DevSecOps Platform Engineer (Secrets Management-Cyberark/Hashicorp)

We are seeking a Senior DevSecOps Engineer to design and automate an enterprise dual?stack secrets management ecosystem built on CyberArk (PAM) and HashiCorp Vault (machine/app secrets).
This role is responsible for transforming the platforms into a fully automated, highly available, platform-as-a-service" capability, with zero/low-touch operations for:
This candidate will operate at the intersection of DevOps, SRE, and Security Engineering, building automation-first solutions that scale across multi-cloud, hybrid environments, and CI/CD ecosystems.
Key Responsibilities
1) Dual-Platform Strategy Integration
Own the operating model for dual vaulting platforms, clearly delineating:
CyberArk ? human privileged access (PAM)
Vault ? application, dynamic, and non-human secrets
Support enterprise initiatives for centralized secrets management across cloud and on-prem platforms.

2) Full Automation of Day-2 Operations
Eliminate manual operations by engineering:
Automated patching pipelines
Automated version upgrades
Lifecycle workflows (certificate rotation, secret rotation, platform hardening)
Build reusable frameworks for:
Safe maintenance windows
Automated rollback
Continuous compliance validation
Standardize Day-2 operational patterns, runbooks, and platform engineering playbooks.

3) Upgrade, Patching, and Release Engineering
Design and implement enterprise-grade upgrade strategies, including:
Rolling upgrades (HA clusters)
Blue/green or parallel cluster deployments
Controlled failover patterns
Introduce automated validation:
Pre-checks (dependency/version compatibility)
Post-checks (cluster health, secret access integrity)
Ensure Vault and CyberArk platforms remain aligned to:
Security patch baselines
Enterprise upgrade cadences

4) Infrastructure as Code Pipeline Engineering
Build and maintain modular IaC for secrets platform deployment and lifecycle:
CyberArk components (Vault, CPM, PSM, connectors)
Vault clusters (HA raft, DR, auto-unseal)
Develop CI/CD pipelines to:
Build, validate, and promote platform changes
Securely inject and manage secrets in pipelines (DevSecOps alignment)
Integrate secrets management securely into CI/CD systems, avoiding credential sprawl.

5) Observability, Health, and Self-Healing
Define operational health KPIs for both platforms, including:
Vault: seal/unseal state, raft performance, resource utilization, transaction latency
CyberArk: component availability, credential lifecycle success, access workflows
Implement:
Automated health checks and drift detection
Event-driven remediation
End-to-end alerting integrated into enterprise monitoring tools
Primary SkillDevOps
Desired Skills

• Experience building Vault as a Service" / PAM as a platform capabilities
• Knowledge of:
• Dynamic secrets / short-lived credentials
• JIT access models
• Token-based or OIDC-based auth patterns
• Experience with:
• Kubernetes / container platforms
• Multi-cloud environments (AWS, Azure)
• Familiarity with CyberArk automation tooling (e.g., Ansible-based approaches) ?

Required Skills

• 6) High Availability, Resilience, and DR
• Engineer resilient, high uptime architectures for secrets platforms:
• Multi-zone / multi-region deployment patterns
• Disaster recovery and failover automation
• Validate resilience continuously via:
• Failure injection
• Controlled DR drills
• Recovery validation pipelines
• 7) Security, Governance, and Compliance
• Implement strong governance patterns:
• Segregation of duties (admin vs usage)
• Approval workflows and just-in-time access
• Least-privilege enforcement
• Ensure all automation aligns with:
• Audit requirements
• Security best practice
• IaC methodology
• Infrastructure as Code (IaC) CICD: Terraform, Ansible GitOps workflows version control (Git) API automation: REST, CLI, SDK-based orchestration Vault platforms: HashiCorp Vault, CyberArk, cloud secret managers