Job Description
Chandler, AZ Hybrid (3 Days in 2 Days remote) 12-18 Month Contract Must work on W2* We are seeking a High‑level Platform Engineer to design, engineer, deploy, and operate enterprise‑scale secrets management platforms, including HashiCorp Vault (Secrets Vault) and CyberArk’s Password Vault solutions, in support of critical applications and infrastructure. This role is responsible for designing, building and operating a highly secure, resilient, and scalable secrets management ecosystem across multiple deployment lanes (Dev, UAT, Production), with support for primary and disaster recovery (DR) clusters. Deep understanding of Active Directory and database integrations, strict availability, security, and compliance requirements support required. The ideal candidate has recent demonstrable hands‑on experience with both modern secrets platforms HashiCorp Vault and CyberArk, and understands how to define clear ownership boundaries, integration patterns, and operating models across both platforms in large, regulated enterprise environments. Key Responsibilities Enterprise Secrets Platform Engineering Design, deploy, and operate enterprise‑grade HashiCorp Vault environments, including: Primary and DR cluster pairs Multi‑AZ / multi‑data‑center resilient architectures Lane‑based isolation (Dev / UAT / Production) Engineer and support Password Vault solutions for: Privileged and service account password management Credential rotation and policy enforcement Define clear functional boundaries between: Human and interactive privileged access Non‑human, non‑interactive identities and application secrets Resiliency, Availability & DR Implement high‑availability and disaster recovery designs for secrets platforms addressing: Node loss Data center loss Regional failure scenarios Own backup, restore, and DR testing strategies for Vault and CyberArk platforms. Ensure secrets platforms meet Tier‑0 availability and resiliency expectations. Identity, Access & Integration Integrate Vault and CyberArk with enterprise Active Directory for: Authentication Authorization Group and role‑based access controls Implement and manage database credential integrations using: Vault dynamic and static secrets engines CyberArk‑managed credentials where required Design secret‑zero resolution and identity‑based authentication patterns, minimizing reliance on long‑lived static credentials. Enforce least‑privilege, role‑based access models across both platforms. Operations & Platform Reliability Own day‑2 operations for enterprise secrets platforms, including: Health monitoring and alerting Access logging and audit readiness Performance tuning and capacity planning Participate in incident response, root cause analysis, and security events related to secrets and credential exposure. Maintain standard operating procedures and runbooks for enterprise teams. Automation, Standards & Enablement Automate provisioning and configuration using IaC (Infrastructure as Code) and configuration management tools. Define standardized onboarding patterns for applications leveraging Vault or CyberArk. Publish reference architectures, integration patterns, and engineering standards. Partner with application, infrastructure, and security teams to drive adoption at scale. Required Skills & Experience Core Experience 7+ years in platform, infrastructure, or security engineering roles. Strong hands‑on experience with HashiCorp Vault and CyberArk, including: HA architectures Primary / DR cluster designs Multi‑lane environments (Dev / UAT / Prod) Privileged account vaulting Password rotation and lifecycle management Experience with operating secrets management platforms as shared enterprise services. Identity & Security Strong knowledge of Active Directory integration with authentication and secrets platforms. Experience with database credential management and rotation. Practical understanding of human vs non‑human identity separation. Expertise in RBAC, policy design, and least‑privilege access enforcement. Strong understanding of OS and service authentication (PAM, OIDC, Certs, etc) Infrastructure & Automation Strong Linux and Windows based systems knowledge. Experience with TLS, certificates, and secure networking. Infrastructure‑as‑Code experience (e.g.