Graphcore - Secrets Engineer

• Platform Ownership & Implementation • Build, deploy, and operate an organization-wide HashiCorp Vault or OpenBao platform from scratch, ensuring high availability, scalability, and strong security posture. • Define architecture for clustering, storage backends, auto-unseal, disaster recovery, and performance replication. • Develop migration strategies and reference frameworks that allow other teams to move from their current secrets tools to the central platform. • Standardization & Governance • Collaborate with groups from engineering, security, and operations to merge various secrets stores into one unified system. • Develop organizational standards, policies, access models, and workflows to ensure consistent, secure usage of the platform. • Advocate for guidelines in secret lifecycle management, authentication methods, and identity federation. • Integrations, Enablement, and Developer Experience • Build tooling, automation, onboarding guides, and libraries to help teams adopt Vault/OpenBao easily and accurately. • Integrate Vault/OpenBao with CI/CD systems, cloud platforms, and internal services. • Deliver workshops, training, and direct technical support to accelerate adoption. • Research & Advanced Security Capabilities • Evaluate approaches for secure password storage for individual users—either within Vault/OpenBao or by assessing alternatives such as BitLocker or other credential-management systems. • Conduct an initial study on the feasibility of implementing SPIFFE/SPIRE for workload identity, attestation, and zero-trust authentication, outlining future pathways and recommendations. • Collaboration & Cross-Team Work • Partner with HPC, Networking, Storage, Security, and Cloud Engineering teams to ensure seamless integration of secrets workflows into broader infrastructure systems. • Find opportunities to improve security posture and operational efficiency through automation and standardized secrets management. • Candidate Profile • 4+ years in DevOps, SRE, security engineering, or platform engineering roles. • Direct experience deploying and operating HashiCorp Vault, OpenBao, or a similar enterprise secrets-management system. • Strong understanding of authentication backends (OIDC, LDAP, cloud IAM), secret engines, PKI, encryption, and token/credential lifecycle. • Solid Linux administration and shell scripting experience. • Experience with Infrastructure-as-Code (Terraform preferred) and CI/CD automation. • Strong communication skills with the ability to collaborate across multiple engineering and security fields. • Desirable: • Experience crafting HA/DR architectures for Vault/OpenBao. • Experience connecting Vault with cloud platforms (AWS, Azure, GCP) and CI/CD pipelines. • Knowledge of SPIFFE/SPIRE, workload identity, or zero-trust architectures. • Understanding of modern security tooling, certificate management, or identity platforms. • Python programming experience for automation and tooling. • We welcome people of different backgrounds and experiences; we’re committed to building an inclusive work environment that makes Graphcore a great home for everyone. We offer an equal opportunity process and understand that there are visible and invisible differences in all of us. We can provide a flexible approach to interview and encourage you to chat to us if you require any reasonable adjustments.