Vault/Terraform SME

We are seeking an experienced Vault/Terraform Subject Matter Expert (SME) to lead the design, implementation, governance, and optimisation of secure infrastructure automation and secrets management capabilities across enterprise environments. The ideal candidate will have deep expertise in HashiCorp Vault, Terraform, Infrastructure-as-Code (IaC), cloud security, and DevSecOps best practices.

This role will be responsible for architecting scalable, secure automation patterns, improving platform reliability, enabling self-service infrastructure provisioning, and strengthening enterprise secrets life cycle management.

Key Responsibilities

Terraform/Infrastructure as Code

• Design, develop, and maintain scalable Terraform modules and reusable infrastructure patterns.
• Build and manage Infrastructure-as-Code frameworks across cloud and hybrid environments.
• Define Terraform standards for:
  • State management
  • Module versioning
  • Workspace strategy
  • Policy enforcement
  • Drift detection
  • CI/CD integration
• Implement infrastructure provisioning pipelines using Terraform.
• Optimize Terraform code for security, maintainability, and performance.
• Troubleshoot Terraform execution, dependency, and provider-related issues.

HashiCorp Vault/Secrets Management

• Architect and manage HashiCorp Vault platforms for enterprise-scale deployments.
• Implement:
  • Dynamic secrets
  • PKI
  • Certificate life cycle management
  • Encryption as a Service
  • Key rotation
  • Secret leasing
  • Authentication methods (LDAP, OIDC, AppRole, Kubernetes, AWS IAM, etc.)
• Configure and manage:
  • Secret engines
  • Transit engine
  • PKI engine
  • KV engine
  • Identity & access controls
• Support Vault HA, clustering, replication, disaster recovery, and backup strategies.
• Develop policies using Vault ACLs and RBAC principles.
• Harden Vault environments in line with security and compliance requirements.

DevSecOps/Platform Engineering

• Integrate Vault and Terraform into CI/CD pipelines.
• Enable secure automation patterns across DevOps, platform, and engineering teams.
• Drive Infrastructure-as-Code governance and compliance controls.
• Implement policy-as-code using Sentinel/OPA or equivalent tooling.
• Partner with security, cloud, and engineering teams to embed secrets management and secure provisioning standards.
• Create reusable platform blueprints for secure cloud deployments.

Cloud & Security Engineering

• Support deployments across one or more cloud platforms:
  • AWS
  • Azure
  • GCP
• Manage IAM integrations and least-privilege access patterns.
• Implement encryption, certificate, and key management solutions.
• Conduct risk assessments and security reviews for automation workflows.
• Support audit, compliance, and regulatory controls.

SME/Leadership

• Act as the technical authority for Vault and Terraform.
• Provide design guidance and architectural recommendations.
• Mentor engineers and DevOps teams.
• Drive platform maturity, automation adoption, and best practices.
• Produce technical documentation, runbooks, standards, and governance artefacts.

Required Skills & ExperienceEssential

• 5+ years in Infrastructure/Cloud/DevOps/Platform Engineering.
• 4+ years hands-on experience with Terraform.
• 3+ years hands-on experience with HashiCorp Vault.
• Deep knowledge of:
  • Terraform Enterprise/Cloud (preferred)
  • Terraform state management
  • Terraform module architecture
  • Vault HA architecture
  • Secret engines
  • Vault policies
  • Dynamic credentials
  • PKI
  • Transit encryption
• Strong experience with CI/CD tools:
  • Jenkins
  • GitLab CI
  • GitHub Actions
  • Azure DevOps
• Experience with container ecosystems:
  • Kubernetes
  • Docker
  • Helm
• Strong cloud platform knowledge (AWS/Azure/GCP).
• Experience with Linux systems and networking fundamentals.
• Security-first mindset (IAM, RBAC, encryption, key management, auditability.)