Lead Identity Engineer – Secrets Management

Lead Identity Engineer – Secrets Management

Posted: June 18, 2025 Job Type: Permanent Industry: Cybersecurity

eStreetSecurity is partnering with a leading financial services firm in their search for a highly skilled and experienced Lead Identity Engineer with profound expertise in HashiCorp Vault and comprehensive Identity & Access Management (IAM) principles. This is a critical and strategic hire as the firm continues to build out their next-generation Secrets Management infrastructure. The successful candidate will serve as the Lead Engineer for a dedicated team of 5-10 professionals. The ideal candidate will bring a robust background supporting the design and implementation of highly resilient and secure secrets management solutions across diverse environments including cloud, on-premises, and hybrid setups, all within a stringent Zero Trust Architecture framework.

Location & Compensation:

• Location: Jersey City, NJ / Dallas, TX / Tampa, FL (This is a hybrid role requiring 3 days per week onsite at one of the specified locations.)
• Compensation: Commensurate with experience and chosen location. Please note that the compensation range listed above (USD $130,000 – $160,000) is specifically applicable only to candidates for the role based in the Jersey City, NJ office.

What You’ll Be Doing:

As the Lead Identity Engineer focusing on Secrets Management, you will be a pivotal technical leader, driving key initiatives to enhance the firm’s security posture. Your core responsibilities will include:

• Secrets Management SME Leadership: Acting as the definitive Subject Matter Expert (SME) for all aspects of secrets management and HashiCorp Vault. This involves leading architectural discussions, design efforts, and implementation initiatives across the enterprise.
• Secure System Design & Maintenance: Designing, implementing, and maintaining secure and scalable secrets management systems. These solutions will be seamlessly integrated with existing enterprise IAM frameworks and CI/CD pipelines to ensure end-to-end security.
• Zero Trust Enforcement: Actively enforcing Zero Trust principles across the entire infrastructure and application layers, ensuring that all access is verified, least privilege is applied, and security is pervasive.
• Automation with IaC: Automating infrastructure provisioning and Vault configurations extensively using Terraform and various scripting tools, promoting efficiency, consistency, and repeatability.
• Cross-Functional Collaboration: Collaborating closely with diverse cross-functional teams, including DevOps, Security Operations, and Application Engineering, to embed secrets management best practices directly into their workflows and development lifecycles.
• Monitoring & Troubleshooting: Proactively monitoring and efficiently troubleshooting secrets infrastructure using a suite of powerful observability tools such as Splunk, Grafana, and Elasticsearch, ensuring high availability and rapid issue resolution.
• Script Development & Maintenance: Developing and maintaining robust shell scripts for automation tasks and enhancing operational efficiency specifically on Linux/Unix systems.
• Agile/Kanban Participation: Actively participating in Agile/Kanban workflows, contributing meaningfully to sprint planning, daily stand-ups, retrospectives, and fostering a culture of continuous improvement within the team.

What’s Needed:

We’re seeking a highly skilled and experienced professional with:

• HashiCorp Vault Expertise: Demonstrated extensive hands-on experience as a HashiCorp Vault SME specifically within large-scale enterprise environments.
• IAM & Zero Trust Background: A strong background in Identity and Access Management (IAM), comprehensive secrets lifecycle management, and practical experience with Zero Trust Architecture implementation.
• Linux/Unix & Scripting Proficiency: Proven proficiency in Linux/Unix administration and strong command of shell scripting for automation and system management.
• Terraform & IaC: Solid experience with Terraform and a deep understanding of infrastructure as code (IaC) practices.
• Cloud & On-Prem Familiarity: Familiarity with major cloud platforms (AWS, GCP, Azure) and extensive experience supporting systems in traditional on-premises environments.
• Networking Fundamentals: Working knowledge of essential networking fundamentals, including secure communication protocols (e.g., TLS, SSH).
• Monitoring & Logging Tools: Practical experience with key monitoring and logging tools such as Splunk, Grafana, and Elasticsearch.
• Agile/Kanban Experience: Comfort and experience working effectively within Agile/Kanban development methodologies.

Preferred Qualifications:

While not strictly required, candidates possessing the following will be highly regarded:

• HashiCorp Vault Certification(s): Holding HashiCorp Vault certification(s) or demonstrating equivalent practical experience.
• Kubernetes Integration: Experience integrating Vault with Kubernetes and other cloud-native services.
• DevSecOps Exposure: Exposure to secure software development practices and strong familiarity with DevSecOps principles and tools.

This is a unique and impactful opportunity to join a high-performing team at the forefront of financial cybersecurity. Your specialized expertise in secrets management and IAM will directly influence the security posture of a global enterprise, protecting critical assets and data. Interested applicants should submit a concise resume with full name and contact information to be considered.

Candidates must be fully authorized to work in the United States and be located within commuting distance of Jersey City, NJ, Dallas, TX, or Tampa, FL. Unfortunately, visa sponsorship is not available at this time.