Product Security Engineer - Cryptography & PKI

1X Technologies ASPalo Alto, CA
99d
Match Resume

About The Position

We are seeking a skilled professional to design and manage end-to-end cryptographic services, including Public Key Infrastructure (PKI) and key lifecycle management. The role involves establishing Hardware Security Module (HSM) infrastructure as the root-of-trust for firmware signing and IoT endpoint authentication. You will lead the evaluation, procurement, installation, configuration, and integration of HSM vendors. The position requires architecting key management at scale, transitioning from hundreds of devices today to over a million in the future. You will also design remote device attestation mechanisms, such as fTPM/OP-TEE, linked to the HSM root-of-trust, and build automated secure firmware and bootloader signing pipelines. Additionally, you will define trust infrastructure and author processes for key generation, provisioning, rotation, and destruction, while securing build and artifact pipelines and code-signing workflows. The role includes developing factory provisioning architecture for mass key and certificate distribution and supporting the development of secure communication protocols. Collaboration with ProdSec, Cloud Infra, device, and SecOps teams as an individual contributor is also a key aspect of this position.

Requirements

  • Experience deploying and operating HSM appliances
  • Experience architecting PKI for large-scale IoT deployments
  • Strong knowledge of device attestation flows (fTPM/OP-TEE or similar)
  • Linux proficiency and scripting (Python, Bash) for CA, HSM and provisioning automation
  • Solid secure firmware signing and code-integrity practices
  • Ability to create, enforce, and document robust crypto-process playbooks, including the development and maintenance of Certificate Policies (CP) and Certification Practice Statements (CPS) to support enterprise PKI governance.

Nice To Haves

  • Vendor-specific HSM credentials or labs (Thales, Utimaco, AWS CloudHSM)
  • NVIDIA Orin or similar SoC platform experience
  • Background in post-quantum crypto evaluation and migration planning
  • Familiarity with large-scale factory provisioning tools (KMIP gateways, ACME/SCEP)
  • ProdSec/supply-chain security expertise (SBOMs, CI/CD hardening)
  • Experience in C/C++/Rust/GoLang (in addition to Python / Bash)
  • GoLang preferred
  • Additional security certifications

Responsibilities

  • Design & manage end-to-end cryptographic services (PKI, key lifecycle)
  • Stand up HSM infrastructure as the root-of-trust for firmware signing and IoT endpoint authentication
  • Lead HSM vendor evaluation, procurement, installation, configuration and integration
  • Architect key management at scale—from hundreds of devices today to 1 million+ over time
  • Design remote device attestation mechanisms (fTPM/OP-TEE or equivalent) tied back to the HSM root-of-trust
  • Build and automate secure firmware/bootloader signing pipelines
  • Define trust infrastructure and author key-generation, provisioning, rotation and destruction processes
  • Secure build/artifact pipelines, code-signing workflows
  • Develop factory provisioning architecture for mass key/certificate distribution
  • Support the development of secure communication protocols
  • Collaborate as an individual contributor with ProdSec, Cloud Infra, device and SecOps teams

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Number of Employees

101-250 employees

Job Search Resources

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service