Non-Human Identities (NHI) Management Engineer
SAP Labs · Bangalore · Posted 2026-05-22
Tech stack: AWS, Azure, GCP, Kubernetes, Python, Terraform
About the role
Responsibilities:
- In this role, you will build and scale automated, secure, and self-service capabilities for managing
- non-human identities across enterprise environments.
- You will design and implement automation
- frameworks that govern the full lifecycle of credentials, secrets, and certificates—ensuring secure,
- compliant, and efficient access for applications, services, and pipelines.
- Your work will focus on eliminating manual processes and hardcoded credentials by integrating
- secrets management platforms into CI/CD pipelines, enabling dynamic and secure secrets
- delivery at runtime. You will develop automation to continuously discover unmanaged or
- misconfigured identities across cloud and on-prem landscapes, reducing risk and improving
- visibility.
- You will engineer event-driven workflows for credential rotation, expiry management, and policy
- enforcement, as well as build infrastructure-as-code patterns to standardize vault provisioning
- and configuration.
- A key part of your impact will be enabling application teams through self-
- service onboarding capabilities, accelerating adoption of secure secrets management without
- friction.
- By collaborating with security operations and engineering teams, you will help automate incident
- response and enforce security best practices, ensuring that NHI access is continuously monitored,
- validated, and aligned with enterprise policies.
- Your contributions will directly improve the
- organization’s security posture while enabling developers to innovate securely at scale.
Qualifications:
- Proven experience in security engineering, DevSecOps, or IAM/PAM domains, with a
- focus on non-human identity and secrets management
- Strong hands-on expertise with secrets management platforms (e.g., CyberArk, HashiCorp
- Vault, cloud-native secret managers) and their configuration (auth methods, policies,
- secrets engines)
- Solid understanding of NHI lifecycle management including credential rotation, certificate
- management, and secure onboarding practices
- Experience integrating secrets management into CI/CD pipelines and enabling secure,
- pipeline-native secret injection
- Proficiency in automation and infrastructure-as-code tools (e.g., Terraform, scripting
- languages such as Python or Bash)
- Experience with cloud platforms (AWS, Azure, GCP) and containerized environments
- (Kubernetes) in the context of identity and secrets security
- Ability to design and implement automated workflows for discovery, rotation, policy
- enforcement, and compliance validation
- Strong troubleshooting skills to resolve integration and deployment challenges across
- platforms and applications
- Experience working cross-functionally with development, platform, and security teams,
- including conducting technical workshops and providing guidance
- Good to have: experience with security testing practices (including chaos testing or
- penetration testing support), and exposure to event-driven architectures and
- orchestration tools
- #LI-AC99
Qualifications
- Proven experience in security engineering, DevSecOps, or IAM/PAM domains, with a focus on non-human identity and secrets management
- Strong hands-on expertise with secrets management platforms (e.g., CyberArk, HashiCorp Vault, cloud-native secret managers) and their configuration (auth methods, policies secrets engines)
- Solid understanding of NHI lifecycle management including credential rotation, certificate management, and secure onboarding practices
- Experience integrating secrets management into CI/CD pipelines and enabling secure pipeline-native secret injection
- Proficiency in automation and infrastructure-as-code tools (e.g., Terraform, scripting languages such as Python or Bash)
- Experience with cloud platforms (AWS, Azure, GCP) and containerized environments
- (Kubernetes) in the context of identity and secrets security
- Ability to design and implement automated workflows for discovery, rotation, policy enforcement, and compliance validation
- Strong troubleshooting skills to resolve integration and deployment challenges across platforms and applications
- Experience working cross-functionally with development, platform, and security teams including conducting technical workshops and providing guidance
- Good to have: experience with security testing practices (including chaos testing or penetration testing support), and exposure to event-driven architectures and orchestration tools
Responsibilities
- In this role, you will build and scale automated, secure, and self-service capabilities for managing non-human identities across enterprise environments.
- You will design and implement automation frameworks that govern the full lifecycle of credentials, secrets, and certificates—ensuring secure compliant, and efficient access for applications, services, and pipelines.
- Your work will focus on eliminating manual processes and hardcoded credentials by integrating secrets management platforms into CI/CD pipelines, enabling dynamic and secure secrets delivery at runtime.
- You will develop automation to continuously discover unmanaged or misconfigured identities across cloud and on-prem landscapes, reducing risk and improving visibility.
- You will engineer event-driven workflows for credential rotation, expiry management, and policy enforcement, as well as build infrastructure-as-code patterns to standardize vault provisioning and configuration.
- A key part of your impact will be enabling application teams through self- service onboarding capabilities, accelerating adoption of secure secrets management without friction.
- By collaborating with security operations and engineering teams, you will help automate incident response and enforce security best practices, ensuring that NHI access is continuously monitored validated, and aligned with enterprise policies.
- Your contributions will directly improve the organization’s security posture while enabling developers to innovate securely at scale.