Director, Secrets Management & Non‑Interactive Access

Director, Secrets Management & Non‑Interactive Access

Note:

Fidelity will not provide immigration sponsorship for this position.

The Director, Secrets Management & Non‑Interactive Access leads the enterprise program and platform for centralized secrets management and machine‑to‑machine (non‑interactive) authentication. This technical leadership role owns the Hashi Corp Vault platform to support diverse runtime environments. The role combines people leadership, product ownership, and deep hands‑on technical expertise in Hashi Corp Vault to deliver secure‑by‑default experiences for developers and platform teams while meeting regulatory and audit requirements.

• Lead and develop engineering and product teams delivering enterprise secrets management.
• Own the enterprise platform, roadmap, delivery, resilience.
• Establish clear operating rhythms (standups, planning, retrospectives) and an inclusive, learning culture.
• Enable auto‑vaulting pipelines; build scalable onboarding and discovery patterns.
• Ensure platform hardening, compliance, audit evidence, DR/IR readiness, and continuous risk reduction.
• Design secure multi‑tenant patterns (App Role, Kubernetes auth, OIDC/JWT, AWS IAM, Azure MSI) with least privilege and short‑lived credentials.
• Enable dynamic/ephemeral secrets (Database, PKI, SSH, Cloud) and cryptographic services (Transit, Transform) with policy‑as‑code (Sentinel).
• Harden the platform (CIS benchmarks where applicable), implement automated configuration and upgrades using Infrastructure as Code (Terraform).
• Implement auto‑vaulting pipelines and secret discovery to onboard applications at scale with paved paths and reference implementations.
• Federate/cascade secrets from Vault to other vaults and cloud stores (Azure Key Vault, AWS Secrets Manager, and others) with lifecycle governance.
• Provide self‑service APIs/CLIs/agents (Vault Agent/Injector) and SDKs; integrate with CI/CD, containers, and serverless platforms.
• Partner with application, cloud, and data platform teams to remove hard‑coded secrets and migrate legacy secret stores.

• Bachelor’s degree in Computer Science, Information Security, Engineering, or related field (Master’s preferred).
• Required:
  
  3+ years direct people leadership experience, including hiring, coaching, performance management, and career development.
• Required:
  
  Hands‑on engineering experience implementing and operating Hashi Corp Vault Enterprise in production.
• Required:
  
  Expertise with Vault core components.
• Required:
  
  Experience with Terraform/IaC, policy‑as‑code, and operational automation.
• Experience integrating secrets with Azure Key Vault, AWS Secrets Manager, or similar.
• Strong communication, stakeholder influence, and product delivery skills.

Fidelity Investments is an equal opportunity employer. We believe that the most effective way to attract, develop, and retain a diverse workforce is to build an enduring culture of inclusion and belonging.

Fidelity will reasonably accommodate applicants with disabilities who need adjustments to participate in the application or interview process. To initiate a request for an accommodation, contact the HR Accommodation Team by sending an email to  or by calling , prompt 2, option 3.

Most roles at Fidelity are hybrid, requiring associates to work onsite every other week (all business days, Monday to Friday) in a Fidelity office. Hybrids may have unique onsite requirements; consult with a recruiter for specifics.