Security Engineer PAM & Vault 100% (f/m/d)

Tasks

• Manage compliance or PAM and vault infrastructures across different environments
• Analyze evolving business and security requirements, and assess their technical feasibility, risk implications, and impact on existing systems, enterprise architecture standards, and regulatory obligations
• Proactively contribute to the development of secure, scalable architectures, operational concepts, and standardized engineering processes that align with the company’s IT strategies
• Maintain comprehensive, up-to-date technical documentation, including system designs, runbooks, configurations, and incident post-mortems, to ensure transparency and operational continuity
• Conduct troubleshooting and root cause analysis of complex technical issues to ensure a timely resolution and minimize service disruption
• Provide Level 2 and Level 3 engineering support, including participating in an on-call rotation and coordinating with cross-functional teams to efficiently resolve critical incidents
• Drive ongoing service improvements by enhancing system reliability, security, performance, usability, and automation, with a clear focus on increasing operational efficiency and reducing manual effort

Requirements

• Practical experience with privileged access and secret management solutions, preferably Delinea (formerly Thycotic) Secret Server or HashiCorp Vault, including implementation, administration, and integration with enterprise systems
• At least 2-3 years of experience in 2nd and 3rd level engineering or operations roles supporting enterprise IT security services, ideally in complex, highly regulated environments (e.g., financial services)
• Security Fundamentals: A solid understanding of the core principles of cybersecurity, including authentication, authorization, encryption, zero-trust models, and least-privilege access controls
• Practical understanding of key IT security areas; experience with one or more of the following is advantageous:
  • Secure web gateway technologies (e.g., Zscaler)
  • Application delivery controller (e.g., Citrix ADC/NetScaler)
  • Public Key Infrastructure (PKI)
  • Multi-factor authentication frameworks (MFA)
• Technical expertise:
  • Experience with Kubernetes and containerized environments, particularly in the context of secret injection and secure workload identity
• Education and certificates:
  • Relevant academic background (e.g., a bachelor’s or master’s degree in computer science, information security, or a related field) – or equivalent practical experience
  • Industry certifications such as CISSP, CISM, or CEH are considered a strong asset.
  • HashiCorp Certified Vault Associate (or higher) is desirable but not mandatory.
  • Delinea Certified Technician (DCT) certification is desirable but not mandatory.