engineering knowledge: Practical understanding of key IT security areas; experience with one or more of the following is advantageous:
  • Secure web gateway technologies (e.g., Zscaler)
  • Application delivery controllers (e.g., Citrix ADC / NetScaler)
  • Public Key Infrastructure (PKI)
  • Multi-factor authentication frameworks
• Operational excellence: At least 2-3 years of experience in 2nd and 3rd line engineering or operations roles supporting enterprise IT security services, ideally in complex, highly regulated environments (e.g., financial services)
• Technical expertise:
  • Strong system administration skills on Linux and Windows platforms
  • Proven experience with automation and infrastructure-as-code, including tools such as Ansible, Terraform, GIT, and scripting languages such as Python, Bash, PowerShell, and REST API integrations
  • Working knowledge of cloud platforms (AWS, Azure, or GCP), with a focus on secure identity and access management
  • Exposure to Kubernetes and containerized environments, particularly in relation to secrets injection and secure workload identity
  • Security fundamentals: Solid understanding of core cybersecurity principles—including authentication
• Delinea Certified Technician (DCT) certification is desirable but not required.

Personal and social requirements

• Team player, strong collaborator with a willingness to take on responsibility
• Excellent communication skills, both spoken and written
• Strong desire to learn and develop new skills
• Highly proactive, self-driven, and focused on delivering measurable results
• Ability to make independent decisions, including prioritizing and resolving incidents and change requests with minimal supervision
• Strong analytical and conceptual thinking skills, with attention to detail and long-term architectural implications
• Ability to thrive in a globally distributed team environment

Regulatory requirements

• Good understanding of the technological regulatory framework