Associate Director, Vault Engineering
Are you ready to make an impact at DTCC? Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We are committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve. The Information Technology group delivers secure, reliable technology solutions that enable DTCC to be the trusted infrastructure of the global capital markets. The team delivers high-quality information through activities that include development of essential, building infrastructure capabilities to meet client needs and implementing data standards and governance. Pay and Benefits: Competitive compensation, including base pay and annual incentive Comprehensive health and life insurance and well-being benefits, based on location Pension / Retirement benefits Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being. DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee). The Impact you will have in this role: Being a member of CISO team, The Associate Director, Vault Engineering leads the strategy, delivery, and operations of enterprise secret management across on premises and multi cloud environments. This role owns the HashiCorp Vault platform (or equivalent), drives automation and governance at scale, and partners with Security, Cloud, Application and DevOps to enable secure-by-default engineering in a regulated setting. The leader will build and mentor a high performing team, establish service objectives, and ensure the platform meets availability, resilience, and compliance expectations. Your Primary Responsibilities: Own platform strategy and roadmap
for enterprise secrets management (Vault or equivalent), including multi?region architecture,
HA/DR , performance replication, and lifecycle management. Establish SLOs/SLA
for availability, latency, and reliability; implement observability, capacity planning, performance tuning, and cost controls for the service. Integrate secrets into SDLC and CI/CD
(GitLab/Jenkins/Actions) and IaC (Terraform), standardizing
policy?as?code , access controls, and automated
secret/cert rotation
across apps and pipelines. Partner with Security Architecture, Cloud Platform, and DevOps
to enforce
IAM protocols , zero?trust patterns, and strong
RBAC
aligned to regulatory requirements (e.g., SOX, PCI, NIST). Lead major incidents
impacting the platform; drive root?cause analyses, corrective actions, and post?mortems; report resilience and risk metrics in service reviews. Governance & audit readiness : define controls, evidence collection, and runbooks; ensure compliance with data protection, key management, and retention policies. Team leadership & talent development : hire, onboard, mentor, and set performance goals; foster a culture of engineering excellence, reliability, and customer centricity. Stakeholder management & communication : communicate roadmaps, changes, and service health to senior partners; manage vendor relationships and licensing/renewals. Continuous improvement : evaluate new capabilities (e.g., namespaces, HSM, transit encryption, dynamic secrets) and lead platform upgrades with minimal business disruption. Core Technical Scope (Platform Expertise) Vault platform : policy design, auth methods (LDAP/Kubernetes/AWS IAM), secret engines (KV, PKI, LDAP, Database), seal/unseal, performance & disaster recovery replication, multi?cluster patterns. Automation & integration : Terraform modules, CI/CD integration, sentinel/policy?as?code, API usage; scripting with
Python, Groovy, Java
for provisioning, rotation, and audits. Cloud & containers : AWS (preferred) plus Azure/GCP familiarity; Kubernetes/OpenShift fundamentals; ingress/sidecar patterns for secret injection; service mesh integrations where applicable. Observability & SRE : supervising (Prometheus/Grafana/Splunk), alerting, capacity and scalability planning; MTTR/MTTD improvement. Qualifications: Minimum of 8 years of related experience Bachelor's degree preferred and/or equivalent experience Talents Needed for Success: 8+ years
in infrastructure/platform/security engineering;
3+ years
leading engineers or SREs in production environments. Proven ownership of
Vault
(or comparable secret management platform) at enterprise scale across on?prem and cloud. Strong experience with
CI/CD ,
IaC (Terraform) , and automation using
Python, Groovy, or Java . Deep knowledge of
AWS
and familiarity with Azure/GCP;
Kubernetes
operations and secure workload patterns. Demonstrated experience in
regulated industries
(finance preferred): controls definition, audit evidence, and compliance alignment. Incident management leadership; ability to run major incidents and drive post?incident improvements. Preferred Qualifications Certifications:
HashiCorp Vault ,
Cloud (AWS/Google/Azure) Certification ,
CKA/CKAD ,
CISSP
(or equivalent). PKI, encryption, certificate lifecycle
(ACME/CA),
HSM
integration, and key management practices. Familiarity with enterprise
risk/control frameworks . The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
Are you ready to make an impact at DTCC? Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We are committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve. The Information Technology group delivers secure, reliable technology solutions that enable DTCC to be the trusted infrastructure of the global capital markets. The team delivers high-quality information through activities that include development of essential, building infrastructure capabilities to meet client needs and implementing data standards and governance. Pay and Benefits: Competitive compensation, including base pay and annual incentive Comprehensive health and life insurance and well-being benefits, based on location Pension / Retirement benefits Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being. DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee). The Impact you will have in this role: Being a member of CISO team, The Associate Director, Vault Engineering leads the strategy, delivery, and operations of enterprise secret management across on premises and multi cloud environments. This role owns the HashiCorp Vault platform (or equivalent), drives automation and governance at scale, and partners with Security, Cloud, Application and DevOps to enable secure-by-default engineering in a regulated setting. The leader will build and mentor a high performing team, establish service objectives, and ensure the platform meets availability, resilience, and compliance expectations. Your Primary Responsibilities: Own platform strategy and roadmap
for enterprise secrets management (Vault or equivalent), including multi?region architecture,
HA/DR , performance replication, and lifecycle management. Establish SLOs/SLA
for availability, latency, and reliability; implement observability, capacity planning, performance tuning, and cost controls for the service. Integrate secrets into SDLC and CI/CD
(GitLab/Jenkins/Actions) and IaC (Terraform), standardizing
policy?as?code , access controls, and automated
secret/cert rotation
across apps and pipelines. Partner with Security Architecture, Cloud Platform, and DevOps
to enforce
IAM protocols , zero?trust patterns, and strong
RBAC
aligned to regulatory requirements (e.g., SOX, PCI, NIST). Lead major incidents
impacting the platform; drive root?cause analyses, corrective actions, and post?mortems; report resilience and risk metrics in service reviews. Governance & audit readiness : define controls, evidence collection, and runbooks; ensure compliance with data protection, key management, and retention policies. Team leadership & talent development : hire, onboard, mentor, and set performance goals; foster a culture of engineering excellence, reliability, and customer centricity. Stakeholder management & communication : communicate roadmaps, changes, and service health to senior partners; manage vendor relationships and licensing/renewals. Continuous improvement : evaluate new capabilities (e.g., namespaces, HSM, transit encryption, dynamic secrets) and lead platform upgrades with minimal business disruption. Core Technical Scope (Platform Expertise) Vault platform : policy design, auth methods (LDAP/Kubernetes/AWS IAM), secret engines (KV, PKI, LDAP, Database), seal/unseal, performance & disaster recovery replication, multi?cluster patterns. Automation & integration : Terraform modules, CI/CD integration, sentinel/policy?as?code, API usage; scripting with
Python, Groovy, Java
for provisioning, rotation, and audits. Cloud & containers : AWS (preferred) plus Azure/GCP familiarity; Kubernetes/OpenShift fundamentals; ingress/sidecar patterns for secret injection; service mesh integrations where applicable. Observability & SRE : supervising (Prometheus/Grafana/Splunk), alerting, capacity and scalability planning; MTTR/MTTD improvement. Qualifications: Minimum of 8 years of related experience Bachelor's degree preferred and/or equivalent experience Talents Needed for Success: 8+ years
in infrastructure/platform/security engineering;
3+ years
leading engineers or SREs in production environments. Proven ownership of
Vault
(or comparable secret management platform) at enterprise scale across on?prem and cloud. Strong experience with
CI/CD ,
IaC (Terraform) , and automation using
Python, Groovy, or Java . Deep knowledge of
AWS
and familiarity with Azure/GCP;
Kubernetes
operations and secure workload patterns. Demonstrated experience in
regulated industries
(finance preferred): controls definition, audit evidence, and compliance alignment. Incident management leadership; ability to run major incidents and drive post?incident improvements. Preferred Qualifications Certifications:
HashiCorp Vault ,
Cloud (AWS/Google/Azure) Certification ,
CKA/CKAD ,
CISSP
(or equivalent). PKI, encryption, certificate lifecycle
(ACME/CA),
HSM
integration, and key management practices. Familiarity with enterprise
risk/control frameworks . The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.