IAM Principal Secrets Management - PAM

IAM Principal Secrets Management - PAM This role has been designed as ‘Hybrid’ with an expectation that you will work on average 2 days per week from an HPE office. Who We Are: Hewlett Packard Enterprise is the global edge-to-cloud company advancing the way people live and work. We help companies connect, protect, analyze, and act on their data and applications wherever they live, from edge to cloud, so they can turn insights into outcomes at the speed required to thrive in today’s complex world.

Our culture thrives on finding new and better ways to accelerate what’s next. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good. If you are looking to stretch and grow your career our culture will embrace you.

Open up opportunities with HPE. Job

Description:

About:

our Cybersecurity Team Are you ready to make an impact with one of the world’s leading technology companies? HPE’s Cybersecurity team is where you can do just that. We’re looking for an

experience:

d and visionary Principal Secrets Management Architect to join our global Cybersecurity organization. If you’re passionate

about:

protecting credentials, designing enterprise-scale secrets management solutions, and leading modernization across hybrid environments, this is the role for you.

About:

the Role As a Principal Secrets Management Architect in the Identity and Access Management team, you will serve as the enterprise subject matter expert (SME) and technical leader for secrets management and credential security across HPE. You will be responsible for the architecture, design, and implementation of secure, scalable, and automated secrets management solutions leveraging HashiCorp Vault and other enterprise-grade technologies.

This role will lead end-to-end strategy and execution for secrets management — from platform design and integration to lifecycle governance and automation. You will work closely with IAM, PAM, DevSecOps, and application security teams to embed secrets management into enterprise identity and access controls.

Key Responsibilities:

Architecture & Strategy Define the enterprise secrets management strategy, standards, and reference architectures aligned to HPE’s Zero Trust and IAM frameworks Architect and design scalable secrets management solutions for hybrid environments — on-premises, private cloud, and public cloud (AWS, Azure, GCP) Lead the adoption of HashiCorp Vault Enterprise as the core platform for secrets storage, rotation, and access governance Establish patterns for dynamic secrets, short-lived credentials, and API-based access control Partner with enterprise architects, IAM, and DevSecOps leaders to define integration patterns and security models across platforms Technical Oversight & Implementation Serve as the technical lead and SME for the design, configuration, and deployment of HashiCorp Vault Enterprise (Performance Replication, DR, Namespaces, PKI, Secrets Engines, and Authentication Methods) Lead the integration of secrets management with PAM, CI/CD pipelines, cloud workloads, and container platforms (Kubernetes, Docker) Implement policy-based access controls (RBAC, namespaces, AppRoles, OIDC, JWT) and automated credential rotation Design and deploy audit logging, monitoring, and event correlation with SIEM/SOAR platforms Support migration from legacy password vaults or static key stores to centralized secrets management platforms Oversee performance tuning, disaster recovery, and lifecycle management for enterprise secrets management services Security & Compliance Define and enforce governance, access policies, and lifecycle controls for secrets and credentials Ensure secrets management aligns with corporate and regulatory compliance standards (SOX, FedRAMP, ISO 27001, NIST 800-53) Conduct threat modeling and risk assessments for secret exposure and credential misuse scenarios Partner with audit and compliance teams to demonstrate control effectiveness and continuous compliance Leadership & Collaboration Act as the enterprise SME and advisor to cybersecurity, IAM, DevSecOps, and infrastructure teams on secrets management best practices Provide technical leadership and mentorship to engineers and developers implementing secrets management integrations Drive adoption across business units, ensuring consistent design patterns, automation, and governance models Collaborate with product vendors and open-source communities to stay ahead of emerging capabilities and vulnerabilities in secrets management technologies

About:

You You are a senior cybersecurity professional with deep hands-on and architectural expertise in secrets management, privileged access, and identity security. You thrive in designing scalable, secure, and automated credential management solutions, and are equally comfortable being the technical authority, mentor, and execution lead.

You combine strategy with hands-on delivery and excel at driving enterprise adoption across diverse teams and environments.

Education:

&

Experience:

Requirements:

Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field (or equivalent

experience:

) 10+ years of IT or Cybersecurity

experience:

, with 8+ years focused on secrets management, PAM, and IAM in enterprise environments Proven

experience:

in architecture, design, and implementation of enterprise-grade secrets management platforms Deep hands-on expertise with HashiCorp Vault Enterprise (auth methods, secrets engines, replication, DR, PKI, namespaces, APIs)

Experience:

integrating secrets management with PAM platforms (e.g., CyberArk, BeyondTrust) and DevOps toolchains (Jenkins, GitHub, GitLab, Azure DevOps, Kubernetes) Strong understanding of Zero Trust, Just-in-Time access, and ephemeral credential concepts Proficiency in scripting and automation (PowerShell, Python, Terraform, or similar) Familiarity with cloud-native identity services (AWS Secrets Manager, Azure Key Vault, GCP Secret Manager)

Experience:

in enterprise security governance, audit readiness, and regulatory compliance frameworks Excellent communication and leadership

skills:

with the ability to influence across technical and executive stakeholders Preferred certifications: HashiCorp Certified Vault Expert, CISSP, CISM, or AWS/Azure security certifications Additional

Skills:

Accountability, Accountability, Action Planning, Active Learning, Active Listening, Agile Methodology, Bias, Business, Coaching, Creativity, Critical Thinking, Cybersecurity, Data Analysis Management, Data Collection Management (Inactive), Data Controls, Design Thinking, Development Methodologies, Empathy, Follow-Through, Growth Mindset, Implementation Methodologies, Infrastructure Design, Intellectual Curiosity (Inactive), Long Term Planning, Managing Ambiguity {+ 4 more}

What We:

Can Offer You: Health & Wellbeing We strive to provide our team members and their loved ones with a comprehensive suite of

benefits:

that supports their physical, financial and emotional wellbeing. Personal & Professional Development We also invest in your career because the better you are, the better we all are. We have specific programs catered to helping you reach any career goals you have — whether you want to become a knowledge expert in your field or apply your

skills:

to another division. Unconditional Inclusion We are unconditionally inclusive in the way we work and celebrate individual uniqueness. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good.

Let's Stay Connected: Follow @HPECareers on Instagram to see the latest on people, culture and tech at HPE. #unitedstates #cybersecurity Job: Information Technology Job Level: TCP_05 States with Pay Range Requirement The expected salary/wage range for a U.S.-based hire filling this position is provided below.

Actual offer may vary from this range based upon geographic location, work

experience:

,

education:

/training, and/or skill level. If this is a sales role, then the listed salary range reflects combined base salary and target-level sales

compensation:

pay. If this is a non-sales role, then the listed salary range reflects base salary only. Variable incentives may also be offered. Information

about:

employee

benefits:

offered can be found at https://myhperewards.com/main/new-hire-enrollment.html. USD Annual Salary: $120,500.00 - $276,500.00 HPE is an Equal Employment

Opportunity:

/ Veterans/Disabled/LGBT employer. We do not discriminate on the basis of race, gender, or any other protected category, and all decisions we make are made on the basis of

qualifications:

, merit, and business need. Our goal is to be one global team that is representative of our customers, in an inclusive environment where we can continue to innovate and grow together. Please click here: Equal Employment

Opportunity:

Hewlett Packard Enterprise is EEO Protected Veteran/ Individual with Disabilities. HPE will comply with all applicable laws related to employer use of arrest and conviction records, including laws requiring employers to consider for employment qualified applicants with criminal histories. No Fees Notice & Recruitment Fraud Disclaimer It has come to HPE’s attention that there has been an increase in recruitment fraud whereby scammer impersonate HPE or HPE-authorized recruiting agencies and offer fake employment opportunities to candidates.

These scammers often seek to obtain personal information or money from candidates. Please note that Hewlett Packard Enterprise (HPE), its direct and indirect subsidiaries and affiliated companies, and its authorized recruitment agencies/vendors will never charge any candidate a registration fee, hiring fee, or any other fee in connection with its recruitment and hiring process.

The credentials of any hiring agency that claims to be working with HPE for recruitment of talent should be verified by candidates and candidates shall be solely responsible to conduct such verification. Any candidate/individual who relies on the erroneous representations made by fraudulent employment agencies does so at their own risk, and HPE disclaims liability for any damages or claims that may result from any such communication.

Hewlett Packard Enterprise Technology innovation that fosters business transformation. We Are In the Acceleration Business We help customers use technology to slash the time it takes to turn ideas into value. In turn, they transform industries, markets and lives. Some of our customers run traditional IT environments.

Most are transitioning to a secure, cloud-enabled, mobile-friendly infrastructure. Many rely on a combination of both. Wherever they are in that journey, we provide the technology and solutions to help them succeed. COVID Policy The health and safety of our team members, customers and partners is paramount at HPE.

Accordingly, if applicable to the role you applied to, you must be fully vaccinated against COVID-19 by the employment start date where permitted by law. Exemptions based on medical, religious or other grounds will be processed and approved in accordance with local laws. Standards of Business Conduct (SBC) The Hewlett Packard Enterprise Standards of Business Conduct (SBC) embody the fundamental principles that govern our ethical and legal obligations to Hewlett Packard Enterprise.

They pertain not only to our conduct within the company but also to conduct involving our customers, channel partners, suppliers and competitors. Read more

about:

how we win the right way. Equal

Opportunity:

Employer (EEO) Hewlett Packard Enterprise provides equal employment

opportunity:

to any employee or applicant without regard to sex, gender, color, race, ethnicity, religion, creed, national origin, ancestry, citizenship, age, marital status, sexual orientation, gender identity and expression, physical or mental disability, medical condition, pregnancy, protected veteran status, uniformed service status, familial status, genetic information, political affiliation, or any other characteristic protected by federal, state, or local law.

Please click here: Equal Employment

Opportunity:

If you’d like more information

about:

your EEO right as an applicant under the law, please click here: Equal Employment

Opportunity:

is the Law Equal Employment

Opportunity:

is the Law - Supplement E-Verify (US & PR only) HPE is an E-Verify employer. E-Verify is an Internet-based system that compares information from an employee's Form I-9, Employment Eligibility Verification, to data from U.S. Department of Homeland Security and Social Security Administration records to confirm the employment eligibility of all newly hired employees.

For more information click here. You can also download the posters with information on legal rights and protection by clicking here and here. Accessibility Hewlett Packard Enterprise is committed to working with and providing reasonable accommodation to qualified, differently abled individuals. If you need assistance in filling out the employment application or require a reasonable accommodation while seeking employment, please email recruiting@hpe.com.

Note: This option is reserved for applicants needing assistance/reasonable accommodation related to a disability. Disclosure of Sensitive Personal Data Please ensure the resume you submit to us does not include any sensitive personal data. Sensitive personal data includes data revealing information

about:

your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation. To the extent the resume you submit does contain this type of personal data, you consent to the storing and processing of this data by HPE for the purpose of reviewing and managing your application.