Staff Cybersecurity Engineer

Job Description

The Role:

Were looking for a senior self-driven Cyber Security Engineer to own the strategy design implementation and operation of our enterprise PKI and secrets management capabilities. This role is accountable for how trust identity and secure access are established and enforced across the enterprise and for ensuring these foundations scale with the business.
You will operate as a technical leader and subject-matter expert partnering with senior engineering and security leaders to define long-term direction set standards and drive adoption. You should thrive in a fast-paced agile environmentcomfortable making high-impact decisions navigating ambiguity and rapidly adapting as technologies and requirements evolve.

What Youll Do:

• Setting the technical vision and architecting implementing and operating scalable highly available PKI and secrets management services for the enterprise.

• Owning design decisions that shape internal trust models cryptographic architectures and access patterns for the most sensitive data and systems.

• Defining implementing and continuously improving policies processes and controls for the full lifecycle of keys certificates and secrets across diverse platforms.

• Influencing and aligning engineering infrastructure and leadership teams to deliver robust observable and compliant cryptographic systems.

• Mentoring and developing engineers raising the bar for technical excellence and driving consistent best practices for cryptographic and secrets management across the organization.

• Advising senior leadership on long-term security architecture strategy trade-offs and investment priorities related to identity PKI and secrets management.

• Providing operational leadership including participation in on-call rotations for global mission-critical services and driving post-incident improvements.

• Leading HSM strategy including architecture platform selection appliance consolidation and multi-year roadmap planning in alignment with enterprise security and compliance goals.

Your Skills & Abilities (Required Qualifications):

• Bachelors degree in Computer Science Mathematics Physics or equivalent senior-level industry experience.

• 7 years experience in enterprise security engineering or Site Reliability Engineering (SRE) with direct responsibility for high-availability security or cryptographic services.

• 7 years experience with enterprise secrets management platforms (e.g. HashiCorp Vault AWS Secrets Manager Azure Key Vault BeyondTrust) including architecture operations and integration at scale.

• Strong understanding of public-key cryptography PKI and modern cryptographic protocols with the ability to make pragmatic risk-informed design decisions.

• Demonstrated experience designing operating and evolving production PKI systems (root and issuing CAs CRL/OCSP certificate lifecycle and policy governance).

• Proficiency with infrastructure-as-code (e.g. Terraform) and engineering practices that enable repeatable auditable and secure deployments.

• Working knowledge of major cloud platforms (AWS GCP Azure) and how to integrate PKI and secrets management with cloud-native services.

• Experience with containerization orchestration (e.g. Kubernetes) and CI/CD workflows including secure delivery patterns and secrets handling.

• Excellent communication skills with a track record of presenting complex technical concepts trade-offs and recommendations to engineering and executive audiences.

• Strong threat modeling and security architecture skills with the ability to anticipate abuse cases and design for resilience.

• Hands-on management integration and configuration experience with HSM platforms (Entrust Thales etc.) including key ceremonies partitioning and role design.

• Experience working with and implementing security standards and frameworks (e.g. FIPS 140-2/3 PCI-DSS and related controls) and translating them into actionable technical requirements.

What Will Give You A Competitive Edge (Preferred Qualifications):

• HashiCorp Vault certification or clearly demonstrable expert-level proficiency with Vault in complex production environments.

• Deep expertise in HashiCorp Vault and Terraform including multi-tenant architectures performance optimization and automation of large-scale deployments.

• Experience scaling backend systems and implementing secure hardware solutions (HSM TPM TEE etc.) in high-availability regulated environments.

• Familiarity with modern authentication and authorization protocols (OAuth 2.0 OIDC WebAuthn/FIDO2 Zero Trust architectures) and how they integrate with PKI and secrets management.

• Experience with remote attestation secure enclaves and hardware-backed key protection in cloud or hybrid environments.

• Proficiency in at least one modern programming language (e.g. Go Rust Python ) for building integrations tooling and automation around cryptographic and secrets platforms.

• Demonstrated passion for security rigor and correctness with a strong bias toward automation measurable outcomes and operational excellence.

#LI-SB3

About GM

Our vision is a world with Zero Crashes Zero Emissions and Zero Congestion and we embrace the responsibility to lead the change that will make our world better safer and more equitable for all.

Why Join Us

We believe we all must make a choice every day individually and collectively to drive meaningful change through our words our deeds and our culture. Every day we want every employee to feel they belong to one General Motors team.

Benefits Overview

From day one were looking out for your well-beingat work and at homeso you can focus on realizing your ambitions. Learn how GM supports a rewarding career that rewards you personally by visiting Total Rewards resources.

Non-Discrimination and Equal Employment Opportunities (U.S.)

General Motors is committed to being a workplace that is not only free of unlawful discrimination but one that genuinely fosters inclusion and belonging. We strongly believe that providing an inclusive workplace creates an environment in which our employees can thrive and develop better products for our customers.

All employment decisions are made on a non-discriminatory basis without regard to sex race color national origin citizenship status religion age disability pregnancy or maternity status sexual orientation gender identity status as a veteran or protected veteran or any other similarly protected status in accordance with federal state and local laws.

We encourage interested candidates to review the key responsibilities and qualifications for each role and apply for any positions that match their skills and capabilities. Applicants in the recruitment process may be required where applicable to successfully complete a role-related assessment(s) and/or a pre-employment screening prior to beginning employment. To learn more visit How we Hire.

Accommodations

General Motors offers opportunities to all job seekers including individuals with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment email us or call your email please include a description of the specific accommodation you are requesting as well as the job title and requisition number of the position for which you are applying.