Locations: Boston | Atlanta | London

Who We Are

Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact.

To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures—and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive.

What You'll Do

The Site Reliability Engineer (SRE) – Secrets Management is responsible for the reliable operation, automation, and support of BCG’s secrets management platforms, with a primary focus on HashiCorp Vault. This role ensures that credentials, keys, and tokens are securely stored and managed while applying SRE principles to maintain performance, availability, and security across Vault and cloud-native secret stores.

 

As a Vault-focused SME, the SRE will work closely with platform engineering, SecOps, cloud teams, and security engineering to integrate secrets management into enterprise workflows, strengthen security posture, and improve developer experience. This role emphasizes hands-on engineering, operational excellence, and continuous improvement rather than people or program management.

 

Key Responsibilities:

 

Secrets Management & Operations

Support day-to-day operations of HashiCorp Vault and cloud-native secret stores (AWS Secrets Manager, Azure Key Vault, GCP Secret Manager).Configure, maintain, and troubleshoot Vault clusters, namespaces, auth methods, secret engines, and policies.Develop and maintain processes for secure storage, rotation, and lifecycle management of credentials, certificates, and keys.Ensure vault services are reliable, monitored, and available for global teams with defined SLAs.Build automation for provisioning, storing, rotating, and managing credentials, certificates, and keys.

Service Reliability & Assurance

Apply SRE principles to enhance reliability, performance, and scalability of secrets management services.Build and maintain monitoring, alerting, and dashboards for vault performance, access patterns, anomalies, and system health.Participate in incident response for secrets-related issues and contribute to root cause analysis and long-term corrective actions.Assist with capacity planning and performance tuning of Vault and related infrastructure. Monitor systems for performance and security events; partner with incident response teams for remediation.Define and track operational KPIs and SLOs for secrets management services.

Governance, Compliance & Risk

Align secrets management processes with BCG compliance requirementsEnsure audit logging, rotation policies, classification tags, and least-privilege controls are accurately enforced.Support security teams in audit readiness, evidence gathering, and policy validation.Partner with governance and security teams to ensure enforceable policies are embedded into processes and tools.Support audits and implement automated compliance checks within secrets management workflows.

Collaboration & Enablement

Work closely with platform, DevOps, and application teams to integrate secrets management into CI/CD pipelines and workflows.Provide guidance and enablement to developers and engineers on using vault services securely and effectively.Contribute to documentation, standards, and training to improve adoption and consistent usage of secrets management platforms.

Vendor & Financial Oversight

C Support technical engagement with vendors and cloud providers.

 

Leadership & Development

Manage and mentor engineers responsible for secrets management operations.

Continuous Improvement & Tooling

Drive a culture of continuous improvement, knowledge sharing, and accountability.Identify opportunities to improve reliability, automation, and developer usability of secrets platforms.Support optimization efforts across Vault and cloud-vault services.Collaborate with senior engineers on enhancements to architecture, controls, and processes.

What You'll Bring

Required Qualifications

3–5+ years of experience in Site Reliability Engineering, platform engineering, or security engineering.3+ years of experience managing secrets management platforms (e.g., HashiCorp Vault, AWS KMS, Azure Key Vault, GCP Secret Manager).Hands-on expertise with cloud-native environments (AWS, Azure, GCP).Experience embedding security into DevSecOps pipelines and Infrastructure-as-Code.Familiarity with cloud-native secret services such as AWS Secrets Manager, Azure Key Vault, or GCP Secret Manager.Understanding of secret lifecycle management, cryptographic key handling, and secure credential practices.Experience with Terraform or similar Infrastructure-as-Code tools.Experience integrating secrets into CI/CD pipelines and cloud-native workloads.Strong troubleshooting and system analysis skills; ability to work across distributed systems.Demonstrated ability to manage complex services and present technical solutions to stakeholders.

Preferred Qualifications

Certifications such as CISSP, CCSP, AWS/Azure Security Specialty, or HashiCorp Vault Certification.Experience with automation frameworks, containerization (Docker/Kubernetes), and CI/CD tools.Familiarity with SRE practices and monitoring/observability tools.Experience with Kubernetes, containers, and modern workload identity approaches (JWT, OIDC, SPIFFE/SPIRE).Basic understanding of compliance frameworks and security standards.

Additional info

Work Environment & Additional Information

 

Hybrid or on-site work model.Occasional travel may be required for business or team engagements.Ability to thrive in a fast-paced, global environment balancing operational priorities with security requirements.

 

*** For US locations only ***

In the US, we have a compensation transparency approach.

Total compensation for this role includes base salary, annual discretionary performance bonus, retirement contribution, and a market leading benefits package described below.

• The base salary range for this role begins at $121,000 in our lowest cost US region and goes up to $164,000 in our highest cost US region. Your recruiting contact can share more about the specific salary range for your preferred location during the hiring process.

This is an estimated range, however, specific base salaries within the range depend on various factors such as experience and skill set. It is not common for new BCG employees to be hired at the high-end of the salary range. BCG regularly reviews its ranges to ensure market competitiveness.

In addition to your base salary, your total compensation will include a bonus of up to 16% and a generous retirement contribution that starts at 5% and moves to 10% after 2 years.

All of our plans provide best in class coverage:

Zero dollar ($0) health insurance premiums for BCG employees, spouses, and childrenLow $10 (USD) copays for trips to the doctor, urgent care visits and prescriptions for generic drugsDental coverage, including up to $5,000 in orthodontia benefitsVision insurance with coverage for both glasses and contact lenses annuallyReimbursement for gym memberships and other fitness activitiesFully vested Profit Sharing Retirement Fund contributions made annually, whether you contribute or not, plus the option for employees to make personal contributions to a 401(k) planPaid Parental Leave and other family benefits such as elective egg freezing, surrogacy, and adoption reimbursementGenerous paid time off including 12 holidays per year, an annual office closure between Christmas and New Years, and 15 vacation days per year (earned at 1.25 days per month)Paid sick time on an as needed basis

Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws.\n
BCG is an E - Verify Employer. Click here for more information on E-Verify.