Senior Security Engineer (PKI & Secrets)

TL;DR

Senior Security Engineer (PKI & Secrets): Designing and operating cryptographic infrastructure for a GPU-accelerated AI cloud platform with an accent on PKI hierarchies, secrets management, and HSM infrastructure. Focus on implementing secure workload identities, mTLS, and post-quantum cryptography readiness.

Location: Hybrid (Livingston, NJ / New York, NY / Sunnyvale, CA / Bellevue, WA / San Francisco, CA). Remote may be considered for candidates >30 miles from an office. Must be a U.S. person (citizen, green card holder, etc.) for export control compliance.

Salary: $165,000 – $242,000

Company

hirify.global is a publicly traded AI cloud provider delivering high-performance infrastructure and specialized tools for AI labs, startups, and global enterprises.

What you will do

• Design and operate PKI infrastructure, including CA hierarchies, issuance policies, and certificate lifecycle management.
• Manage and evolve secrets management platforms using External Secrets Operator and cert-manager.
• Scale HSM infrastructure, including PKCS#11 integration and key ceremony procedures.
• Design key management and data encryption solutions, including envelope encryption and KMS API design.
• Deliver PKI-based solutions for workload identity, mutual TLS (mTLS), and hardware attestation.
• Maintain code signing infrastructure for firmware, container images, and application binaries.

Requirements

• 5+ years of experience in security or infrastructure engineering.
• Deep understanding of PKI concepts, CA hierarchies, and trust distribution.
• Hands-on experience operating HashiCorp Vault or similar secrets management platforms in production.
• Experience with Hardware Security Modules (HSMs) and PKCS#11 interfaces.
• Proficiency in Go, Python, or similar languages for building production tooling.
• Experience with Kubernetes, including cert-manager or External Secrets Operator.
• Must be a U.S. person as defined by U.S. Government export regulations.

Nice to have

• Experience operating HSM-backed PKI in a cloud provider or hyperscaler environment.
• Familiarity with code signing workflows (Authenticode, Cosign/Sigstore).
• Understanding of hardware attestation and workload identity (TPM, SPDM, SPIFFE/SPIRE).
• Exposure to post-quantum cryptography standards and migration planning.

Culture & Benefits

• 100% company-paid medical, dental, and vision insurance.
• 401(k) with a generous employer match.
• Flexible PTO and paid parental leave.
• Ability to participate in the Employee Stock Purchase Program (ESPP).
• Catered lunch each day in office and data center locations.
• Support for mental wellness (Spring Health) and family-forming (Carrot).