Director, Infrastructure Security Engineer - Secrets & Privileged Access Management / PKI

Job Classification:

Technology - Engineering & Cloud

Are you interested in building capabilities that enable the organization with innovation, speed, agility, scalability and efficiency? The Global Technology team takes great pride in our culture where digital transformation is built into our DNA! When you join our organization at Prudential, you’ll unlock an exciting and impactful career – all while growing your skills and advancing your profession at one of the world’s leading financial services institutions.

Your Team & Role

As a Director, Infrastructure Security Engineer for Identity Governance and Administration, you will serve as a hands-on technical expert responsible for the architecture, delivery, and day-to-day operations of our security infrastructure platforms spanning Privileged Access Management (PAM), Secrets Management, and Public Key Infrastructure (PKI). You will specialize in one of these domains while contributing across the others, designing, building, operating, and continuously improving these critical platforms alongside product owners, tech leads, and engineering teams.

This role is for a highly skilled engineer who thrives on solving complex technical challenges and brings strong product knowledge in CyberArk Privileged Cloud, HashiCorp Vault, or Keyfactor Command and EJBCA. You will drive automation, integrations, and operational excellence while ensuring all solutions meet Information Security Standards and regulatory requirements.

Key Responsibilities
You will own one or more of the following platform areas and contribute across the others:

• (PAM) Administer and mature CyberArk Privileged Cloud — onboarding privileged accounts, configuring CPM/PSM/PVWA components, building safe structures, defining connectors, and integrating with enterprise identity and SIEM platforms        

• (Secrets) Architect, deploy, and operate HashiCorp Vault clusters — managing secrets engines (KV, PKI, database, AWS/Azure), auth methods (LDAP, AppRole, Kubernetes), policies, leases, and DR/replication configurations

• (PKI) Design, implement, and operate PKI platforms including Keyfactor Command and EJBCA — managing certificate authorities, certificate lifecycle automation, enrollment profiles, and integrations with enterprise systems 

• Build and maintain automation using Python, Go, Ansible, Terraform, and REST APIs to streamline platform operations, integrations, and self-service workflows

• Develop and document platform patterns, runbooks, and self-service capabilities that enable application teams to consume PAM, Secrets Management, and PKI services consistently and at scale

• Ensure platform security throughout the product lifecycle — integrating new features, responding to vulnerability disclosures, applying patches, and validating configurations against security baselines

• Support audit and compliance engagements (PCI-DSS, SOX, and regulatory) by defining controls, producing evidence, and driving remediation for PAM, Secrets Management, and PKI findings

• Collaborate with product owners and tech leads to define feature stories, technical design, and deliver robust, high-impact solutions

The Skills & Expertise You Bring

• 10+ years of experience in infrastructure or security engineering, with 5+ years focused on PAM, secrets management, or PKI platforms

• Bachelor’s degree in Computer Science, Engineering, or related field, or equivalent hands-on experience

• Ability to work independently with minimal guidance — a hands-on practitioner who can architect, operate, and troubleshoot platforms end-to-end

• Strong problem-solving, communication, and collaboration skills with the ability to influence technical direction across teams

• Understanding of risk management, compliance frameworks, and business context needed to make sound technical decisions aligned to the company's security posture

Significant experience and/or deep expertise with the following:

Privileged Access Management (PAM)

• Strong expertise with CyberArk Privileged Cloud — Vault, CPM, PSM, PVWA, and REST/SCIM-based provisioning and automation

• Privileged account lifecycle management including discovery, onboarding, automated rotation, and decommissioning

• Just-in-Time (JIT) access, session recording, and privileged session management capabilities

• PAM integrations with Active Directory/LDAP, SIEM platforms (Splunk), ServiceNow, and ITSM workflows

Secrets Management

• Strong expertise with HashiCorp Vault — cluster architecture, HA/DR replication, secrets engines, auth methods, and Vault Agent

• Vault policy authoring, token lifecycle management, lease management, and automated secrets rotation

• HashiCorp Vault Enterprise features: namespaces, performance replication, HSM auto-unseal, and replication topology design

• Secrets injection patterns for containerized workloads: Vault Agent Injector, CSI secrets provider, and Vault Secrets Operator for Kubernetes

Public Key Infrastructure (PKI)

• Experience with Keyfactor Command — including CA management, certificate templates, enrollment profiles, ACME/SCEP/EST, REST API integrations, and reporting

• Experience with EJBCA — CA hierarchy design, end-entity profiles, certificate profiles, RA operations, and REST API integration

• PKI lifecycle management: certificate issuance, renewal, revocation, CRL/OCSP, and key escrow/recovery workflows

• Certificate automation and DevOps PKI integration (ACME, cert-manager, Keyfactor integrations with Kubernetes and CI/CD pipelines)

• HSM (Hardware Security Module) integration

• Microsoft ADCS administration and/or migration experience to enterprise CA platforms

Infrastructure Fundamentals

• Linux/Unix: file permissions, systemd services, network configuration, process management, and hardening for security platform components

• Windows Server: Active Directory, Group Policy, Windows Certificate Services, and PowerShell administration

• Containers: Kubernetes and container runtimes — deploying and operating security platform components in containerized environments

• Networking: TCP/IP, TLS/mTLS, DNS, load balancing, firewall rules, and proxy configurations for PAM/Vault/PKI

• Cloud: AWS and/or Azure — cloud IAM integrations with Vault and CyberArk, cloud-native secrets management, and PKI for cloud workloads

Programming & Automation

• Python and Shell/Bash/PowerShell scripting for platform automation, REST API integration, and operational tooling

• Ansible and Terraform for infrastructure-as-code, configuration management, and platform provisioning

• REST API consumption and development — building integrations between PAM, Vault, PKI, and enterprise systems

• CI/CD integration (Jenkins, GitLab CI, GitHub Actions) for secrets management pipelines and certificate lifecycle automation

Security & Compliance

• Identity, authentication, authorization, and zero-trust architecture principles

• Audit and compliance (PCI-DSS, SOX, and regulatory) — controls definition, evidence collection, and remediation for PAM, PKI, and Secrets Management findings

• Infrastructure & Cloud Security best practices including DevSecOps and secure SDLC

You’ll Love Working Here Because You Can

Join a team and culture where your voice matters; where every day, your work transforms our experiences to make lives better. As you put your skills to use, we’ll help you make an even bigger impact with learning experiences that can grow your technical AND leadership capabilities. You’ll be surprised by what this rock-solid organization has in store for you.

What we offer you:

Prudential is required by state specific laws to include the salary range for this role when hiring a resident in applicable locations. The salary range for this role is from $171,500.00 to $257,300.00. Specific pricing for the role may vary within the above range based on many factors including geographic location, candidate experience, and skills.

• Market competitive base salaries, with a yearly bonus potential at every level. 

• Medical, dental, vision, life insurance, disability insurance, Paid Time Off (PTO), and leave of absences, such as parental and military leave. 

• 401(k) plan with company match (up to 4%). 

• Company-funded pension plan. 

• Wellness Programs including up to $1,600 a year for reimbursement of items purchased to support personal wellbeing needs. 

• Work/Life Resources to help support topics such as parenting, housing, senior care, finances, pets, legal matters, education, emotional and mental health, and career development.  

• Education Benefit to help finance traditional college enrollment toward obtaining an approved degree and many accredited certificate programs.  

• Employee Stock Purchase Plan: Shares can be purchased at 85% of the lower of two prices (Beginning or End of the purchase period), after one year of service. 

Eligibility to participate in a discretionary annual incentive program is subject to the rules governing the program, whereby an award, if any, depends on various factors including, without limitation, individual and organizational performance. To find out more about our Total Rewards package, visit Work Life Balance | Prudential Careers. Some of the above benefits may not apply to part-time employees scheduled to work less than 20 hours per week.