Lead Infrastructure Engineer (Encryption Security-Hashicorp Vault)

About this role:
This position will be part of a Team that performs engineering and management of data protection technologies that includes Hashicorp Vault. Candidates must have intermediate to advanced systems engineering experience in medium to large Enterprise environments. Must have extensive experience with Linux Server operating systems, Red Hat preferred. Experience providing production support and end to end management of HSMs and/or security appliances and/or data protection/encryption technologies. Need to be capable of creating technical/engineering documentation and have excellent written and oral communication. Must have extensive experience with scripting and automation practices. Participates in interactions with encryption technology and HSM vendors - helps to ensure vendor product engineering is in line with the objectives and security requirements of Wells Fargo and coordinates with the vendor support teams to ensure issues impacting Wells Fargo are resolved quickly and effectively. Participates in interactions with technical, engineering and non-technical partners companywide for the technologies listed above.
In this role, you will:

• Independently design, implement, and manage secure, highly available HashiCorp Vault platform with minimal oversight from lead engineers
• Contribute to end-to-end automation of Vault provisioning, configuration, and lifecycle management using Ansible and Terraform
• Develop and enforce platform standards for secrets management, authentication, authorization, and Vault best practices across the organization
• Analyze and solve complex technical challenges, including cloud native and multi-cloud integrations, Kubernetes auth setups, PKI hierarchies, replication, and performance optimization
• Collaborate directly with cross-functional teams-security, platform engineering, application teams, product owners, and vendors-to deliver architecturally sound Vault solutions
• Troubleshoot deep technical issues independently, including HA failures, unseal workflows, auth method problems, and secret engine configuration errors
• Implement advanced Vault capabilities, such as static and dynamic secrets, PKI secret engine, dynamic Database secrets, and namespace management
• Guide and support engineering teams, providing Vault expertise, technical recommendations, and onboarding assistance without requiring constant supervision
• Drive continuous improvement, identifying opportunities for automation, performance tuning, reliability enhancements, and security hardening across Vault deployments
• Provide on-call support on rotational basis per team's schedule.

Required Qualifications:

• 5+ years of Technology Infrastructure Engineering and Solutions experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 3+ years of hands-on experience with HashiCorp Vault, with a proven track record in enterprise-grade Vault design, deployment, and automation
• Practical experience with Enterprise Change Management, change control processes, and operating within procedural, compliance-driven environments
• Hands-on expertise with Terraform, Ansible, CI/CD pipelines, and GitHub, with strong understanding of modern automation pipelines for Vault provisioning and configuration
• Solid understanding of Linux system administration, required for installing, configuring, securing, and troubleshooting Vault clusters
• Deep understanding of the Vault lifecycle, including installation, upgrades, HA deployment, scaling, and cluster maintenance.

Desired Qualifications:

• Proven experience designing, integrating, and maintaining Vault Secret Engines, including: KV, Database, PKI, Azure, GCP, LDAP, Dynamic secret engines, and secret rotation flows
• Strong experience designing, implementing, and maintaining Vault Auth Engines, such as: LDAP, AppRole, Kubernetes, JWT/OIDC, TLS Certificate authentication.
• Hands-on experience implementing Vault Auto-Unseal using HSM-based solutions.
• Experience configuring and maintaining Vault audit logging, monitoring, and metrics, using tools like Splunk, Grafana, and other observability platforms.
• Hands-on expertise with Vault Agent, templates, auto-auth, and Vault Proxy integrations.
• Should have hands on experience in using Hashicorp Vault service like (Key management system, Secret and certificate management)
• Good knowledge of DevOps and SDLC for IaC CI/CD concepts, GitHub, branching strategies
• Professional HashiCorp Vault Certification (HVCP or equivalent)

Job Expectations:

• This position offers a hybrid work schedule
• Relocation assistance is not available for this position
• Telecommuting is not an option for this position
• This position is not eligible for visa sponsorship.