Cyber Security Engineer – PKI & Secrets Management

About The Position

Requirements

• Bachelor’s degree in Computer Science, Mathematics, Physics, or equivalent experience.
• Proven experience in enterprise security engineering or Site Reliability Engineering (SRE).
• Hands-on experience with secrets management platforms (e.g., HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, BeyondTrust).
• Strong understanding of public-key cryptography, PKI, and cryptographic protocols.
• Experience designing and operating production-level PKI systems.
• Proficiency with infrastructure-as-code tools (e.g., Terraform).
• Familiarity with cloud platforms (AWS, GCP, Azure).
• Experience with containerization, orchestration, and CI/CD workflows.
• Strong communication skills and ability to present technical concepts to leadership.
• Solid threat modeling and security architecture skills.

Nice To Haves

• HashiCorp Vault certification or demonstrable expert-level proficiency.
• Deep expertise in HashiCorp Vault and Terraform.
• Experience scaling backend systems and implementing secure hardware (HSM, TPM, TEE, etc.).
• Familiarity with modern authentication protocols (OAuth 2.0, OIDC, WebAuthn/FIDO2, Zero Trust).
• Experience with remote attestation and secure enclave technologies.
• Proficiency in Go, Rust, Python, or Node.js.
• Passion for security, attention to detail, and a drive for correctness.

Responsibilities

• Architecting and operating scalable, secure PKI and secrets management services.
• Leading design decisions that shape internal trust models and access to sensitive data.
• Developing and maintaining policies, processes, and controls for key and secrets lifecycle management.
• Collaborating across engineering, infrastructure, and leadership teams to deliver robust cryptographic systems.
• Mentoring team members and driving technical excellence across the organization.
• Advising leadership on long-term security architecture strategies.
• Participating in on-call rotations for global, critical services.