Security Engineer PAM & Vault 100% (f/m/d)

Tasks

• Analyzing evolving business and security requirements, assessing their technical feasibility, risk implications, and impact on existing systems, enterprise architecture standards, and regulatory obligations
• Proactive contributions to the development of secure, scalable architectures, operating concepts, and standardized engineering processes in line with corporate IT strategies
• Maintain comprehensive, up-to-date technical documentation, including system designs, runbooks, configurations, and incident post-mortems to ensure transparency and operational continuity.
• Lead troubleshooting and root cause analysis for complex technical issues to ensure timely resolution and minimize service disruption
• Provide 2nd and 3rd level engineering support, including participation in an on-call rotation, coordination with cross-functional teams to efficiently resolve critical incidents
• Drive continuous service improvements by enhancing system reliability, security posture, performance, usability, and automation, with a clear focus on increasing operational efficiency and reducing manual effort.

Requirements

• Practical experience with privileged access and secret management solutions, preferably Delinea (formerly Thycotic) Secret Server or HashiCorp Vault, including implementation, administration, and integration with enterprise systems
• At least 2-3 years of experience in 2nd and 3rd level engineering or operations roles supporting enterprise IT security services, ideally in complex, highly regulated environments (e.g., financial services)
• Security fundamentals: Solid knowledge of core cybersecurity principles—including authentication, authorization, encryption, zero-trust models, and least-privilege access controls
• Practical understanding of key IT security areas; experience with one or more of the following is advantageous:
  • Secure web gateway technologies (e.g., Zscaler)
  • Application delivery controller (e.g., Citrix ADC/NetScaler)
  • Public Key Infrastructure (PKI)
  • Multi-factor authentication frameworks (MFA)
• Technical expertise:
  • Exposure to Kubernetes and containerized environments, particularly in relation to secret injection and secure workload identity

We offer

Profile

• Education and certificates:
  • Relevant academic background (e.g., bachelor's or master's degree in computer science, information security, or a related field) – or equivalent practical experience
  • Industry certifications such as CISSP, CISM, or CEH are considered a strong asset.
  • HashiCorp Certified Vault Associate (or higher) is desirable but not mandatory.
  • Delinea Certified Technician (DCT) certification is desirable but not mandatory.