Secrets Engineer

At Graphcore were building the future of AI compute.

Were a team of semiconductor software and AI experts with deep experience in creating the complete AI compute stack - from silicon and software to infrastructure at datacenter scale.

As part of the SoftBank Group backed by significant long-term investment we are delivering key technology into the fast-growing SoftBank AI meet the vast and exciting AI opportunity Graphcore is expanding its teams around the are bringing together the brightest minds to solve the toughest problems in a place where everyone has the opportunity to make an impact on the company our products and the future of artificial intelligence.

Job Summary

We are seeking a Secrets Engineer to lead the development deployment and ownership of a secure scalable secrets-management platform for the entire organization. You will build a new enterprise-grade HashiCorp Vault or OpenBao environment from scratch. It must be highly available resilient and suited for long-term use.

This is a strategic role: you will deliver and operate the central platform. You will also collaborate with engineering security and operations teams that manage localized or ad-hoc secrets systems. A key part of your mission is to unify and standardize these methods across Graphcore ensuring consistent guidelines smooth migration and organization-wide support.

The Team

Youll be joining a multidisciplinary team with strong technical skills and a very encouraging culture. We work closely together and regularly share knowledge and your skills will make a direct impact on our business. Its an exciting and pivotal moment for us right now with plenty of new projects ahead. If youre looking to solve interesting problems and see your work deliver real-world results this is the team for you.

Responsibilities and Duties

Platform Ownership & Implementation

• Build deploy and operate an organization-wide HashiCorp Vault or OpenBao platform from scratch ensuring high availability scalability and strong security posture.

• Define architecture for clustering storage backends auto-unseal disaster recovery and performance replication.

• Develop migration strategies and reference frameworks that allow other teams to move from their current secrets tools to the central platform.

• Standardization & Governance

• Collaborate with groups from engineering security and operations to merge various secrets stores into one unified system.

• Develop organizational standards policies access models and workflows to ensure consistent secure usage of the platform.

• Advocate for guidelines in secret lifecycle management authentication methods and identity federation.

Integrations Enablement and Developer Experience

• Build tooling automation onboarding guides and libraries to help teams adopt Vault/OpenBao easily and accurately.

• Integrate Vault/OpenBao with CI/CD systems cloud platforms and internal services.

• Deliver workshops training and direct technical support to accelerate adoption.

Research & Advanced Security Capabilities

• Evaluate approaches for secure password storage for individual userseither within Vault/OpenBao or by assessing alternatives such as BitLocker or other credential-management systems.
• Conduct an initial study on the feasibility of implementing SPIFFE/SPIRE for workload identity attestation and zero-trust authentication outlining future pathways and recommendations.

Collaboration & Cross-Team Work

• Partner with HPC Networking Storage Security and Cloud Engineering teams to ensure seamless integration of secrets workflows into broader infrastructure systems.
• Find opportunities to improve security posture and operational efficiency through automation and standardized secrets management.

Candidate Profile

Essential:

• 4 years in DevOps SRE security engineering or platform engineering roles.
• Direct experience deploying and operating HashiCorp Vault OpenBao or a similar enterprise secrets-management system.
• Strong understanding of authentication backends (OIDC LDAP cloud IAM) secret engines PKI encryption and token/credential lifecycle.
• Solid Linux administration and shell scripting experience.
• Experience with Infrastructure-as-Code (Terraform preferred) and CI/CD automation.
• Strong communication skills with the ability to collaborate across multiple engineering and security fields.

Desirable:

• Experience crafting HA/DR architectures for Vault/OpenBao.
• Experience connecting Vault with cloud platforms (AWS Azure GCP) and CI/CD pipelines.
• Knowledge of SPIFFE/SPIRE workload identity or zero-trust architectures.
• Understanding of modern security tooling certificate management or identity platforms.
• Python programming experience for automation and tooling.

We welcome people of different backgrounds and experiences; were committed to building an inclusive work environment that makes Graphcore a great home for everyone. We offer an equal opportunity process and understand that there are visible and invisible differences in all of us. We can provide a flexible approach to interview and encourage you to chat to us if you require any reasonable adjustments.