Senior Security Engineer – PKI & Platform Security

Senior PKI & HSM Engineer

We're looking for a Senior PKI & HSM Engineer to own our cryptographic infrastructure end-to-end. This is a deeply technical role for someone who lives and breathes certificates, keys, and HSMs and who can bring automation and DevOps sensibilities to modernize how we operate them.

What You'll Do

• Manage Public Key Infrastructure across its full lifecycle, including certificate issuance, renewal, revocation, and policy enforcement at enterprise scale
• Integrate and maintain Hardware Security Modules (HSMs) for secure cryptographic key storage and operations, ensuring high availability and regulatory compliance
• Administer Certificate Lifecycle Management (CLM) platforms to automate provisioning and eliminate expiration-related outages
• Enforce secure key management practices around rotation, storage, auditing, and policy compliance
• Lead L3-level troubleshooting for PKI, HSM, and CLM issues across cloud, on-prem, and containerized environments
• Develop automation using Python, Bash, and RESTful APIs to streamline certificate operations, key rotations, and compliance reporting
• Work across AWS, Azure, and GCP, integrating native key management services (KMS, Key Vault, Cloud KMS) with our PKI ecosystem
• Partner with application, infrastructure, and security teams to embed cryptographic best practices across the organization

Nice to Have (DevSecOps Exposure)

Beyond the core PKI/HSM work, you'll have opportunities to contribute to our broader security engineering efforts. Familiarity with any of the following is a plus:

• Designing secure CI/CD pipelines with Jenkins, GitLab CI, or GitHub Actions
• Containerized workloads using Docker and Kubernetes
• Security platforms like Trend Micro Vision One and container security tooling
• Observability stacks like ELK, monitoring, and incident response workflows
• Vulnerability detection and remediation across the SDLC

What We're Looking For

• Deep, hands-on experience managing enterprise PKI (issuance, revocation, OCSP/CRL, trust hierarchies)
• Strong working knowledge of HSMs (Thales, Entrust, AWS CloudHSM, or similar) and PKCS#11
• Experience with Certificate Lifecycle Management platforms (Venafi, AppViewX, Keyfactor, or equivalent)
• Solid scripting skills in Python and Bash, plus comfort working with RESTful APIs
• Working knowledge of at least one major cloud provider's key management services
• L3-level troubleshooting experience across Linux, Windows, and networking
• A security-first mindset and a track record of automating manual cryptographic operations