Position Details

Salary $83K – $222K USD / year

Type Full-Time

Experience senior

Exp. Years 5+ years; 3+ years (Akeyless/HashiCorp Vault or CyberArk Conjur, scripting, and CI/CD integration)

Education Bachelor's degree or equivalent experience (High School Diploma and 4 years relevant experience)

Category Cybersecurity

About this role

This role designs, deploys, and operationally supports enterprise secrets management platforms, primarily Akeyless and HashiCorp Vault, across multi-cloud environments. You will automate secret onboarding and rotation, integrate with CI/CD pipelines and Kubernetes, and help migrate non-person accounts from PAM tools while monitoring credential risks.

Key Responsibilities

Serve as the SME for Akeyless and HashiCorp Vault secrets management platforms
Integrate secrets management with CI/CD pipelines and Kubernetes (AKS, GKE)
Automate onboarding and rotation of secrets for applications and machine identities
Support migration of non-person accounts from PAM tools to secrets management platforms
Monitor and remediate risks related to unmanaged credentials and privileged access

Technical Overview

You will act as a secrets management SME for Akeyless and HashiCorp Vault, implementing integrations with CI/CD tooling such as Jenkins and GitHub Actions. The role spans scripting automation (Python/Bash/PowerShell), Kubernetes deployments (AKS, GKE), and secure secret lifecycle management across Azure, Amazon Web Services, and Google Cloud Platform (GCP).

Ideal Candidate

The ideal candidate is a senior security engineer specializing in secrets management with production experience in Akeyless and/or HashiCorp Vault. They have integrated secrets management into CI/CD pipelines and Kubernetes (AKS, GKE), automated onboarding and rotation, and can migrate non-person accounts from PAM tools while monitoring unmanaged credentials and privileged access risks.

Must-Have Skills

Identity and Access Management (IAM)Privileged Access Management (PAM)AkeylessHashiCorp VaultCyberArk ConjurPythonBashPowerShellsecrets management integration with CI/CD pipelinesKubernetes (AKSGKE)AzureAmazon Web ServicesGoogle Cloud Platform (GCP)JenkinsGitHub Actionsautomate the onboarding and rotation of secretsmigration of non-person accounts from PAM tools to secrets management platformsmonitor and remediate risks related to unmanaged credentials and privileged access

Nice-to-Have Skills

Kubernetescontainer orchestrationand service mesh integrationssecure DevOps practicesAPI-based secret accessSDKsCLI toolslarge-scale enterprise environmentshybrid secrets management strategies involving multiple vaulting solutions (e.g.Azure Key VaultAWS Secrets Manager)Just-in-Time accesscertificate-based authentication (e.g.Venafi)Zero Knowledge encryption modelscompliance frameworks and audit requirements for secrets management

Tools & Platforms

AkeylessHashiCorp VaultCyberArk ConjurJenkinsGitHub ActionsKubernetesAzureAmazon Web ServicesGoogle Cloud Platform (GCP)Azure Key VaultAWS Secrets ManagerVenafi

Required Skills

secrets managementAkeylessHashiCorp VaultCyberArk ConjurIdentity and Access Management (IAM)Privileged Access Management (PAM)CI/CD pipelinesKubernetes (AKSGKE)AzureAmazon Web ServicesGoogle Cloud Platform (GCP)PythonBashPowerShellJenkinsGitHub Actionsautomate onboarding and rotation of secretssecrets lifecycle managementoperational runbooksSDK integrationsmigration of non-person accountsmonitor and remediate risksAzure Key VaultAWS Secrets ManagerJust-in-Time accesscertificate-based authenticationVenafiZero Knowledge encryption models

Hard Skills

secrets managementsecrets management platformsAkeylessHashiCorp VaultCyberArk Conjursecurity engineeringIdentity and Access Management (IAM)Privileged Access Management (PAM)cloud-native security practicesintegration with CI/CD pipelinesCI/CD pipelinesKubernetes (AKSGKE)AKSAzure Kubernetes Service (AKS)GKEGoogle Kubernetes Engine (GKE)cloud platformsAzureAmazon Web ServicesAWSGCPGoogle Cloud Platform (GCP)automationonboarding and rotation of secretsmachine identitiesscriptingPythonBashPowerShellJenkinsGitHub Actionsmigrations of non-person accountsprivileged accessunmanaged credentialshybrid secrets management strategiesAzure Key VaultAWS Secrets ManagerJust-in-Time accesscertificate-based authenticationVenafiZero Knowledge encryption modelscompliance frameworksaudit requirements for secrets managementoperational runbooksSDK integrations

Soft Skills

hands-on collaborationcross-functional collaborationstakeholder managementproduct partnershiparchitect and application team collaborationsecure implementation guidancerisk monitoring communication

Industry & Role

Industry Healthcare IT

Job Function Lead enterprise secrets management engineering with Akeyless and HashiCorp Vault across multi-cloud and Kubernetes

Role Subtype Security Engineer

Tech Domains Cybersecurity

Keywords for Your Resume

Senior Secrets Manager EngineerSecrets Management Engineersecrets managementAkeylessHashiCorp VaultCyberArk ConjurIdentity and Access Management (IAM)Privileged Access Management (PAM)CI/CD pipelinesKubernetes (AKSGKE)Azure Kubernetes Service (AKS)Google Kubernetes Engine (GKE)AzureAmazon Web ServicesAWSGoogle Cloud Platform (GCP)GCPPythonBashPowerShellJenkinsGitHub Actionssecrets lifecycle managementonboarding guidesoperational runbooksSDK integrationsAzure Key VaultAWS Secrets ManagerJust-in-Time accessVenafiZero Knowledge encryption models

Deal Breakers

3+ years hands-on experience with Akeyless and/or HashiCorp Vault in production environments, 3+ years scripting in Python, Bash, or PowerShell, 3+ years integrating secrets management with Jenkins or GitHub Actions (or similar CI/CD tools)

Apply for this Position →

Get matched to jobs like this

Luna finds roles that fit your skills and career goals — no endless scrolling required.

Create a Free Profile

Senior Secrets Management Engineer - Akeyless

Get matched to jobs like this