Staff Cybersecurity Engineer (PKI/Secrets Management)

TL;DR

Staff Cybersecurity Engineer (PKI/Secrets Management): Designing and operating enterprise-scale PKI and secrets management services with an accent on trust models, cryptographic architectures, and secure access patterns. Focus on HSM strategy, scaling security infrastructure via IaC, and ensuring compliance with FIPS and PCI-DSS standards.

Location: Hybrid; must be based in or be able to relocate to Austin, Texas or Warren, Michigan

Company

Global automotive leader driving the transition to zero crashes, zero emissions, and zero congestion.

What you will do

• Architect and operate scalable, high-availability PKI and secrets management services for the enterprise.
• Define internal trust models, cryptographic architectures, and access patterns for the most sensitive data and systems.
• Manage the full lifecycle of keys, certificates, and secrets across diverse platforms.
• Lead HSM strategy, including platform selection, appliance consolidation, and multi-year roadmapping.
• Mentor engineers and establish best practices for cryptographic and secrets management.
• Advise senior leadership on security architecture strategy, trade-offs, and investment priorities.

Requirements

• 7+ years of experience in enterprise security engineering or SRE with direct responsibility for cryptographic services.
• 7+ years of experience with secrets management platforms (e.g., HashiCorp Vault, AWS Secrets Manager, Azure Key Vault).
• Deep understanding of public-key cryptography, PKI, and modern cryptographic protocols.
• Proficiency with Terraform (IaC) and experience with major cloud platforms (AWS, GCP, Azure).
• Experience with Kubernetes, containerization, and secure CI/CD workflows.
• Must be authorized to work in the US; no immigration sponsorship provided.

Nice to have

• HashiCorp Vault certification or expert-level proficiency in complex environments.
• Proficiency in Go, Rust, Python, or Node.js for building integrations and automation.
• Experience with Zero Trust architectures, OAuth 2.0, OIDC, and WebAuthn/FIDO2.
• Knowledge of secure enclaves, TEE, and remote attestation in cloud or hybrid environments.

Culture & Benefits

• Comprehensive Total Rewards package focusing on employee well-being.
• Hybrid work model with a requirement to report to the office approximately 3 times a week.
• Eligibility for relocation benefits.
• Inclusive environment committed to non-discrimination and belonging.