Staff PKI Engineer

About The Position

Requirements

• Bachelor's degree in the areas of Computer Science, Computer Engineering, Electrical Engineering or a related technical field is required.
• 7+ years of experience with public key infrastructure design and implementation.
• 6+ years of experience administrating and managing Hardware Security Modules(Eg: Thales)
• Strong understanding of certificate-based authentication and encryption protocols, such as SSL/TLS
• Experience designing PKI Architecture.
• Experience in creating and maintaining documentation for CA policies, procedures, and best practices to ensure consistency and transparency in CA operations
• Knowledge of industry standards and best practices.
• Thorough understanding of X.509 standard RFC 5820.
• Hands-on experience with digital certificate lifecycle management, including issuance, revocation, and renewal.
• Strong technical skills in network security, firewall configurations, and VPN technologies.
• Knowledge of security and risk assessment methodologies, vulnerability scanning, and penetration testing.
• Hands-on experience with Unix based OS such as RedHat Linux, Ubuntu.
• Experience with establishing and maintaining backup and disaster recovery procedures to ensure the availability and integrity of the CA's data and configurations in case of unexpected failures or disasters.
• Knowledge and experience with Prime key EJBCA and Sign Servers or other PKI applications such as Active Directory Certificate Services.
• Ability to work in a fast-paced, high-pressure environment and handle multiple projects simultaneously.
• Strong communication skills and ability to effectively interact with clients, stakeholders, and internal teams.
• Certifications in security, such as CompTIA Security+, Certified Information Systems Security Professional (CISSP), are highly desirable.

Nice To Haves

• Master's degree or higher education in the areas of Computer Science, Computer Engineering, Electrical Engineering or a related technical field.
• 10+ years of related experience
• Experience managing Primekey CA Stack.
• Experience specifically managing Thales HSMs.
• Experience writing Python, Shell based scripts.
• Experience managing MySQL Databases.
• Experience with different WebServices protocols such as RESTAPI
• Understanding of AWS Cloud Services.
• Experience with messaging queue architecture (eg: MQTT).

Responsibilities

• Maintaining a secure public key infrastructure to support certificate-based authentication and encryption.
• Implement and maintain Code Signing infrastructure.
• Managing and maintaining digital certificates, including certificate authorities, root certificates, and intermediate certificates.
• Ensuring compliance with industry standards and best practices such as NIST guidelines.
• Managing and monitoring the issuance, revocation, and renewal of certificates.
• Implementing and maintaining secure certificate-based authentication and encryption protocols, such as SSL/TLS.
• Collaborating with other larger product engineering teams to ensure that the PKI infrastructure is integrated with other systems and processes.

Benefits

• Lucid offers a wide range of competitive benefits, including medical, dental, vision, life insurance, disability insurance, vacation, and 401k.
• The successful candidate may also be eligible to participate in Lucid’s equity program and/or a discretionary annual incentive program, subject to the rules governing such programs.