At Anaplan, we are a team of innovators focused on optimizing business decision-making through our leading AI-infused scenario planning and analysis platform so our customers can outpace their competition and the market.

What unites Anaplanners across teams and geographies is our collective commitment to our customers’ success and to our Winning Culture.

Our customers rank among the who’s who in the Fortune 50. Coca-Cola, LinkedIn, Adobe, LVMH and Bayer are just a few of the 2,400+ global companies who rely on our best-in-class platform.

Our Winning Culture is the engine that drives our teams of innovators. We champion diversity of thought and ideas, we behave like leaders regardless of title, we are committed to achieving ambitious goals, and we love celebrating our wins – big and small.

Supported by operating principles of being strategy-led, values-based and disciplined in execution, you’ll be inspired, connected, developed and rewarded here. Everything that makes you unique is welcome; join us and let’s build what’s next - together!

Anaplan is looking for a Principal Infrastructure Engineer to lead the design and build of a new, multi-region HashiCorp Vault platform. This is a pivotal role where you will serve as our Subject Matter Expert (SME), shaping the future of secrets management and governance for a platform that supports hundreds of engineers and top-flight companies around the world.

This is a hybrid role requiring at least two days a week in our Manchester office.

Your Impact

Lead the architecture, design, and implementation of a new, multi-region HashiCorp Vault platform on public cloud.
Take ownership of the solution architecture, creating and maintaining high-quality design documents and Architecture Decision Records (ADRs).
Ensure platform resilience by developing and testing robust strategies for performance, Disaster Recovery (DR), and High Availability (HA).
Act as the primary SME for the organisation on all aspects of Vault and modern secrets management, actively championing and evangelising best practices.
Collaborate with and influence stakeholders, platform teams, and software engineers to ensure the smooth and secure integration of their services with the Vault ecosystem.
Partner with Security to define the control requirements for the Vault platform (policy standards, privileged access, audit/evidence, compliance needs) and ensure designs meet those requirements.
Lead regular security design reviews for Vault architecture decisions (authn/authz, policy model, namespaces/tenancy, seal strategy with KMS/HSM, audit logging) and drive alignment/sign-off with Security.
Establish joint operating processes with Security for incident response and investigations, including break-glass access, audit log access patterns, and post-incident remediation.
Coach and mentor other engineers on security best practices and the adoption of the new secrets management platform.

Your Skills

You have hands-on expertise in designing, implementing, and operating HashiCorp Vault in large-scale production environments.
Proven experience with multi-region deployments on public cloud platforms, preferably AWS. Experience with GCP and Azure is also highly valuable.
Proficient with Infrastructure as Code (IaC) and Terraform.
Knowledge of modern authentication and authorisation mechanisms (e.g., OIDC, SAML, JWT).
Experience managing Public Key Infrastructure (PKI) and certificate lifecycles.
Experience with observability tooling such as Grafana, Prometheus, and Loki.
Proficient with Kubernetes and managed Kubernetes platforms such as EKS, GKS, and AKS.
Experience with Kubernetes tooling such as Helm and Argo CD.
You have a quality-first mindset with demonstrable experience in creating and automating testing strategies for critical infrastructure.
You are happy to write and maintain clear documentation for other teams.
You have excellent communication skills, with a proven ability to influence technical direction and mentor both junior and senior engineers.

Bonus Points For:

Scripting or development experience in Go, Python, or similar.
Experience writing or maintaining Kubernetes Operators.

Our Commitment to Diversity, Equity, Inclusion and Belonging (DEIB)

We believe attracting and retaining the best talent and fostering an inclusive culture strengthens our business. DEIB improves our workforce, enhances trust with our partners and customers, and drives business success. Build your career in a place where diversity, equity, inclusion and belonging aren’t just words on paper – this is what drives our innovation, it’s how we connect, and it contributes to what makes us a market leader. We believe in a hiring and working environment where all people are respected and valued, regardless of gender identity or expression, sexual orientation, religion, ethnicity, age, neurodiversity, disability status, citizenship, or any other aspect which makes people unique. We hire you for who you are, and we want you to bring your authentic self to work every day! 

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, perform essential job functions, and receive equitable benefits and all privileges of employment. Please contact us to request accommodation. 

Fraud Recruitment Disclaimer 

It has come to our attention that fraudulent and fictitious job opportunities are being circulated on the Internet. Prospective candidates are being contacted by certain individuals, mainly through telephone calls, emails and correspondence, claiming they are representatives of Anaplan. The main purpose of these correspondences and announcements is to obtain privileged information from individuals.  

Anaplan does not: 

Extend offers to candidates without an extensive interview process with a member of our recruitment team and a hiring manager via video or in person.  
Send job offers via email. All offers are first extended verbally by a member of our internal recruitment team whenever possible and then followed up via written communication.

All emails from Anaplan would come from an @anaplan.com email address. Should you have any doubts about the authenticity of an email, letter or telephone communication purportedly from, for, or on behalf of Anaplan, please send an email to [email protected] before taking any further action in relation to the correspondence.  

Principal Infrastructure Engineer

AI overview