Secrets Engineer

At Graphcore, we’re building the future of AI compute.

We’re a team of semiconductor, software and AI experts, with deep experience in creating the complete AI compute stack - from silicon and software to infrastructure at datacenter scale.

As part of the SoftBank Group, backed by significant long-term investment, we are delivering key technology into the fast-growing SoftBank AI ecosystem.To meet the vast and exciting AI opportunity, Graphcore is expanding its teams around the world.We are bringing together the brightest minds to solve the toughest problems, in a place where everyone has the opportunity to make an impact on the company, our products and the future of artificial intelligence.

Job Summary

We are seeking a Secrets Engineer to lead the development, deployment, and ownership of a secure, scalable secrets-management platform for the entire organization. You will build a new enterprise-grade HashiCorp Vault or OpenBao environment from scratch. It must be highly available, resilient, and suited for long-term use. 

This is a strategic role: you will deliver and operate the central platform. You will also collaborate with engineering, security, and operations teams that manage localized or ad-hoc secrets systems. A key part of your mission is to unify and standardize these methods across Graphcore, ensuring consistent guidelines, smooth migration, and organization-wide support. 

The Team

You’ll be joining a multidisciplinary team with strong technical skills and a very encouraging culture. We work closely together and regularly share knowledge, and your skills will make a direct impact on our business. It’s an exciting and pivotal moment for us right now, with plenty of new projects ahead. If you’re looking to solve interesting problems and see your work deliver real-world results, this is the team for you.

Responsibilities and Duties

Platform Ownership & Implementation

• Build, deploy, and operate an organization-wide HashiCorp Vault or OpenBao platform from scratch, ensuring high availability, scalability, and strong security posture.

• Define architecture for clustering, storage backends, auto-unseal, disaster recovery, and performance replication.

• Develop migration strategies and reference frameworks that allow other teams to move from their current secrets tools to the central platform.

• Standardization & Governance

• Collaborate with groups from engineering, security, and operations to merge various secrets stores into one unified system.

• Develop organizational standards, policies, access models, and workflows to ensure consistent, secure usage of the platform.

• Advocate for guidelines in secret lifecycle management, authentication methods, and identity federation.

Integrations, Enablement, and Developer Experience

• Build tooling, automation, onboarding guides, and libraries to help teams adopt Vault/OpenBao easily and accurately.

• Integrate Vault/OpenBao with CI/CD systems, cloud platforms, and internal services.

• Deliver workshops, training, and direct technical support to accelerate adoption.

Research & Advanced Security Capabilities

• Evaluate approaches for secure password storage for individual users—either within Vault/OpenBao or by assessing alternatives such as BitLocker or other credential-management systems.
• Conduct an initial study on the feasibility of implementing SPIFFE/SPIRE for workload identity, attestation, and zero-trust authentication, outlining future pathways and recommendations.

Collaboration & Cross-Team Work

• Partner with HPC, Networking, Storage, Security, and Cloud Engineering teams to ensure seamless integration of secrets workflows into broader infrastructure systems.
• Find opportunities to improve security posture and operational efficiency through automation and standardized secrets management. 

Candidate Profile

Essential:

• 4+ years in DevOps, SRE, security engineering, or platform engineering roles.
• Direct experience deploying and operating HashiCorp Vault, OpenBao, or a similar enterprise secrets-management system.
• Strong understanding of authentication backends (OIDC, LDAP, cloud IAM), secret engines, PKI, encryption, and token/credential lifecycle.
• Solid Linux administration and shell scripting experience.
• Experience with Infrastructure-as-Code (Terraform preferred) and CI/CD automation.
• Strong communication skills with the ability to collaborate across multiple engineering and security fields.

Desirable:

• Experience crafting HA/DR architectures for Vault/OpenBao.
• Experience connecting Vault with cloud platforms (AWS, Azure, GCP) and CI/CD pipelines.
• Knowledge of SPIFFE/SPIRE, workload identity, or zero-trust architectures.
• Understanding of modern security tooling, certificate management, or identity platforms.
• Python programming experience for automation and tooling.

We welcome people of different backgrounds and experiences; we’re committed to building an inclusive work environment that makes Graphcore a great home for everyone. We offer an equal opportunity process and understand that there are visible and invisible differences in all of us. We can provide a flexible approach to interview and encourage you to chat to us if you require any reasonable adjustments.