Director, Secrets Management & Non‑Interactive Access

Note: Fidelity will not provide immigration sponsorship for this position

Director, Secrets Management & Non‑Interactive Access

The Role

The Director, Secrets Management & Non‑Interactive Access leads the enterprise program and platform for centralized secrets management and machine-to-machine (non‑interactive) authentication. This technical leadership role owns the HashiCorp Vault platform to support diverse runtime environments. The role combines people leadership, product ownership, and deep hands‑on technical expertise in HashiCorp Vault to deliver secure-by-default experiences for developers and platform teams while meeting regulatory and audit requirements.

The key responsibilities of the role are:

• Lead and develop engineering and product teams delivering enterprise secrets management.

• Own the enterprise platform, roadmap, delivery, resiliency.

• Establish clear operating rhythms (standups, planning, retrospectives) and an inclusive, learning culture.

• Enable auto‑vaulting pipelines; build scalable onboarding and discovery patterns.

• Ensure platform hardening, compliance, audit evidence, DR/IR readiness, and continuous risk reduction.

• Design secure multi‑tenant patterns (AppRole, Kubernetes auth, OIDC/JWT, AWS IAM, Azure MSI) with least privilege and short‑lived credentials.

• Enable dynamic/ephemeral secrets (Database, PKI, SSH, Cloud) and cryptographic services (Transit, Transform) with policy-as-code (Sentinel).

• Harden the platform (CIS benchmarks where applicable), implement automated configuration and upgrades using Infrastructure as Code (Terraform).

• Implement auto‑vaulting pipelines and secret discovery to onboard applications at scale with paved paths and reference implementations.

• Federate/cascade secrets from Vault to other vaults and cloud stores (Azure Key Vault, AWS Secrets Manager, and others) with lifecycle governance.

• Provide self‑service APIs/CLIs/agents (Vault Agent/Injector) and SDKs; integrate with CI/CD, containers, and serverless platforms.

• Partner with application, cloud, and data platform teams to remove hard-coded secrets and migrate legacy secret stores.

The Expertise and Skills You Bring

• Bachelor’s degree in Computer Science, Information Security, Engineering, or related field (Master’s preferred).

• Required: 3+ years direct people leadership experience, including hiring, coaching, performance management, and career development.

• Required: Hands‑on engineering experience implementing and operating HashiCorp Vault Enterprise in production.

• Required: Expertise with Vault core components

• Required: Experience with Terraform/IaC, policy‑as‑code, and operational automation.

• Experience integrating secrets with Azure Key Vault, AWS Secrets Manager, or similar.

• Strong communication, stakeholder influence, and product delivery skills.

Most roles at Fidelity are Hybrid, requiring associates to work onsite every other week (all business days, M-F) in a Fidelity office. This does not apply to Remote or fully Onsite roles. Some roles may have unique onsite requirements. Please consult with your recruiter for the specific expectations for this position.

Please be advised that Fidelity’s business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.