Secrets Management Engineer (CyberArk Conjur)

Secrets Management Engineer (CyberArk Conjur)

Overview:

We are seeking a highly skilled and security-focused Secrets Management Engineer to take ownership of our enterprise secrets management program. This role will focus on implementing and managing CyberArk Conjur, designing robust secrets lifecycle processes, and supporting secure credential delivery across a microservices-driven OpenShift environment. The ideal candidate understands both security best practices and modern cloud-native architectures.

Key Responsibilities:

• Design, implement, and manage the enterprise Secrets Management program using CyberArk Conjur.
• Establish and maintain secure secrets lifecycle processes, including provisioning, rotation, expiration, and decommissioning.
• Develop integration patterns for secrets delivery across microservices deployed in OpenShift.
• Collaborate with DevOps, cloud, and application teams to securely inject secrets into CI/CD pipelines.
• Create and maintain automation scripts and templates using YAML, Helm, and other Infrastructure-as-Code tools.
• Monitor and audit secrets usage, access patterns, and compliance with internal policies.
• Contribute to the development of security controls and standards around secrets management, key vaulting, and token handling.
• Participate in security architecture reviews for containerized and cloud-native workloads.
• Train and support internal teams on secure secrets usage and best practices.

Requirements:

• Strong hands-on experience with CyberArk Conjur or equivalent enterprise secrets management tools.
• Deep understanding of secrets lifecycle management in modern cloud environments.
• Experience working in OpenShift or other Kubernetes-based container platforms.
• Familiarity with programming and configuration languages like YAML, Bash, or Python.
• Solid grasp of microservices architecture, service-to-service authentication, and secure workload identity management.
• Understanding of authentication standards such as OAuth2, JWT, and TLS mutual auth.

Nice-to-Have:

• Experience with HashiCorp Vault, AWS Secrets Manager, or Azure Key Vault.
• Exposure to CI/CD tools like Jenkins, GitLab CI, or ArgoCD.
• Familiarity with RBAC, Zero Trust principles, and IAM integration in Kubernetes.
• Previous experience in regulated environments (e.g., banking, finance, healthcare).

R1442954