DTCC
Pay and Benefits
Competitive compensation, including base pay and annual incentive Comprehensive health and life insurance and well-being benefits, based on location Pension / Retirement benefits Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well‑being. DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee). The Impact you will have in this role
Being a member of CISO team, The Associate Director, Vault Engineering leads the strategy, delivery, and operations of enterprise secret management across on premises and multi cloud environments. This role owns the HashiCorp Vault platform (or equivalent), drives automation and governance at scale, and partners with Security, Cloud, Application and DevOps to enable secure‑by‑default engineering in a regulated setting. The leader will build and mentor a high performing team, establish service objectives, and ensure the platform meets availability, resilience, and compliance expectations. Your Primary Responsibilities
Own platform strategy and roadmap
for enterprise secrets management (Vault or equivalent), including multi‑region architecture,
HA/DR , performance replication, and lifecycle management. Establish SLOs/SLA
for availability, latency, and reliability; implement observability, capacity planning, performance tuning, and cost controls for the service. Integrate secrets into SDLC and CI/CD
(GitLab/Jenkins/Actions) and IaC (Terraform), standardizing
policy‑as‑code , access controls, and automated
secret/cert rotation
across apps and pipelines. Partner with Security Architecture, Cloud Platform, and DevOps
to enforce
IAM protocols , zero‑trust patterns, and strong
RBAC
aligned to regulatory requirements (e.g., SOX, PCI, NIST). Lead major incidents
impacting the platform; drive root‑cause analyses, corrective actions, and post‑mortems; report resilience and risk metrics in service reviews. Governance & audit readiness : define controls, evidence collection, and runbooks; ensure compliance with data protection, key management, and retention policies. Team leadership & talent development : hire, onboard, mentor, and set performance goals; foster a culture of engineering excellence, reliability, and customer centricity. Stakeholder management & communication : communicate roadmaps, changes, and service health to senior partners; manage vendor relationships and licensing/renewals. Continuous improvement : evaluate new capabilities (e.g., namespaces, HSM, transit encryption, dynamic secrets) and lead platform upgrades with minimal business disruption. Core Technical Scope (Platform Expertise)
Vault platform : policy design, auth methods (LDAP/Kubernetes/AWS IAM), secret engines (KV, PKI, LDAP, Database), seal/unseal, performance & disaster recovery replication, multi‑cluster patterns. Automation & integration : Terraform modules, CI/CD integration, sentinelolicy‑as‑code, API usage; scripting with
Python, Groovy, Java
for provisioning, rotation, and audits. Cloud & containers : AWS (preferred) plus Azure/Google Cloud Platform familiarity; Kubernetes/OpenShift fundamentals; ingress/sidecar patterns for secret injection; service mesh integrations where applicable. Observability & SRE : supervising (PrometheGrafana/Splunk), alerting, capacity and scalability planning; MTTR/MTTD improvement. Qualifications
Minimum of 8 years of related experience Bachelor’s degree preferred and/or equivalent experience Talents Needed for Success
8 years
in infrastructure/platform/security engineering;
3 years
leading engineers or SREs in production environments. Proven ownership of
Vault
(or comparable secret management platform) at enterprise scale across on‑prem and cloud. Strong experience with
CI/CD ,
IaC (Terraform) , and automation using
Python, Groovy, or Java . Deep knowledge of
AWS
and familiarity with Azure/Google Cloud Platform;
Kubernetes
operations and secure workload patterns. Demonstrated experience in
regulated industries
(finance preferred): controls definition, audit evidence, and compliance alignment. Incident management leadership; ability to run major incidents and drive post‑incident improvements. Preferred Qualifications
Certifications:
HashiCorp Vault ,
Cloud (AWS/Google/Azure) Certification ,
CKA/CKAD ,
CISSP
(or equivalent). PKI, encryption, certificate lifecycle
(ACME/CA),
HSM
integration, and key management practices. Familiarity with enterprise
risk/control frameworks . The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. About Us
With over 50 years of experience, DTCC is the premier post‑trade market infrastructure for the global financial services industry. From 20 locations around the world, DTCC, through its subsidiaries, automates, centralizes, and standardizes the processing of financial transactions, mitigating risk, increasing transparency, enhancing performance and driving efficiency for thousands of broker/dealers, custodian banks and asset managers. Industry owned and governed, the firm innovates purposefully, simplifying the complexities of clearing, settlement, asset servicing, transaction processing, trade reporting and data services across asset classes, bringing enhanced resilience and soundness to existing financial markets while advancing the digital asset ecosystem. In 2024, DTCC’s subsidiaries processed securities transactions valued at U.S. $3.7 quadrillion and its depository subsidiary provided custody and asset servicing for securities issues from over 150 countries and territories valued at U.S. $99 trillion. DTCC’s Global Trade Repository service, through locally registered, licensed, or approved trade repositories, processes more than 25 billion messages annually. To learn more, please visit us at or connect with us on LinkedIn, X, YouTube, Facebook and Instagram. DTCC proudly supports Flexible Work Arrangements favoring openness and gives people freedom to do their jobs well, by encouraging diverse opinions and emphasizing teamwork. When you join our team, you’ll have an opportunity to make meaningful contributions at a company that is recognized as a thought leader in both the financial services and technology industries. A DTCC career is more than a good way to earn a living. It’s the chance to make a difference at a company that’s truly one of a kind. Learn more about Clearance and Settlement by clicking here. About the Team
Enterprise Product & Platform Engineering transforms the way we deliver infrastructure to our business clients. A key construct of EP&PE will be the evolution of the IT Product Manager, who will partner with the Engineering organization, the Business Aligned Service Delivery organization, the DevSecOps organization as well as our operational support teams to ensure that this organization provides high quality, commercially attractive and timely solutions to support our business strategy.
#J-18808-Ljbffr
Competitive compensation, including base pay and annual incentive Comprehensive health and life insurance and well-being benefits, based on location Pension / Retirement benefits Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well‑being. DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee). The Impact you will have in this role
Being a member of CISO team, The Associate Director, Vault Engineering leads the strategy, delivery, and operations of enterprise secret management across on premises and multi cloud environments. This role owns the HashiCorp Vault platform (or equivalent), drives automation and governance at scale, and partners with Security, Cloud, Application and DevOps to enable secure‑by‑default engineering in a regulated setting. The leader will build and mentor a high performing team, establish service objectives, and ensure the platform meets availability, resilience, and compliance expectations. Your Primary Responsibilities
Own platform strategy and roadmap
for enterprise secrets management (Vault or equivalent), including multi‑region architecture,
HA/DR , performance replication, and lifecycle management. Establish SLOs/SLA
for availability, latency, and reliability; implement observability, capacity planning, performance tuning, and cost controls for the service. Integrate secrets into SDLC and CI/CD
(GitLab/Jenkins/Actions) and IaC (Terraform), standardizing
policy‑as‑code , access controls, and automated
secret/cert rotation
across apps and pipelines. Partner with Security Architecture, Cloud Platform, and DevOps
to enforce
IAM protocols , zero‑trust patterns, and strong
RBAC
aligned to regulatory requirements (e.g., SOX, PCI, NIST). Lead major incidents
impacting the platform; drive root‑cause analyses, corrective actions, and post‑mortems; report resilience and risk metrics in service reviews. Governance & audit readiness : define controls, evidence collection, and runbooks; ensure compliance with data protection, key management, and retention policies. Team leadership & talent development : hire, onboard, mentor, and set performance goals; foster a culture of engineering excellence, reliability, and customer centricity. Stakeholder management & communication : communicate roadmaps, changes, and service health to senior partners; manage vendor relationships and licensing/renewals. Continuous improvement : evaluate new capabilities (e.g., namespaces, HSM, transit encryption, dynamic secrets) and lead platform upgrades with minimal business disruption. Core Technical Scope (Platform Expertise)
Vault platform : policy design, auth methods (LDAP/Kubernetes/AWS IAM), secret engines (KV, PKI, LDAP, Database), seal/unseal, performance & disaster recovery replication, multi‑cluster patterns. Automation & integration : Terraform modules, CI/CD integration, sentinelolicy‑as‑code, API usage; scripting with
Python, Groovy, Java
for provisioning, rotation, and audits. Cloud & containers : AWS (preferred) plus Azure/Google Cloud Platform familiarity; Kubernetes/OpenShift fundamentals; ingress/sidecar patterns for secret injection; service mesh integrations where applicable. Observability & SRE : supervising (PrometheGrafana/Splunk), alerting, capacity and scalability planning; MTTR/MTTD improvement. Qualifications
Minimum of 8 years of related experience Bachelor’s degree preferred and/or equivalent experience Talents Needed for Success
8 years
in infrastructure/platform/security engineering;
3 years
leading engineers or SREs in production environments. Proven ownership of
Vault
(or comparable secret management platform) at enterprise scale across on‑prem and cloud. Strong experience with
CI/CD ,
IaC (Terraform) , and automation using
Python, Groovy, or Java . Deep knowledge of
AWS
and familiarity with Azure/Google Cloud Platform;
Kubernetes
operations and secure workload patterns. Demonstrated experience in
regulated industries
(finance preferred): controls definition, audit evidence, and compliance alignment. Incident management leadership; ability to run major incidents and drive post‑incident improvements. Preferred Qualifications
Certifications:
HashiCorp Vault ,
Cloud (AWS/Google/Azure) Certification ,
CKA/CKAD ,
CISSP
(or equivalent). PKI, encryption, certificate lifecycle
(ACME/CA),
HSM
integration, and key management practices. Familiarity with enterprise
risk/control frameworks . The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. About Us
With over 50 years of experience, DTCC is the premier post‑trade market infrastructure for the global financial services industry. From 20 locations around the world, DTCC, through its subsidiaries, automates, centralizes, and standardizes the processing of financial transactions, mitigating risk, increasing transparency, enhancing performance and driving efficiency for thousands of broker/dealers, custodian banks and asset managers. Industry owned and governed, the firm innovates purposefully, simplifying the complexities of clearing, settlement, asset servicing, transaction processing, trade reporting and data services across asset classes, bringing enhanced resilience and soundness to existing financial markets while advancing the digital asset ecosystem. In 2024, DTCC’s subsidiaries processed securities transactions valued at U.S. $3.7 quadrillion and its depository subsidiary provided custody and asset servicing for securities issues from over 150 countries and territories valued at U.S. $99 trillion. DTCC’s Global Trade Repository service, through locally registered, licensed, or approved trade repositories, processes more than 25 billion messages annually. To learn more, please visit us at or connect with us on LinkedIn, X, YouTube, Facebook and Instagram. DTCC proudly supports Flexible Work Arrangements favoring openness and gives people freedom to do their jobs well, by encouraging diverse opinions and emphasizing teamwork. When you join our team, you’ll have an opportunity to make meaningful contributions at a company that is recognized as a thought leader in both the financial services and technology industries. A DTCC career is more than a good way to earn a living. It’s the chance to make a difference at a company that’s truly one of a kind. Learn more about Clearance and Settlement by clicking here. About the Team
Enterprise Product & Platform Engineering transforms the way we deliver infrastructure to our business clients. A key construct of EP&PE will be the evolution of the IT Product Manager, who will partner with the Engineering organization, the Business Aligned Service Delivery organization, the DevSecOps organization as well as our operational support teams to ensure that this organization provides high quality, commercially attractive and timely solutions to support our business strategy.
#J-18808-Ljbffr