Platform Security Engineer

Chandler, AZ Hybrid (3 Days in 2 Days remote) 12-18 Month Contract Must work on W2* We are seeking a High‑level Platform Engineer to design, engineer, deploy, and operate enterprise‑scale secrets management platforms, including HashiCorp Vault (Secrets Vault) and CyberArk’s Password Vault solutions, in support of critical applications and infrastructure. This role is responsible for designing, building and operating a highly secure, resilient, and scalable secrets management ecosystem across multiple deployment lanes (Dev, UAT, Production), with support for primary and disaster recovery (DR) clusters. Deep understanding of Active Directory and database integrations, strict availability, security, and compliance requirements support required. The ideal candidate has recent demonstrable hands‑on experience with both modern secrets platforms HashiCorp Vault and CyberArk, and understands how to define clear ownership boundaries, integration patterns, and operating models across both platforms in large, regulated enterprise environments.Key ResponsibilitiesEnterprise Secrets Platform EngineeringDesign, deploy, and operate enterprise‑grade HashiCorp Vault environments, including:Primary and DR cluster pairsMulti‑AZ / multi‑data‑center resilient architecturesLane‑based isolation (Dev / UAT / Production)Engineer and support Password Vault solutions for:Privileged and service account password managementCredential rotation and policy enforcementDefine clear functional boundaries between:Human and interactive privileged accessNon‑human, non‑interactive identities and application secretsResiliency, Availability & DRImplement high‑availability and disaster recovery designs for secrets platforms addressing:Node lossData center lossRegional failure scenariosOwn backup, restore, and DR testing strategies for Vault and CyberArk platforms.Ensure secrets platforms meet Tier‑0 availability and resiliency expectations.Identity, Access & IntegrationIntegrate Vault and CyberArk with enterprise Active Directory for:AuthenticationAuthorizationGroup and role‑based access controlsImplement and manage database credential integrations using:Vault dynamic and static secrets enginesCyberArk‑managed credentials where requiredDesign secret‑zero resolution and identity‑based authentication patterns, minimizing reliance on long‑lived static credentials.Enforce least‑privilege, role‑based access models across both platforms.Operations & Platform ReliabilityOwn day‑2 operations for enterprise secrets platforms, including:Health monitoring and alertingAccess logging and audit readinessPerformance tuning and capacity planningParticipate in incident response, root cause analysis, and security events related to secrets and credential exposure.Maintain standard operating procedures and runbooks for enterprise teams.Automation, Standards & EnablementAutomate provisioning and configuration using IaC (Infrastructure as Code) and configuration management tools.Define standardized onboarding patterns for applications leveraging Vault or CyberArk.Publish reference architectures, integration patterns, and engineering standards.Partner with application, infrastructure, and security teams to drive adoption at scale. Required Skills & Experience Core Experience7+ years in platform, infrastructure, or security engineering roles.Strong hands‑on experience with HashiCorp Vault and CyberArk, including:HA architecturesPrimary / DR cluster designsMulti‑lane environments (Dev / UAT / Prod)Privileged account vaultingPassword rotation and lifecycle managementExperience with operating secrets management platforms as shared enterprise services.Identity & SecurityStrong knowledge of Active Directory integration with authentication and secrets platforms.Experience with database credential management and rotation.Practical understanding of human vs non‑human identity separation.Expertise in RBAC, policy design, and least‑privilege access enforcement.Strong understanding of OS and service authentication (PAM, OIDC, Certs, etc)Infrastructure & AutomationStrong Linux and Windows based systems knowledge.Experience with TLS, certificates, and secure networking.Infrastructure‑as‑Code experience (e.g., Terraform or similar).Familiarity with operating highly resilient, security‑critical platforms. Preferred Qualifications Experience running HashiCorp Vault and/or CyberArk in a Cloud Service Proivder.Familiarity with HSM integration, auto‑unseal mechanisms, and key management.Experience in financial services or regulated environments.Ability to mentor engineers and influence enterprise‑wide security architectur Job Type & Location This is a Contract position based out of Chandler, AZ. Pay And Benefits The pay range for this position is $60.00 - $89.00/hr. Requirements Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following: Medical, dental & vision Critical Illness, Accident, and Hospital 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available Life Insurance (Voluntary Life & AD&D for the employee and dependents) Short and long-term disability Health Spending Account (HSA) Transportation benefits Employee Assistance Program Time Off/Leave (PTO, Vacation or Sick Leave) Workplace Type This is a hybrid position in Chandler,AZ. Application Deadline This position is anticipated to close on May 22, 2026. About TEKsystems We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law. About TEKsystems And TEKsystems Global Services We’re a leading provider of business and technology services. We accelerate business transformation for our customers. Our expertise in strategy, design, execution and operations unlocks business value through a range of solutions. We’re a team of 80,000 strong, working with over 6,000 customers, including 80% of the Fortune 500 across North America, Europe and Asia, who partner with us for our scale, full-stack capabilities and speed. We’re strategic thinkers, hands-on collaborators, helping customers capitalize on change and master the momentum of technology. We’re building tomorrow by delivering business outcomes and making positive impacts in our global communities. TEKsystems and TEKsystems Global Services are Allegis Group companies. Learn more at TEKsystems.com.The company is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.San Francisco Fair Chance Ordinance: Pursuant to the San Francisco Fair Chance Ordinance, for all positions located in the city and county of San Francisco, we will consider for employment qualified applicants with arrest and conviction records.Massachusetts Lie Detector: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.Use of Artificial Intelligence (AI): We may use Artificial Intelligence (AI) to support parts of our hiring process, including sourcing, screening, and evaluating candidates. AI helps assess applications and qualifications, but final decisions are made by our hiring team. By applying, you acknowledge and agree that your application may be reviewed using AI tools.