Principal PKI Engineer

An Amazing Career Opportunity fora Principal PKI Engineer!!

Location: Salt Lake City Utah

Job ID: 41264

As a Principal PKI Engineer you will lead the architecture implementation and operations of our Public Key Infrastructure as a Service (PKIaaS) platform. This role is critical to the secure issuance and lifecycle management of digital certificates in a multi-tenant cloud-first environment. You will design and maintain scalable certificate hierarchies manage HSMs and cryptographic assets perform key ceremonies and advise on cryptographic and operational best practices. Experience with cloud computing in AWS is essential.

You will act as a senior technical authority guiding the secure issuance renewal and revocation of certificate authorities and end user certificates ensuring CA key material integrity and mentoring supporting engineers and administrators. Youll collaborate across security infrastructure compliance and product teams to ensure that cryptographic trust is embedded and maintained throughout the service offering.

Who are we

HID powers the trusted identities of the worlds people places and things allowing people to transact safely work productively and travel freely.

We are a high-tech software company headquartered in Austin TX with over 4500 worldwide employees.Check us out here:and and Access Management Solutions (IAMS):

HID Global IAM products protect more than 85 million user identities.

HID Global Identity and Access Management Solutions products protect more than 85 million user identities. At HID Global we understand that no person device or workplace can go unprotected. This philosophy of Zero Trust drives us to create new advances in risk-based multi-factor authentication leads us to secure user identities in converged access environments and drives the need to expand implementations with our industry-leading digital certificates and PKIaaS solution to manage them at scale.

Are you ready to make a difference Join us and help shape the future of security.

As our Principal PKI Engineer youll support HIDs successby:

• Designing and implementing PKI hierarchies (Root Intermediate Issuing CAs) to support multi-tenant internal and external PKIaaS customers.
• Deploying and operating PKI services in AWS using services such as ECS EKS EC2 VPC CloudWatch S3 etc.
• Performing and leading key ceremonies maintaining strict procedural integrity in accordance with policy compliance and regulatory requirements.
• Configuring and maintaining HSMs for secure storage of private keys and key material backup/recovery.
• Overseeing the deployment configuration and operational lifecycle of CA software platforms (e.g. EJBCA Microsoft ADCS etc.).
• Setting up and monitoring Certificate Revocation Lists (CRLs) and Online Certificate Status Protocol (OCSP) responders for high availability and low latency.
• Developing and maintaining Business Continuity and Disaster Recovery (BCP/DR) plans for PKI infrastructure including multi-region failover strategies in AWS.
• Implementing PKI operational and security best practices including role-based access controls audit logging and secure key lifecycle management.
• Providing guidance on certificate issuance policies trusted root management code signing S/MIME and TLS authentication practices.
• Collaborating with internal teams and external stakeholders to define PKI requirements and guide integration with enterprise systems cloud platforms and DevOps pipelines.
• Defining and enforcing PKI operational and security best practices policies and SOPs across the organization.
• Monitoring and auditing PKI infrastructure perform root cause analysis on incidents and lead continuous improvement efforts.

YourExperienceand Background include:

• Bachelors or Masters degree in Computer Science Cybersecurity Information Systems or related field (or equivalent experience).
• 7 years of experience in Public Key Infrastructure (PKI) cryptographic key management or information security engineering roles.
• 3 years in a lead architect or principal-level position managing enterprise or cloud-native PKI systems.
• CISSP CISM or equivalent cybersecurity certification
• Experience designing and operating large scale PKI in either on-premise or cloud environments.
• Deep expertise in X.509 certificates certificate lifecycle management CRLs OCSP and PKI protocol standards (SCEP ACME EST CMP etc.)
• Hands-on experience with HSMs (Entrust Thales Utimaco etc.) and secure key ceremony procedures.
• Operational knowledge of CA software platforms (EJBCA Microsoft ADCS AWS Private CA etc.).
• Strong familiarity with FIPS 140-2/3 FIPS 140-2/3 WebTrust FedRAMP and cryptographic compliance frameworks.
• Demonstrated ability to design and implement BCP/DR strategies for high-availability PKI services.
• Proficiency with automation/scripting tools (e.g. Bash Python Node Terraform) for infrastructure and key lifecycle automation.
• Experience integrating PKI with IAM MDM TLS/SSL S/MIME code signing and IoT environments.
• Excellent written and verbal communication skills with ability to document processes and train other engineers.

What we can offer you:

• Competitive salary and rewards package

• Competitive benefits and annual leave offering allowing for work-life balance

• A vibrant welcoming & inclusive culture
• Extensive career development opportunities and resources to maximize your potential
• To be a part of a global organization that is pioneering the hardware software and services that allow people to confidently navigate the physical and digital worlds

Why apply

• Empowerment: Youll work as part of a global team in a flexible workenvironment learning and enhancing your expertise. We welcome an opportunity to meet you and learn about your unique talents skills and experiences. You dont need to check all the you have most of the skills and experience we want you to apply.
• Innovation: You embrace challenges and want to drive change. We are open to ideas including flexible work arrangements job sharing or part-time job seekers.
• Integrity: You are results-orientated reliable and straightforward and value being treated accordingly. We want all our employees to be themselves to feel appreciated and accepted.

HID does not accept unsolicited resumes from headhunters recruitment agencies or fee-based recruitment services. We are not responsible for any fees related to unsolicited resumes.

HID is committed to building a diverse equitable and inclusive workforce that reflects the global communities we serve. As an equal opportunity employer we welcome applications from individuals of all backgrounds experiences and perspectives. We evaluate applicants without regard to race color religion gender gender identity or expression sexual orientation national origin disability age veteran status or any other legally protected characteristic. Our goal is to create a workplace that empowers everyone to thrive and be their authentic selves fostering an environment of mutual respect and inclusivity. If you have a disability and require assistance or accommodation to participate in the application process or to perform essential job functions please contact .

We make it easier for people to get where they want to go!
On an average day think of how many times you tap twist tag push or swipe to get access find information connect with others or track something. HID technology is behind billions of interactions in more than 100 countries. We help you create a verified trusted identity that can get you where you need to go without having to think about it.

When you join our HID team youll also be part of the ASSA ABLOY Group the global leader in access solutions. Youll have 63000 colleagues in more than 70 different countries. We empower our people to build their career around their aspirations and our ambitions supporting them with regular feedback training and development opportunities. Our colleagues think broadly about where they can make the most impact and we encourage them to grow their role locally regionally or even internationally. As we welcome new people on board its important to us to have diverse inclusive teams and we value different perspectives and experiences.

#LI-HIDGlobal