L3 Security Engineer (HashiCorp Vault IPA), Security Engineering Section (RMI Security Eng. & Ops Dep)

Tokyo - Japan

Monthly Salary: Not Disclosed

Posted on: 22 hours ago

Vacancies: 1 Vacancy

Job Summary

Job Description:

About Organization

We are seeking a highly skilled and experienced L3 Engineer specializing in HashiCorp Vault and Identity Policy and Access (IPA) management. The successful candidate will be responsible for the design implementation maintenance and troubleshooting of our critical security infrastructure ensuring the secure management of secrets identities and access across our enterprise. This role requires deep technical expertise a proactive approach to security and the ability to operate independently in complex environments.

Job Duties

System Design & Architecture:Lead the design and architectural planning for Vault and IPA solutions ensuring scalability high availability and security best practices. Develop and maintain architectural documentation standards and guidelines for secrets management and identity access.
Implementation & Deployment:Deploy configure and manage HashiCorp Vault clusters (both open-source and Enterprise). Implement and manage various Vault secret engines (e.g. KV database Transit Kubernetes SSH). Integrate Vault with various applications services and infrastructure components. Design and implement authentication methods within Vault (e.g. LDAP OIDC AWS EC2 Kubernetes). Configure and manage Identity Policy and Access (IPA) systems (e.g. FreeIPA Active Directory integration Okta Ping Federate) to ensure robust identity management and access controls. Automate Vault and IPA deployments and configurations using Infrastructure as Code (IaC) tools (e.g. Terraform Ansible).
Operations & Support (L3):Provide expert-level (L3) support for all Vault and IPA-related incidents problems and requests. Perform root cause analysis for complex issues and implement permanent solutions. Monitor system health performance and security of Vault and IPA infrastructure. Conduct regular security audits vulnerability assessments and penetration testing on secrets management and identity systems. Develop and maintain runbooks operational procedures and documentation for Vault and IPA. Participate in an on-call rotation as required for critical systems.
Security & Compliance:Ensure Vault and IPA configurations adhere to internal security policies industry best practices and regulatory compliance requirements (e.g. SOC2 ISO27001 PCI DSS). Implement and enforce least privilege access principles. Manage and rotate encryption keys and certificates securely.
Collaboration & Mentorship:Collaborate with development operations and security teams to integrate Vault and IPA into CI/CD pipelines and application ecosystems. Provide technical guidance and mentorship to junior engineers and cross-functional teams. Stay current with emerging technologies threats and best practices in secrets management identity and access control.

Minimum Qualification

Bachelors degree in Computer Science Information Technology Cybersecurity or a related field or equivalent practical experience.
5 years of experience in a hands-on engineering role with a strong focus on security and infrastructure.
3 years of dedicated experience with HashiCorp Vault including advanced configuration operation and troubleshooting.
Expert-level knowledge of HashiCorp Vault architecture secret engines authentication methods policies and replication.
Strong experience with Identity Policy and Access (IPA) management systems (e.g. FreeIPA Active Directory Okta Ping Federate LDAP).
Proficiency in at least one scripting language (e.g. Python Go Bash) for automation and integration.
Solid understanding of cloud platforms and their native identity and access management (IAM) services.
Experience with containerization technologies (Docker Kubernetes) and securing applications within these environments.
Strong understanding of network protocols firewalls load balancing (F5) and secure communication (TLS/SSL).
Familiarity with security best practices compliance frameworks and auditing principles.
Excellent problem-solving analytical and communication skills.
Ability to work independently and as part of a collaborative team.

Languages:

English (Overall - 3 - Advanced)

Required Experience:

Job Description:About OrganizationWe are seeking a highly skilled and experienced L3 Engineer specializing in HashiCorp Vault and Identity Policy and Access (IPA) management. The successful candidate will be responsible for the design implementation maintenance and troubleshooting of our critical se...

Job Description:

About Organization

Job Duties

System Design & Architecture:Lead the design and architectural planning for Vault and IPA solutions ensuring scalability high availability and security best practices. Develop and maintain architectural documentation standards and guidelines for secrets management and identity access.
Implementation & Deployment:Deploy configure and manage HashiCorp Vault clusters (both open-source and Enterprise). Implement and manage various Vault secret engines (e.g. KV database Transit Kubernetes SSH). Integrate Vault with various applications services and infrastructure components. Design and implement authentication methods within Vault (e.g. LDAP OIDC AWS EC2 Kubernetes). Configure and manage Identity Policy and Access (IPA) systems (e.g. FreeIPA Active Directory integration Okta Ping Federate) to ensure robust identity management and access controls. Automate Vault and IPA deployments and configurations using Infrastructure as Code (IaC) tools (e.g. Terraform Ansible).
Operations & Support (L3):Provide expert-level (L3) support for all Vault and IPA-related incidents problems and requests. Perform root cause analysis for complex issues and implement permanent solutions. Monitor system health performance and security of Vault and IPA infrastructure. Conduct regular security audits vulnerability assessments and penetration testing on secrets management and identity systems. Develop and maintain runbooks operational procedures and documentation for Vault and IPA. Participate in an on-call rotation as required for critical systems.
Security & Compliance:Ensure Vault and IPA configurations adhere to internal security policies industry best practices and regulatory compliance requirements (e.g. SOC2 ISO27001 PCI DSS). Implement and enforce least privilege access principles. Manage and rotate encryption keys and certificates securely.
Collaboration & Mentorship:Collaborate with development operations and security teams to integrate Vault and IPA into CI/CD pipelines and application ecosystems. Provide technical guidance and mentorship to junior engineers and cross-functional teams. Stay current with emerging technologies threats and best practices in secrets management identity and access control.

Minimum Qualification

Bachelors degree in Computer Science Information Technology Cybersecurity or a related field or equivalent practical experience.
5 years of experience in a hands-on engineering role with a strong focus on security and infrastructure.
3 years of dedicated experience with HashiCorp Vault including advanced configuration operation and troubleshooting.
Expert-level knowledge of HashiCorp Vault architecture secret engines authentication methods policies and replication.
Strong experience with Identity Policy and Access (IPA) management systems (e.g. FreeIPA Active Directory Okta Ping Federate LDAP).
Proficiency in at least one scripting language (e.g. Python Go Bash) for automation and integration.
Solid understanding of cloud platforms and their native identity and access management (IAM) services.
Experience with containerization technologies (Docker Kubernetes) and securing applications within these environments.
Strong understanding of network protocols firewalls load balancing (F5) and secure communication (TLS/SSL).
Familiarity with security best practices compliance frameworks and auditing principles.
Excellent problem-solving analytical and communication skills.
Ability to work independently and as part of a collaborative team.