Staff Cybersecurity Engineer

About The Position

Requirements

• Bachelor’s degree in Computer Science, Mathematics, Physics, or equivalent senior-level industry experience.
• 7+ years experience in enterprise security engineering or Site Reliability Engineering (SRE), with direct responsibility for high-availability security or cryptographic services.
• 7+ years experience with enterprise secrets management platforms (e.g., HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, BeyondTrust), including architecture, operations, and integration at scale.
• Strong understanding of public-key cryptography, PKI, and modern cryptographic protocols, with the ability to make pragmatic, risk-informed design decisions.
• Demonstrated experience designing, operating, and evolving production PKI systems (root and issuing CAs, CRL/OCSP, certificate lifecycle, and policy governance).
• Proficiency with infrastructure-as-code (e.g., Terraform) and engineering practices that enable repeatable, auditable, and secure deployments.
• Working knowledge of major cloud platforms (AWS, GCP, Azure) and how to integrate PKI and secrets management with cloud-native services.
• Experience with containerization, orchestration (e.g., Kubernetes), and CI/CD workflows, including secure delivery patterns and secrets handling.
• Excellent communication skills, with a track record of presenting complex technical concepts, trade-offs, and recommendations to engineering and executive audiences.
• Strong threat modeling and security architecture skills, with the ability to anticipate abuse cases and design for resilience.
• Hands-on management, integration, and configuration experience with HSM platforms (Entrust, Thales, etc.), including key ceremonies, partitioning, and role design.
• Experience working with and implementing security standards and frameworks (e.g., FIPS 140-2/3, PCI-DSS, and related controls), and translating them into actionable technical requirements.

Nice To Haves

• HashiCorp Vault certification or clearly demonstrable expert-level proficiency with Vault in complex, production environments.
• Deep expertise in HashiCorp Vault and Terraform, including multi-tenant architectures, performance optimization, and automation of large-scale deployments.
• Experience scaling backend systems and implementing secure hardware solutions (HSM, TPM, TEE, etc.) in high-availability, regulated environments.
• Familiarity with modern authentication and authorization protocols (OAuth 2.0, OIDC, WebAuthn/FIDO2, Zero Trust architectures) and how they integrate with PKI and secrets management.
• Experience with remote attestation, secure enclaves, and hardware-backed key protection in cloud or hybrid environments.
• Proficiency in at least one modern programming language (e.g., Go, Rust, Python, Node.js) for building integrations, tooling, and automation around cryptographic and secrets platforms.
• Demonstrated passion for security, rigor, and correctness, with a strong bias toward automation, measurable outcomes, and operational excellence.

Responsibilities

• Setting the technical vision and architecting, implementing, and operating scalable, highly available PKI and secrets management services for the enterprise.
• Owning design decisions that shape internal trust models, cryptographic architectures, and access patterns for the most sensitive data and systems.
• Defining, implementing, and continuously improving policies, processes, and controls for the full lifecycle of keys, certificates, and secrets across diverse platforms.
• Influencing and aligning engineering, infrastructure, and leadership teams to deliver robust, observable, and compliant cryptographic systems.
• Mentoring and developing engineers, raising the bar for technical excellence, and driving consistent best practices for cryptographic and secrets management across the organization.
• Advising senior leadership on long-term security architecture strategy, trade-offs, and investment priorities related to identity, PKI, and secrets management.
• Providing operational leadership, including participation in on-call rotations for global, mission-critical services and driving post-incident improvements.
• Leading HSM strategy, including architecture, platform selection, appliance consolidation, and multi-year roadmap planning in alignment with enterprise security and compliance goals.

Benefits

• Total Rewards resources