Security Specialist Secrets Management (Vault) 100% (f/m/d)

Job description

Tasks

• Design and implementation of HashiCorp Vault infrastructure: planning, provisioning, and management of HashiCorp Vault commitments
• Analysis of the impact on existing systems, enterprise architecture standards, and regulatory obligations
• Contribution to the development of secure, scalable architectures, operating concepts, and standardized engineering processes in line with corporate IT strategies
• Maintain comprehensive, up-to-date technical documentation, including system designs, runbooks, configurations, and incident post-mortems, to ensure transparency and operational continuity.
• Conducting troubleshooting and root cause analyses for complex technical problems to ensure timely solutions and minimize service disruptions
• Providing second- and third-level engineering support, including participation in an on-call rotation, coordination with cross-functional teams to efficiently resolve critical incidents
• Promoting continuous service improvement by enhancing system reliability, security, performance, observability, and automation, with a clear focus on increasing operational efficiency and reducing manual effort
• Availability for on-call duty

Requirements

• Practical experience with secrets management solutions, preferably HashiCorp Vault, including implementation, administration, and integration into enterprise systems; familiarity with Definea (formerly Thycotic) Secret Server is a plus
• Practical understanding of key IT security areas, including secure web gateway technologies (e.g., Zscaler), application delivery controllers (e.g., Citrix ADC/NetScaler), public key infrastructure (PKI), and multi-factor authentication frameworks
• At least 2-3 years of experience in 2nd and 3rd level engineering or operations roles supporting enterprise IT security services, ideally in highly regulated environments such as financial services
• Strong system administration skills on Linux and Windows platforms
• Proven experience with automation and infrastructure-as-code using Ansible, Terraform, Git, and scripting languages such as Python, Bash, PowerShell, and REST API integrations
• Working knowledge of cloud platforms (AWS, Azure, or GCP), with a focus on secure identity and access management
• Exposure to Kubernetes and containerized environments, particularly with regard to secrets injection and secure workload identity
• Solid understanding of core cybersecurity principles, including authentication, authorization, encryption, zero-trust, and least-privilege access controls
• Ability to make independent decisions, resolve incidents, and manage change requests with minimal supervision
• Strong analytical and conceptual thinking skills, with attention to detail and awareness of long-term architectural implications
• Comfortable working in a globally distributed team environment

We offer

No specific benefits or offers mentioned in the text.