Note: Fidelity will not provide immigration sponsorship for this position
Principal Systems Analyst, Non‑Human Identity and Secrets Management
The Role
The Principal Systems Analyst for Non-Interactive Secrets Management is the technical and analytical lead responsible for backlog refinement, requirements, and assisting in delivery of the firm’s non‑interactive secrets platforms. This role translates complex cybersecurity needs into clear requirements, structured user stories, measurable outcomes, and actionable acceptance criteria. With deep expertise in HashiCorp Vault and broader non‑human identity frameworks, including SPIFFE/SPIRE, workload identities, and service authentication patterns, this ensures our platform architecture and onboarding models are robust, secure, and scalable. The analyst drives the earliest and most critical stages of work: discovery, requirements definition, dependency mapping, and bringing clarity to ambiguous, cross-domain challenges.
The Expertise and Skills You Bring
Lead discovery, analysis requirements gathering.
Break large initiatives into well‑defined epics and user stories.
Serve as the team’s primary analytical authority, ensuring requirements are technically sound.
Define functional specifications, workflows, integration requirements, and service consumption models for secrets management.
Partner closely with engineers across the full delivery lifecycle, providing clarity and alignment from design through deployment.
Drive consistent onboarding and service patterns, self‑service enablement, and operational excellence.
Contribute to platform roadmaps, architecture discussions, control patterns, and capability evolution.
Bachelor’s degree in Computer Science, Information Security, Engineering, or related field (Master’s preferred).
Required: 5 years’ experience in systems and technical analysis
Strong expertise in HashiCorp Vault and non‑interactive secrets workflows (policies, auth methods, KV, Transit, dynamic secrets, integrations).
Advanced analytical and problem‑solving skills with the ability to decompose complex, multi‑domain problems into clear, actionable components.
Proven experience writing high-quality user stories, acceptance criteria, requirements documents, and systems/process specifications.
Excellent communication and facilitation skills, capable of driving alignment across engineering, product, and business stakeholders.
Strong understanding of cloud infrastructure and identity (AWS IAM roles/policies, Azure Managed Identities, Kubernetes workload identities, service mesh patterns).
Knowledge of non-human identity and workload identity technologies such as SPIFFE/SPIRE, cloud workload identities, X.509/SVID issuance, and service authentication models.
Most roles at Fidelity are Hybrid, requiring associates to work onsite every other week (all business days, M-F) in a Fidelity office. This does not apply to Remote or fully Onsite roles. Some roles may have unique onsite requirements. Please consult with your recruiter for the specific expectations for this position.
Please be advised that Fidelity’s business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.