Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Lead Systems Engineer, Secrets and Vault Engineering

$149.4k - $180k

Intercontinental Exchange

Overview

Job Purpose

The Lead Systems Engineer joins our Secrets and Vault Engineering team within Identity and Access Management. The team is responsible for the platforms and services that protect secrets, certificates, encryption keys, and machine identity across the enterprise - a foundational layer that nearly every application at ICE depends on.

This is a hands-on engineering role with a strong design and architecture component. The ideal candidate has built or operated a HashiCorp Vault platform in production, writes clean automation code in Python and Ansible, and is comfortable working at the intersection of cryptography, identity, and platform engineering. You will help shape how the next generation of our secrets and machine-identity services are built, including emerging areas such as workload identity for AI and agentic workloads, policy-as-code, and proactive non-human identity governance.

We are looking for someone who can move fluidly between writing the code, designing the system, and explaining the trade-offs to stakeholders. You should be the kind of engineer who pushes back on a design when there's a better way, and who can mentor others through the why, not just the how.

What You'll Gain

This role offers direct, hands-on exposure to areas that few enterprise engineering teams are working on in earnest today:

  • Post-quantum cryptography (PQC). You'll be part of the team thinking through how an enterprise cryptography platform evolves to meet PQC readiness, including algorithm migration strategies, key lifecycle implications, and the operational realities of running hybrid classical/post-quantum systems at scale.

  • Agentic and AI workload identity. As AI agents and machine-driven workflows become first-class citizens in the enterprise, the question of how they authenticate, what they're allowed to do, and how that's governed is largely unsolved. You'll help build that foundation from the ground up - workload identity, dynamic credentials, policy enforcement, and proactive anomaly detection for non-human identities.

  • A platform being designed, not just operated. The team is actively shaping its next-generation architecture rather than maintaining a legacy stack. You'll have meaningful influence on design decisions and the chance to shape patterns the rest of the organization will adopt.

Responsibilities

  • Design, build, and maintain platform services for secrets management, certificate lifecycle, encryption key management, and policy enforcement.

  • Develop automation and tooling in Python and Ansible to streamline operations, enforce security controls, and reduce manual provisioning effort.

  • Contribute to a self-service model for application teams, including golden-pattern templates, declarative manifests, and approval workflows integrated with enterprise systems such as ServiceNow.

  • Collaborate with cross-functional teams (application, infrastructure, security, compliance) to translate requirements into reliable, well-governed services.

  • Help shape the team's roadmap in emerging areas including workload identity (SPIFFE/SPIRE), policy-as-code, and identity controls for AI and machine-driven workloads.

  • Participate in code reviews, design reviews, and architecture discussions; mentor and coach engineers earlier in their career.

  • Contribute to internal documentation, runbooks, and knowledge-sharing.

  • Participate in a light on-call rotation supporting the team's services.

Knowledge and Experience

  • 7+ years of infrastructure, platform, or systems engineering experience.

  • Production experience with HashiCorp Vault - secret engines, authentication methods, policies, and operational concerns. Architect-level depth is not required, but you should have shipped against it and understand how it fits into a broader platform.

  • Strong proficiency in Python and Shell scripting for automation and tooling.

  • Experience with Ansible for configuration management and orchestration.

  • Solid understanding of identity, authentication, and secure communication protocols (TLS, OAuth, OIDC, x.509).

  • Working knowledge of CI/CD tooling (Jenkins, GitHub Actions, GitLab CI, or similar) and Infrastructure-as-Code (Terraform preferred).

  • Experience designing and consuming RESTful APIs.

  • Strong fundamentals in Linux systems.

  • Demonstrated ability to write production-quality code, communicate design trade-offs clearly, and collaborate across teams.

Preferred Knowledge and Experience

  • Bachelor's degree in Computer Science, Engineering, or related field.

  • Experience building or contributing to a self-service Vault, secrets, or cryptography platform.

  • Familiarity with SPIFFE/SPIRE or other workload identity frameworks.

  • Familiarity with policy-as-code tooling such as Open Policy Agent (OPA) or HashiCorp Sentinel.

  • Exposure to AI/ML infrastructure or interest in identity controls for AI and agentic workloads.

  • Awareness of post-quantum cryptography standards (NIST PQC, hybrid key exchange) and their operational implications.

  • Experience with cloud platforms (AWS, GCP, or hybrid environments) and cloud-native secrets services such as AWS Secrets Manager or KMS.

  • Exposure to container platforms (Docker, Kubernetes, OpenShift).

  • Understanding of threat modeling, secrets rotation, secret-zero patterns, and zero trust architectures.

  • Experience in fintech, financial services, mortgage technology, or other regulated and security-sensitive domains.

New York Base Salary Range

The expected base salary for this role, if located in New York, is between $149,400 - 180,000 USD. ?The base salary range does not include Intercontinental Exchange's incentive compensation.? While we provide this range as general guidance, at ICE we compensate employees based on the skillset and experience of the individual. Regular full-time ICE employees are eligible for a suite of competitive employee benefits, including healthcare coverage (medical, dental and vision), a 401(k) plan, life insurance, time off, and paid leave for qualifying circumstances.

#LI-SH3

#LI-ONSITE

Intercontinental Exchange, Inc. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to legally protected characteristics.

Vacancy posted 2 days ago
Similar jobs that could be interesting for youBased on the Lead Systems Engineer, Secrets and Vault Engineering in New York, NY vacancy
  •  ...solutions provider is seeking a C-UAS Engineer to lead test and evaluation projects for a DHS...  ...management, engineering support for C-UAS systems, and collaboration with federal...  ...requires U.S. citizenship and the ability to obtain a Secret clearance. #J-18808-Ljbffr... 
    Suggested

    LMI

    New York, NY
    4 days ago
  • Kelly Services is seeking a Systems Engineer to join its IT Infrastructure team in Midtown Manhattan. This full-time role offers an opportunity to engage hands-on with a variety of technologies, including Microsoft 365 and AWS, while collaborating closely with senior leadership... 
    Suggested
    Full time

    Kelly Services

    New York, NY
    4 days ago
  •  ...Us: Spreedly is the world's leading Open Payments Platform, sitting...  ...architecture, our Advanced Vault solution combines a modern...  ...About the Role: As a Senior Systems Engineer, you will operate as a senior...  ..., WAFs, DDoS protections, secrets management, and deployment safeguards... 
    Suggested
    Remote work
    Work from home
    Worldwide
    Flexible hours

    Spreedly

    New York, NY
    3 days ago
  • $175k - $200k

     ...Trexquant is looking for a senior technologist to lead the design and evolution of our core...  ...and building scalable, low-latency systems in Linux environments, collaborating closely with quantitative researchers & engineers, and driving next-generation simulation and... 
    Suggested
    Casual work

    Trexquant Investment

    New York, NY
    16 days ago
  •  ...Technologies in Rochester, NY, is seeking a Scientist, Mechanical Engineering to lead and contribute to the design of complex opto‑mechanical and...  ...of hardware subsystems, and the ability to obtain a US Secret Security Clearance. Candidates should fit the leadership and... 
    Suggested

    SupportFinity™

    New York, NY
    3 days ago
  •  ...Lead Systems Engineer (Rust) - AI Platform About the Role What if your deep Rust expertise could directly shape the infrastructure powering the next generation of AI? We're looking for a Senior Rust Full-Stack Engineer to build and optimize the high-performance... 
    Hourly pay
    Ongoing contract
    Contract work
    Remote work

    Alignerr

    New York, NY
    3 days ago
  • Salesforce.com, inc. is seeking a Senior/Lead Member of Technical Staff in New York, NY to design and deliver large-scale security systems. The role involves building scalable, reliable backend services and owning complex initiatives. The ideal candidate will leverage AI... 

    salesforce.com, inc.

    New York, NY
    15 hours ago
  •  .... JOB DESCRIPTION As a Site Reliability Engineering at JPMorgan Chase within the Enterprise technology...  ...and tact. J ob responsibilitie s Lead SRE practices that balance delivery speed, efficiency, and system stability  Partner with engineering peers and... 

    J.P. Morgan

    New York, NY
    13 days ago
  • $229.9k - $262.4k

     ...Senior Lead Software Engineer, Distributed Systems (Golang + Python on Kubernetes) Do you love building and pioneering in the technology space? Do you enjoy solving complex business problems in a fast-paced, collaborative, inclusive, and iterative delivery environment... 
    Full time
    Part time
    Internship
    Local area

    Capital One

    New York, NY
    1 day ago
  • $145k - $172k

    The Manager of Systems and Database Engineering leads the SDE team in operating Pepperdine's PeopleSoft Campus...  ...access controls, database auditing, secrets management, key management, certificate...  ..., Block Volumes, Load Balancer, Vault/KMS, Bastion, and IAM. Preferred Scale... 
    Temporary work
    Work at office
    Local area

    University of California

    New York, NY
    1 day ago
  •  ...strategy sessions with other Optum Teams Require 2+ years of experience with Terraform Require 2+ years of experience with DevOps Solution Architect, DevOps, or System Engineer certification in one or more public cloud providers Terraform certification #J-18808-Ljbffr... 

    TechDigital Group

    New York, NY
    4 days ago
  • A software optimization company based in New York is seeking a Software Engineering Manager focused on build systems, compilers, and languages. The role involves leading engineers, managing projects, and contributing to major open-source initiatives like Bazel. Candidates... 
    Remote job

    EngFlow GmbH

    New York, NY
    3 days ago
  • $240k - $280k

     ...is looking for a rare technical hybrid: A systems architect to own the long-term blueprint...  ...application API and platform, and a SWAT Team Lead who can dive in and execute targeted...  ...delivers the changes. This is a role for an engineer who is equally comfortable in a high-... 
    Work at office
    Work from home
    Worldwide
    Flexible hours

    SoundCloud

    New York, NY
    3 days ago
  •  ...About The Role ApolloTech MSI is seeking an experienced Radar Systems Engineer for a full-time position located in Picatinny Arsenal, NJ,...  ...security clearance requirements Ability to obtain and maintain Secret Clearance Benefits Health Insurance, Dental and Vision Insurance... 
    Full time
    Flexible hours

    ApolloTech MSI

    New York, NY
    3 days ago
  • $130k - $160k

     ...Zachary Piper Solutions is seeking a Radar Systems Engineer to support a company focused on advanced Sensors, Effectors & Mission Systems...  ...Computer Science/Engineering, Physics, or a related field Active Secret Clearance required Compensation for the Radar Systems... 

    Zachary Piper Solutions

    New York, NY
    1 day ago
  • HCL Technologies Limited is seeking a Design Lead for Mechanical Design in New York, New York....  ...should possess a BE/BTech in Mechanical Engineering, with at least 5 years of relevant experience, and expertise in CAD systems such as Solidworks and AutoCAD. Strong communication... 

    HCL Technologies Limited

    New York, NY
    15 hours ago
  • $132.23k - $176.31k

     ...We are seeking a highly skilled and proactive Senior Lead Site Reliability Engineer (SRE) to join our team, focusing on production support and...  ...ensuring the reliability, scalability, and efficiency of our systems, with a strong emphasis on AWS infrastructure,... 
    Full time
    Temporary work
    Remote work

    Lumen

    New York, NY
    4 days ago
  • $250k - $350k

    The New York Times is looking for a Software Engineer Lead in New York, NY, responsible for leading the tech direction and design for convex...  ...engineers and ensuring the performance of distributed systems. The ideal candidate must hold a Master’s degree in Computer Science... 
    Remote job
    Work from home

    New York Times

    New York, NY
    15 hours ago
  • $135.4k - $181.6k

    Lead Content Distribution Network Engineer Disney Entertainment and ESPN Product & Technology Technology is at the heart of Disney’s past, present, and future. Disney Entertainment and ESPN Product & Technology is a global organization of engineers, product developers,... 

    Disney Cruise Line - The Walt Disney Company

    New York, NY
    3 days ago
  • Disney Entertainment and ESPN Product & Technology is seeking a Lead Content Distribution Network Engineer in New York. You will join the Media Distribution Technology team, focusing on caching technology, distributed networking, and CDN edge services to support Disney... 

    Disney Cruise Line - The Walt Disney Company

    New York, NY
    3 days ago
  • Jacobs is seeking a high-energy Plumbing Engineer to join our Building Mechanical team in New York. The role involves delivering innovative...  ...and have at least eight years of experience in plumbing system design, with a Bachelor's Degree in Mechanical Engineering. We... 

    Jacobs

    New York, NY
    4 days ago
  • $89.3k - $157.55k

     ...environments. Join a global team of 35 000 engineers, software developers, and cyber experts...  ...into reliable, next generation systems that keep warfighters ahead of emerging...  ...requires a U.S. DoD Security Clearance at the SECRET level. This position is located at a facility... 
    Full time
    Temporary work
    Work experience placement
    Work at office
    Remote work
    Worldwide
    Relocation
    Flexible hours
    Shift work
    3 days per week

    Lockheed Martin - US

    New York, NY
    13 days ago
  •  ...Lead Software Engineer We have an opportunity to impact your career and provide an adventure where...  ...for high-throughput, low-latency systems, including backward compatibility and...  ...security practices (OAuth2/OIDC, mTLS, secrets management, least-privilege IAM, threat... 

    Chase

    New York, NY
    2 days ago
  • $155.7k - $208.7k

     ...Entertainment is a global organization of engineers, product developers, designers,...  ...real-time short-form video recommendation system that will be the foundation of our next-generation...  ...core of this effort. We are seeking a Lead Software Engineer with deep expertise in... 

    The Walt Disney Company (France)

    New York, NY
    15 hours ago
  • $155.7k - $208.7k

    Lead Product Software Engineer - Data Systems Job ID: 10151200 Overview Department/Group Overview: ESPN Product & Technology. Technology is at the heart of Disney’s past, present, and future. Disney Sports News & Entertainment is a global organization of engineers, product... 
    Full time
    Worldwide

    5014 Disney Entertainment & Sports LLC

    New York, NY
    4 days ago
  • $115k

     ...Embark on a transformative journey as an Equities Trading System Engineer - AVP. At Barclays, our vision is clear –to redefine the future...  ...Collaborate closely with other functions/ business divisions. Lead a team performing complex tasks, using well developed professional... 
    Hourly pay
    Work at office

    Barclays

    New York, NY
    13 days ago
  • $101.9k - $168.8k

     ...Systems Engineering Manager We are seeking a Systems Engineering Manager to join our Rail and Transit team in Seattle, WA, Austin, TX, New...  ...assigned area of responsibility and/or companywide. May function as lead designer or technical consultant for integration projects.... 
    Contract work
    Temporary work
    Flexible hours

    Atkins Realis

    New York, NY
    2 days ago
  • $115k

     ...Embark on a transformative journey as a Senior FX Trading System Engineer – AVP. At Barclays, our vision is clear – to redefine the future...  ...innovative solutions. In this role, you will support industry-leading FX single-dealer trading and algorithmic platforms. As part... 
    Hourly pay
    Work at office
    Flexible hours
    Weekend work

    Barclays

    New York, NY
    2 days ago
  •  ...international olympiad medalists, and experienced engineering and product leaders with decades of...  ...looking for an Engineering Manager to lead a group of highly experienced engineers....  ...culture as they tackle complex systems challenges in distributed computing, large... 

    Modal

    New York, NY
    3 days ago
  •  ...Avionics Navigation Systems Engineer Staff | Lockheed Martin What We're Doing At Lockheed Martin...  ...excellence in mission systems. As a leading engineer, you will guide teams in...  ...requires the ability to obtain and maintain a Secret-level government security clearance (U.... 

    Lockheed Martin Corporation

    New York, NY
    3 hours ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Lead Systems Engineer, Secrets and Vault Engineering. Be the first to apply!