The DevOps Secrets Engineer will work in the corporate information security organization.They will analyze, develop, and build processes and technology, to ensure timely delivery of secrets/key management services. The Secrets engineer will be expected to build a multi-cloud infrastructure that manages application secrets and keys in alignment with corporate security policies.

Responsibilities

• Delivery of the Cloud based secrets and key management technologies, policies, automation, integration, software and systems patching.
• Lead projects to develop and deliver new security features and expand coverage to new use cases and achieve cost efficiencies through standardization.
• Lead and conduct proof of concepts that validate the quality, efficiency and performance of secrets management solutions.
• Contribute to secrets infrastructure design, including provisioning, distribution, scaling access policies, SSH key management, API key management, and reporting.
• Design, configure, and maintain secrets solutions for storage, machine auth, infrastructure components, cloud native product, applications, databases, cloud services (SaaS).
• Integrate the secrets infrastructure with various technologies such as Service Now, Kubernetes, SailPoint or other top IDM solutions
• Provide security consultation on internal projects focusing on business needs and how data is transmitted internally and externally.
• Authoring and maintaining documentation procedures, inventories, and diagrams for secrets solutions and processes.
• Monitors and responds to capacity and performance needs of the secrets infrastructure.
• Provides regular reports to leadership regarding security, capacity, usage, and licensing
• Provide leadership in reducing privileged access and accelerating least privileged access

Qualifications 

• Bachelor’s Degree in Information Technology, Computer Science or other related fields

• Industry certifications in cyber or identity security attesting to broad knowledge of security best practices and design.
• 2-5 years administering and maintaining secrets solutions such as Conjure, HashiCorp Vault, Azure keystore, AWS secrets manager, AWS KMS

• Work history in delivering mission critical security services to large company in multi-cloud and globally distributed environment.

• Experience working with SIEM integration (Splunk) and UBA/Threat Analytics.
• Background working in a large IT organization with responsibility for supporting the technology and processes in the cyber security domain and controls program, preferably in a financial services organization
• Experience with server hardening and advanced designing secure platforms.
• Understanding of zero trust security and cloud native machine authentication .
• Experience with Service Life Cycle or Agile Frameworks
• Good verbal and written communication skills
• Advanced research, analytical, and problem-solving skills
• Effective in leading resources to deliver large goals and objectives
• Practical skills presenting findings, conclusions, alternatives, and information clearly and concisely
• Experience in developing automated solutions and processes using Ansible, Puppet, Python, BASH for UNIX/Linux.
• Strong knowledge of modern cloud compute automated provisioning DevOps Pipelines using technologies such as : Terraform, Harness, YAML, Jenkins, JFrog, Sonar, VeraCode, Lamda

Salary Range:

The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.

Job Application Disclosure:

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

State Street’s Speak Up Line