Secrets Manager Engineer (m/w/d)

Aktuell suchen wir wir unseren Kunden einen Secrets Manager Engineer (m/w/d)



Start: Ende Oktober (20.10.25)

Laufzeit: 6 Monate mit Option auf Verlängerung

Auslastung: Vollzeit

Einsatzort: Remote - ca. 3 Tage/Monat vor-Ort-Präsenz in Frankfurt erwartet



Anforderung:

The ideal candidate for the Vault DevOps Engineer position is a dynamic and proactive individual with a strong foundation in DevOps principles and a keen interest in evolving into an architecting engineer role. They must exhibit a strong willingness to learn, adapt, and collaborate closely with IAM architects and other technical teams.

•    Vault Enterprise administration.

•    Secrets management integrations (VSO/ESO, CI/CD).

•    OIDC and RBAC/ABAC patterns.

•    HA/DR and secure operational runbooks.



Must-have Skills:

•    Configure Vault namespaces, ACLs, identity groups, DR, auto-unseal:

•    Integrate Keycloak OIDC/JWT and Terraform policy-as-code.

•    Build onboarding workflows (agents, sidecars, templates)

•    Manage secret rotation engines and expiry alerts.

•    Soft skills (role must be communicating a lot with other teams)

•    Implement mTLS, IP allow-lists, JIT access, SIEM integration.

•    Deliver tamper-evident audit logging.

•    Experience with the broader Vault architecture and its best-practices

•     Knowledge about Hardware Security Module (HSM), needs to be integrated with infrastructure level

•    Basic knowledge of Public key infrastructure (PKI)

•    Support short-lived certs via Vault PKI (not ceremonies).



• Fluent in German and English



Preferred experience:

•    Experience with cloud services and their configuration

•    Knowledge about IAM solutions based on OpenID Connect (OIDC), such as Keycloak, for auth backends

•    Working with Scrum and general experience in agile frameworks