Lead Systems Engineer, Secrets and Vault Engineering
$149.4k - $180kIntercontinental Exchange
Overview
Job Purpose
The Lead Systems Engineer joins our Secrets and Vault Engineering team within Identity and Access Management. The team is responsible for the platforms and services that protect secrets, certificates, encryption keys, and machine identity across the enterprise - a foundational layer that nearly every application at ICE depends on.
This is a hands-on engineering role with a strong design and architecture component. The ideal candidate has built or operated a HashiCorp Vault platform in production, writes clean automation code in Python and Ansible, and is comfortable working at the intersection of cryptography, identity, and platform engineering. You will help shape how the next generation of our secrets and machine-identity services are built, including emerging areas such as workload identity for AI and agentic workloads, policy-as-code, and proactive non-human identity governance.
We are looking for someone who can move fluidly between writing the code, designing the system, and explaining the trade-offs to stakeholders. You should be the kind of engineer who pushes back on a design when there's a better way, and who can mentor others through the why, not just the how.
What You'll Gain
This role offers direct, hands-on exposure to areas that few enterprise engineering teams are working on in earnest today:
Post-quantum cryptography (PQC). You'll be part of the team thinking through how an enterprise cryptography platform evolves to meet PQC readiness, including algorithm migration strategies, key lifecycle implications, and the operational realities of running hybrid classical/post-quantum systems at scale.
Agentic and AI workload identity. As AI agents and machine-driven workflows become first-class citizens in the enterprise, the question of how they authenticate, what they're allowed to do, and how that's governed is largely unsolved. You'll help build that foundation from the ground up - workload identity, dynamic credentials, policy enforcement, and proactive anomaly detection for non-human identities.
A platform being designed, not just operated. The team is actively shaping its next-generation architecture rather than maintaining a legacy stack. You'll have meaningful influence on design decisions and the chance to shape patterns the rest of the organization will adopt.
Responsibilities
Design, build, and maintain platform services for secrets management, certificate lifecycle, encryption key management, and policy enforcement.
Develop automation and tooling in Python and Ansible to streamline operations, enforce security controls, and reduce manual provisioning effort.
Contribute to a self-service model for application teams, including golden-pattern templates, declarative manifests, and approval workflows integrated with enterprise systems such as ServiceNow.
Collaborate with cross-functional teams (application, infrastructure, security, compliance) to translate requirements into reliable, well-governed services.
Help shape the team's roadmap in emerging areas including workload identity (SPIFFE/SPIRE), policy-as-code, and identity controls for AI and machine-driven workloads.
Participate in code reviews, design reviews, and architecture discussions; mentor and coach engineers earlier in their career.
Contribute to internal documentation, runbooks, and knowledge-sharing.
Participate in a light on-call rotation supporting the team's services.
Knowledge and Experience
7+ years of infrastructure, platform, or systems engineering experience.
Production experience with HashiCorp Vault - secret engines, authentication methods, policies, and operational concerns. Architect-level depth is not required, but you should have shipped against it and understand how it fits into a broader platform.
Strong proficiency in Python and Shell scripting for automation and tooling.
Experience with Ansible for configuration management and orchestration.
Solid understanding of identity, authentication, and secure communication protocols (TLS, OAuth, OIDC, x.509).
Working knowledge of CI/CD tooling (Jenkins, GitHub Actions, GitLab CI, or similar) and Infrastructure-as-Code (Terraform preferred).
Experience designing and consuming RESTful APIs.
Strong fundamentals in Linux systems.
Demonstrated ability to write production-quality code, communicate design trade-offs clearly, and collaborate across teams.
Preferred Knowledge and Experience
Bachelor's degree in Computer Science, Engineering, or related field.
Experience building or contributing to a self-service Vault, secrets, or cryptography platform.
Familiarity with SPIFFE/SPIRE or other workload identity frameworks.
Familiarity with policy-as-code tooling such as Open Policy Agent (OPA) or HashiCorp Sentinel.
Exposure to AI/ML infrastructure or interest in identity controls for AI and agentic workloads.
Awareness of post-quantum cryptography standards (NIST PQC, hybrid key exchange) and their operational implications.
Experience with cloud platforms (AWS, GCP, or hybrid environments) and cloud-native secrets services such as AWS Secrets Manager or KMS.
Exposure to container platforms (Docker, Kubernetes, OpenShift).
Understanding of threat modeling, secrets rotation, secret-zero patterns, and zero trust architectures.
Experience in fintech, financial services, mortgage technology, or other regulated and security-sensitive domains.
New York Base Salary Range
The expected base salary for this role, if located in New York, is between $149,400 - 180,000 USD. ?The base salary range does not include Intercontinental Exchange's incentive compensation.? While we provide this range as general guidance, at ICE we compensate employees based on the skillset and experience of the individual. Regular full-time ICE employees are eligible for a suite of competitive employee benefits, including healthcare coverage (medical, dental and vision), a 401(k) plan, life insurance, time off, and paid leave for qualifying circumstances.
#LI-SH3
#LI-ONSITE
Intercontinental Exchange, Inc. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to legally protected characteristics.
- ...solutions provider is seeking a C-UAS Engineer to lead test and evaluation projects for a DHS... ...management, engineering support for C-UAS systems, and collaboration with federal... ...requires U.S. citizenship and the ability to obtain a Secret clearance. #J-18808-Ljbffr...Suggested
- Kelly Services is seeking a Systems Engineer to join its IT Infrastructure team in Midtown Manhattan. This full-time role offers an opportunity to engage hands-on with a variety of technologies, including Microsoft 365 and AWS, while collaborating closely with senior leadership...SuggestedFull time
- ...Us: Spreedly is the world's leading Open Payments Platform, sitting... ...architecture, our Advanced Vault solution combines a modern... ...About the Role: As a Senior Systems Engineer, you will operate as a senior... ..., WAFs, DDoS protections, secrets management, and deployment safeguards...SuggestedRemote workWork from homeWorldwideFlexible hours
$175k - $200k
...Trexquant is looking for a senior technologist to lead the design and evolution of our core... ...and building scalable, low-latency systems in Linux environments, collaborating closely with quantitative researchers & engineers, and driving next-generation simulation and...SuggestedCasual work- ...Technologies in Rochester, NY, is seeking a Scientist, Mechanical Engineering to lead and contribute to the design of complex opto‑mechanical and... ...of hardware subsystems, and the ability to obtain a US Secret Security Clearance. Candidates should fit the leadership and...Suggested
- ...Lead Systems Engineer (Rust) - AI Platform About the Role What if your deep Rust expertise could directly shape the infrastructure powering the next generation of AI? We're looking for a Senior Rust Full-Stack Engineer to build and optimize the high-performance...Hourly payOngoing contractContract workRemote work
- Salesforce.com, inc. is seeking a Senior/Lead Member of Technical Staff in New York, NY to design and deliver large-scale security systems. The role involves building scalable, reliable backend services and owning complex initiatives. The ideal candidate will leverage AI...
- .... JOB DESCRIPTION As a Site Reliability Engineering at JPMorgan Chase within the Enterprise technology... ...and tact. J ob responsibilitie s Lead SRE practices that balance delivery speed, efficiency, and system stability Partner with engineering peers and...
$229.9k - $262.4k
...Senior Lead Software Engineer, Distributed Systems (Golang + Python on Kubernetes) Do you love building and pioneering in the technology space? Do you enjoy solving complex business problems in a fast-paced, collaborative, inclusive, and iterative delivery environment...Full timePart timeInternshipLocal area$145k - $172k
The Manager of Systems and Database Engineering leads the SDE team in operating Pepperdine's PeopleSoft Campus... ...access controls, database auditing, secrets management, key management, certificate... ..., Block Volumes, Load Balancer, Vault/KMS, Bastion, and IAM. Preferred Scale...Temporary workWork at officeLocal area- ...strategy sessions with other Optum Teams Require 2+ years of experience with Terraform Require 2+ years of experience with DevOps Solution Architect, DevOps, or System Engineer certification in one or more public cloud providers Terraform certification #J-18808-Ljbffr...
- A software optimization company based in New York is seeking a Software Engineering Manager focused on build systems, compilers, and languages. The role involves leading engineers, managing projects, and contributing to major open-source initiatives like Bazel. Candidates...Remote job
$240k - $280k
...is looking for a rare technical hybrid: A systems architect to own the long-term blueprint... ...application API and platform, and a SWAT Team Lead who can dive in and execute targeted... ...delivers the changes. This is a role for an engineer who is equally comfortable in a high-...Work at officeWork from homeWorldwideFlexible hours- ...About The Role ApolloTech MSI is seeking an experienced Radar Systems Engineer for a full-time position located in Picatinny Arsenal, NJ,... ...security clearance requirements Ability to obtain and maintain Secret Clearance Benefits Health Insurance, Dental and Vision Insurance...Full timeFlexible hours
$130k - $160k
...Zachary Piper Solutions is seeking a Radar Systems Engineer to support a company focused on advanced Sensors, Effectors & Mission Systems... ...Computer Science/Engineering, Physics, or a related field Active Secret Clearance required Compensation for the Radar Systems...- HCL Technologies Limited is seeking a Design Lead for Mechanical Design in New York, New York.... ...should possess a BE/BTech in Mechanical Engineering, with at least 5 years of relevant experience, and expertise in CAD systems such as Solidworks and AutoCAD. Strong communication...
$132.23k - $176.31k
...We are seeking a highly skilled and proactive Senior Lead Site Reliability Engineer (SRE) to join our team, focusing on production support and... ...ensuring the reliability, scalability, and efficiency of our systems, with a strong emphasis on AWS infrastructure,...Full timeTemporary workRemote work$250k - $350k
The New York Times is looking for a Software Engineer Lead in New York, NY, responsible for leading the tech direction and design for convex... ...engineers and ensuring the performance of distributed systems. The ideal candidate must hold a Master’s degree in Computer Science...Remote jobWork from home$135.4k - $181.6k
Lead Content Distribution Network Engineer Disney Entertainment and ESPN Product & Technology Technology is at the heart of Disney’s past, present, and future. Disney Entertainment and ESPN Product & Technology is a global organization of engineers, product developers,...- Disney Entertainment and ESPN Product & Technology is seeking a Lead Content Distribution Network Engineer in New York. You will join the Media Distribution Technology team, focusing on caching technology, distributed networking, and CDN edge services to support Disney...
- Jacobs is seeking a high-energy Plumbing Engineer to join our Building Mechanical team in New York. The role involves delivering innovative... ...and have at least eight years of experience in plumbing system design, with a Bachelor's Degree in Mechanical Engineering. We...
$89.3k - $157.55k
...environments. Join a global team of 35 000 engineers, software developers, and cyber experts... ...into reliable, next generation systems that keep warfighters ahead of emerging... ...requires a U.S. DoD Security Clearance at the SECRET level. This position is located at a facility...Full timeTemporary workWork experience placementWork at officeRemote workWorldwideRelocationFlexible hoursShift work3 days per week- ...Lead Software Engineer We have an opportunity to impact your career and provide an adventure where... ...for high-throughput, low-latency systems, including backward compatibility and... ...security practices (OAuth2/OIDC, mTLS, secrets management, least-privilege IAM, threat...
$155.7k - $208.7k
...Entertainment is a global organization of engineers, product developers, designers,... ...real-time short-form video recommendation system that will be the foundation of our next-generation... ...core of this effort. We are seeking a Lead Software Engineer with deep expertise in...$155.7k - $208.7k
Lead Product Software Engineer - Data Systems Job ID: 10151200 Overview Department/Group Overview: ESPN Product & Technology. Technology is at the heart of Disney’s past, present, and future. Disney Sports News & Entertainment is a global organization of engineers, product...Full timeWorldwide$115k
...Embark on a transformative journey as an Equities Trading System Engineer - AVP. At Barclays, our vision is clear –to redefine the future... ...Collaborate closely with other functions/ business divisions. Lead a team performing complex tasks, using well developed professional...Hourly payWork at office$101.9k - $168.8k
...Systems Engineering Manager We are seeking a Systems Engineering Manager to join our Rail and Transit team in Seattle, WA, Austin, TX, New... ...assigned area of responsibility and/or companywide. May function as lead designer or technical consultant for integration projects....Contract workTemporary workFlexible hours$115k
...Embark on a transformative journey as a Senior FX Trading System Engineer – AVP. At Barclays, our vision is clear – to redefine the future... ...innovative solutions. In this role, you will support industry-leading FX single-dealer trading and algorithmic platforms. As part...Hourly payWork at officeFlexible hoursWeekend work- ...international olympiad medalists, and experienced engineering and product leaders with decades of... ...looking for an Engineering Manager to lead a group of highly experienced engineers.... ...culture as they tackle complex systems challenges in distributed computing, large...
- ...Avionics Navigation Systems Engineer Staff | Lockheed Martin What We're Doing At Lockheed Martin... ...excellence in mission systems. As a leading engineer, you will guide teams in... ...requires the ability to obtain and maintain a Secret-level government security clearance (U....
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Lead Systems Engineer, Secrets and Vault Engineering. Be the first to apply!
- lead system engineer New York, NY
- lead engineer New York, NY
- lead infrastructure engineer New York, NY
- lead backend developer New York, NY
- lead network engineer New York, NY
- lead security engineer New York, NY
- lead algorithm engineer New York, NY
- lead operating engineer New York, NY
- lead web developer New York, NY
- application system engineer New York, NY




