Site Reliability Engineering Manager-Secure Data

Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation—inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact. To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures—and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive.

The Site Reliability Engineer (SRE) – Secrets Management is responsible for the reliable operation, automation, and support of BCG’s secrets management platforms, with a primary focus on HashiCorp Vault. This role ensures that credentials, keys, and tokens are securely stored and managed while applying SRE principles to maintain performance, availability, and security across Vault and cloud-native secret stores.

As a Vault-focused SME, the SRE will work closely with platform engineering, SecOps, cloud teams, and security engineering to integrate secrets management into enterprise workflows, strengthen security posture, and improve developer experience. This role emphasizes hands-on engineering, operational excellence, and continuous improvement rather than people or program management.

• Support day-to-day operations of HashiCorp Vault and cloud-native secret stores (AWS Secrets Manager, Azure Key Vault, GCP Secret Manager).
• Configure, maintain, and troubleshoot Vault clusters, namespaces, auth methods, secret engines, and policies.
• Develop and maintain processes for secure storage, rotation, and lifecycle management of credentials, certificates, and keys.
• Ensure vault services are reliable, monitored, and available for global teams with defined SLAs.
• Build automation for provisioning, storing, rotating, and managing credentials, certificates, and keys.
• Apply SRE principles to enhance reliability, performance, and scalability of secrets management services.
• Build and maintain monitoring, alerting, and dashboards for vault performance, access patterns, anomalies, and system health.
• Participate in incident response for secrets-related issues and contribute to root cause analysis and long-term corrective actions.
• Assist with capacity planning and performance tuning of Vault and related infrastructure.
• Monitor systems for performance and security events; partner with incident response teams for remediation.
• Define and track operational KPIs and SLOs for secrets management services.
• Align secrets management processes with BCG compliance requirements.
• Ensure audit logging, rotation policies, classification tags, and least-privilege controls are accurately enforced.
• Support security teams in audit readiness, evidence gathering, and policy validation.
• Partner with governance and security teams to ensure enforceable policies are embedded into processes and tools.
• Support audits and implement automated compliance checks within secrets management workflows.
• Work closely with platform, DevOps, and application teams to integrate secrets management into CI/CD pipelines and workflows.
• Provide guidance and enablement to developers and engineers on using vault services securely and effectively.
• Contribute to documentation, standards, and training to improve adoption and consistent usage of secrets management platforms.
• Support technical engagement with vendors and cloud providers.
• Manage and mentor engineers responsible for secrets management operations.
• Drive a culture of continuous improvement, knowledge sharing, and accountability.
• Identify opportunities to improve reliability, automation, and developer usability of secrets platforms.
• Support optimization efforts across Vault and cloud-vault services.
• Collaborate with senior engineers on enhancements to architecture, controls, and processes.

• 3–5+ years of experience in Site Reliability Engineering, platform engineering, or security engineering.
• 3+ years of experience managing secrets management platforms (e.g., HashiCorp Vault, AWS KMS, Azure Key Vault, GCP Secret Manager).
• Hands-on expertise with cloud-native environments (AWS, Azure, GCP).
• Experience embedding security into DevSecOps pipelines and Infrastructure-as-Code.
• Familiarity with cloud-native secret services such as AWS Secrets Manager, Azure Key Vault, or GCP Secret Manager.
• Understanding of secret lifecycle management, cryptographic key handling, and secure credential practices.
• Experience with Terraform or similar Infrastructure-as-Code tools.
• Experience integrating secrets into CI/CD pipelines and cloud-native workloads.
• Strong troubleshooting and system analysis skills; ability to work across distributed systems.
• Demonstrated ability to manage complex services and present technical solutions to stakeholders.

• Certifications such as CISSP, CCSP, AWS/Azure Security Specialty, or HashiCorp Vault Certification.
• Experience with automation frameworks, containerization (Docker/Kubernetes), and CI/CD tools.
• Familiarity with SRE practices and monitoring/observability tools.
• Experience with Kubernetes, containers, and modern workload identity approaches (JWT, OIDC, SPIFFE/SPIRE).
• Basic understanding of compliance frameworks and security standards.

• Hybrid or on-site work model.
• Occasional travel may be required for business or team engagements.
• Ability to thrive in a fast-paced, global environment balancing operational priorities with security requirements.