Who We Are
Applied Materials is a global leader in materials engineering solutions used to produce virtually every new chip and advanced display in the world. We design, build and service cutting-edge equipment that helps our customers manufacture display and semiconductor chips – the brains of devices we use every day. As the foundation of the global electronics industry, Applied enables the exciting technologies that literally connect our world – like AI and IoT. If you want to push the boundaries of materials science and engineering to create next generation technology, join us to deliver material innovation that changes the world.
What We Offer
Location:
Bangalore,IND
You’ll benefit from a supportive work culture that encourages you to learn, develop, and grow your career as you take on challenges and drive innovative solutions for our customers. We empower our team to push the boundaries of what is possible—while learning every day in a supportive leading global company. Visit our Careers website to learn more.
At Applied Materials, we care about the health and wellbeing of our employees. We’re committed to providing programs and support that encourage personal and professional growth and care for you at work, at home, or wherever you may go. Learn more about our
benefits
.
About the Role
Join Applied Materials as a PAM & Secrets Management Engineer to lead privileged access management and secrets management initiatives across our global enterprise infrastructure. You'll architect and operate enterprise-scale PAM solutions (CyberArk) and HashiCorp Vault, working at the intersection of security, DevOps, and cloud platforms to protect critical systems and enable secure development.
Key Responsibilities
Privileged Access Management (PAM)
Design, implement, and manage enterprise PAM solutions at scale (500+ concurrent sessions, 2K+ daily logins, 2.5K+ targets)
Operate and maintain CyberArk self-hosted environment lead evaluation of alternatives (Delinea, BeyondTrust, CyberArk Privilege Cloud)
Architect privileged session management (PSM) for RDP, SSH with native client support and passwordless credential injection
Implement automated account discovery and onboarding workflows (Windows local, AD, Linux/Unix accounts)
Configure session recording, monitoring, and alerting for compliance and security
Troubleshoot and resolve PAM infrastructure stability issues (eliminating outages)
Secrets Management
Architect and operate HashiCorp Vault Enterprise at scale across multi-cloud environments
Implement Vault secrets engines: KV v2, Dynamic Secrets (LDAP, Azure, databases), PKI, Transit Encryption
Design and deploy Vault authentication methods: OIDC/JWT, Kubernetes, AppRole, AWS IAM, Azure AD
Configure Vault policies and namespaces for multi-tenant secret isolation
Integrate Vault with CI/CD pipelines (Jenkins, GitLab, GitHub Actions, Azure DevOps) for secure secret injection
Implement Vault Agent and sidecar injectors for application secret delivery
Configure Vault auto-unseal with cloud KMS (AWS KMS, Azure Key Vault, GCP Cloud KMS)
Manage Vault high availability, disaster recovery, and performance tuning
Implement secret rotation automation for databases, cloud credentials, and API keys
Cross-Functional Collaboration
Partner with CI/CD, Network, Cloud, and Platform teams to integrate PAM/SM controls
Lead incident response for privileged access breaches and secrets exposure events
Conduct security assessments and ensure compliance with SOX, PCI-DSS, ISO 27001
Automate PAM and Secret Management workflows using Python, Bash, PowerShell, Terraform, Ansible
Required Qualifications
Privileged Access Management (PAM) Expertise:
5+ years hands-on experience with enterprise PAM solutions at scale (10,000+ employees or global infrastructure)
Deep experience with privileged session management: RDP, SSH session recording, monitoring, and credential injection
Strong understanding of account lifecycle management: discovery, onboarding, rotation for Windows local, AD, Linux/Unix accounts
Experience with PAM platforms: CyberArk (PAS, PVWA, CPM, PSM) or equivalent (BeyondTrust, Delinea, Arcon)
Knowledge of least privilege principles and privilege elevation workflows
Experience integrating PAM with approval workflows (ServiceNow, ITSM tools)
Understanding of session isolation, credential vaulting, and password/SSH key rotation
Familiarity with PAM architecture: high availability, disaster recovery, horizontal scaling
Secrets Management Expertise:
3+ years hands-on experience with HashiCorp Vault in production environments
Deep knowledge of Vault secrets engines: KV (v1/v2), Dynamic Secrets (databases, AWS, Azure), PKI, Transit, SSH, TOTP
Experience with Vault authentication methods: Kubernetes, AppRole, OIDC/JWT, AWS IAM, Azure AD, LDAP, TLS Certificates
Strong understanding of Vault policies, namespaces, and entity/identity management
Experience with Vault Agent, sidecar injectors, and application integration patterns
Knowledge of Vault operations: auto-unseal (HSM), replication (DR/Performance), backup/restore, upgrades
Experience integrating Vault with CI/CD pipelines for dynamic secret injection
Understanding of secret zero problem and secure secret bootstrap mechanisms
Technical & Cloud Skills:
Multi-cloud secrets management: AWS Secrets Manager/IAM, Azure Key Vault/Managed Identity, GCP Secret Manager
Experience with Kubernetes: Vault sidecar injection, CSI secret driver, external secrets operator
Proficiency in scripting and automation: Python, Bash, PowerShell, Go (preferred)
Experience with Infrastructure-as-Code: Terraform, Ansible (Vault configuration automation)
Understanding of PKI fundamentals: certificate lifecycle, CA hierarchies, mTLS, certificate-based authentication
Experience with Directory services: Active Directory, LDAP (for PAM/Vault integration)
Collaboration & Communication Skills:
Proven track record working with DevOps, Platform Engineering, Cloud, and Network teams
Strong communication skills with technical and non-technical stakeholders
Ability to lead cross-functional PAM/SM initiatives and provide technical mentorship
Experience in incident response for privileged access and secret exposure events
Preferred Qualifications (Advantages)
CyberArk Certified: CyberArk Defender, Sentry, or Trustee certifications
Hands-on experience in Delinea Secret Server, BeyondTrust, Arcon, CyberArk Privilege Cloud
Experience with account discovery automation and policy-based onboarding at scale
HashiCorp Certified: Vault Associate or Vault Professional certification
Deep knowledge of Vault database secrets engine: PostgreSQL, MySQL, MongoDB, MSSQL, Oracle dynamic credentials
Hands-on with Vault Transit engine: encryption-as-a-service, key derivation, convergent encryption
Experience with Vault SSH secrets engine: signed SSH certificates, OTP SSH, CA-based SSH access
Experience with Vault KMIP secrets engine for legacy application encryption key management
Experience with Vault monitoring: metrics (Prometheus), logging, audit logs, performance tuning
Certifications & Education:
Bachelor's degree in Computer Science, Information Security, or related field
Professional certifications: CyberArk CDE/Sentry, HashiCorp Vault Associate/Professional, CISSP, CISM, CISA, CEH
Cloud certifications: AWS Security Specialty, Azure Security Engineer, GCP Security Engineer
Compliance & Architecture:
Deep knowledge of compliance frameworks: SOX, PCI-DSS, NIST CSF, ISO 27001, GDPR, HIPAA
Experience with zero-trust architecture and secrets management in zero-trust models
Understanding of threat modeling for privileged access and secret exposure risks
Additional Information
Time Type:
Full time
Employee Type:
Assignee / Regular
Travel:
Yes, 10% of the Time
Relocation Eligible:
Yes
Applied Materials is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, national origin, citizenship, ancestry, religion, creed, sex, sexual orientation, gender identity, age, disability, veteran or military status, or any other basis prohibited by law.
