Lead Infrastructure Engineer (Encryption Security-Hashicorp Vault)

About this role:
This position will be part of a Team that performs engineering and management of data protection technologies that includes Hashicorp Vault. Candidates must have intermediate to advanced systems engineering experience in medium to large Enterprise environments. Must have extensive experience with Linux Server operating systems, Red Hat preferred. Experience providing production support and end to end management of HSMs and/or security appliances and/or data protection/encryption technologies. Need to be capable of creating technical/engineering documentation and have excellent written and oral communication. Must have extensive experience with scripting and automation practices. Participates in interactions with encryption technology and HSM vendors - helps to ensure vendor product engineering is in line with the objectives and security requirements of Wells Fargo and coordinates with the vendor support teams to ensure issues impacting Wells Fargo are resolved quickly and effectively. Participates in interactions with technical, engineering and non-technical partners companywide for the technologies listed above.
In this role, you will:

• Independently design, implement, and manage secure, highly available HashiCorp Vault platform with minimal oversight from lead engineers
• Contribute to end-to-end automation of Vault provisioning, configuration, and lifecycle management using Ansible and Terraform
• Develop and enforce platform standards for secrets management, authentication, authorization, and Vault best practices across the organization
• Analyze and solve complex technical challenges, including cloud native and multi-cloud integrations, Kubernetes auth setups, PKI hierarchies, replication, and performance optimization
• Collaborate directly with cross-functional teams-security, platform engineering, application teams, product owners, and vendors-to deliver architecturally sound Vault solutions
• Troubleshoot deep technical issues independently, including HA failures, unseal workflows, auth method problems, and secret engine configuration errors
• Implement advanced Vault capabilities, such as static and dynamic secrets, PKI secret engine, dynamic Database secrets, and namespace management
• Guide and support engineering teams, providing Vault expertise, technical recommendations, and onboarding assistance without requiring constant supervision
• Drive continuous improvement, identifying opportunities for automation, performance tuning, reliability enhancements, and security hardening across Vault deployments
• Provide on-call support on rotational basis per team's schedule.

Required Qualifications:

• 5+ years of Technology Infrastructure Engineering and Solutions experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 3+ years of hands-on experience with HashiCorp Vault, with a proven track record in enterprise-grade Vault design, deployment, and automation
• Practical experience with Enterprise Change Management, change control processes, and operating within procedural, compliance-driven environments
• Hands-on expertise with Terraform, Ansible, CI/CD pipelines, and GitHub, with strong understanding of modern automation pipelines for Vault provisioning and configuration
• Solid understanding of Linux system administration, required for installing, configuring, securing, and troubleshooting Vault clusters
• Deep understanding of the Vault lifecycle, including installation, upgrades, HA deployment, scaling, and cluster maintenance.

Desired Qualifications:

• Proven experience designing, integrating, and maintaining Vault Secret Engines, including: KV, Database, PKI, Azure, GCP, LDAP, Dynamic secret engines, and secret rotation flows
• Strong experience designing, implementing, and maintaining Vault Auth Engines, such as: LDAP, AppRole, Kubernetes, JWT/OIDC, TLS Certificate authentication.
• Hands-on experience implementing Vault Auto-Unseal using HSM-based solutions.
• Experience configuring and maintaining Vault audit logging, monitoring, and metrics, using tools like Splunk, Grafana, and other observability platforms.
• Hands-on expertise with Vault Agent, templates, auto-auth, and Vault Proxy integrations.
• Should have hands on experience in using Hashicorp Vault service like (Key management system, Secret and certificate management)
• Good knowledge of DevOps and SDLC for IaC CI/CD concepts, GitHub, branching strategies
• Professional HashiCorp Vault Certification (HVCP or equivalent)

Job Expectations:

• This position offers a hybrid work schedule
• Relocation assistance is not available for this position
• Telecommuting is not an option for this position
• This position is not eligible for visa sponsorship.

Pay Range
Reflected is the base pay range offered for this position. Pay may vary depending on factors including but not limited to demonstrated examples of prior performance, skills, experience, or work location. Employees may also be eligible for incentive opportunities.
$119,000.00 - $224,000.00
Benefits
Wells Fargo provides eligible employees with a comprehensive set of benefits, many of which are listed below. Visit Benefits - Wells Fargo Jobs for an overview of the following benefit plans and programs offered to employees.

• Health benefits
• 401(k) Plan
• Paid time off
• Disability benefits
• Life insurance, critical illness insurance, and accident insurance
• Parental leave
• Critical caregiving leave
• Discounts and savings
• Commuter benefits
• Tuition reimbursement
• Scholarships for dependent children
• Adoption reimbursement

Posting End Date:
17 Mar 2026
* Job posting may come down early due to volume of applicants.
We Value Equal Opportunity
Wells Fargo is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other legally protected characteristic.
Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit's risk appetite and all risk and compliance program requirements.
Applicants with Disabilities
To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo .
Drug and Alcohol Policy
Wells Fargo maintains a drug free workplace. Please see our Drug and Alcohol Policy to learn more.
Wells Fargo Recruitment and Hiring Requirements:
a. Third-Party recordings are prohibited unless authorized by Wells Fargo.
b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process.