Staff Cybersecurity Engineer
Warren, Texas, United States of America
Full Time
2 hours ago
No H1B
Key skills
AWSAzureCloudGoogle Cloud PlatformKubernetesTerraformVaultGCPGoogle CloudCI/CDLeadershipMentoringCommunication
About this role
Role Overview
- Setting the technical vision and architecting, implementing, and operating scalable, highly available PKI and secrets management services for the enterprise.
- Owning design decisions that shape internal trust models, cryptographic architectures, and access patterns for the most sensitive data and systems.
- Defining, implementing, and continuously improving policies, processes, and controls for the full lifecycle of keys, certificates, and secrets across diverse platforms.
- Influencing and aligning engineering, infrastructure, and leadership teams to deliver robust, observable, and compliant cryptographic systems.
- Mentoring and developing engineers, raising the bar for technical excellence, and driving consistent best practices for cryptographic and secrets management across the organization.
- Advising senior leadership on long-term security architecture strategy, trade-offs, and investment priorities related to identity, PKI, and secrets management.
- Providing operational leadership, including participation in on-call rotations for global, mission-critical services and driving post-incident improvements.
- Leading HSM strategy, including architecture, platform selection, appliance consolidation, and multi-year roadmap planning in alignment with enterprise security and compliance goals.
Requirements
- Bachelor’s degree in Computer Science, Mathematics, Physics, or equivalent senior-level industry experience.
- 7+ years experience in enterprise security engineering or Site Reliability Engineering (SRE), with direct responsibility for high-availability security or cryptographic services.
- 7+ years experience with enterprise secrets management platforms (e.g., HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, BeyondTrust), including architecture, operations, and integration at scale.
- Strong understanding of public-key cryptography, PKI, and modern cryptographic protocols, with the ability to make pragmatic, risk-informed design decisions.
- Demonstrated experience designing, operating, and evolving production PKI systems (root and issuing CAs, CRL/OCSP, certificate lifecycle, and policy governance).
- Proficiency with infrastructure-as-code (e.g., Terraform) and engineering practices that enable repeatable, auditable, and secure deployments.
- Working knowledge of major cloud platforms (AWS, GCP, Azure) and how to integrate PKI and secrets management with cloud-native services.
- Experience with containerization, orchestration (e.g., Kubernetes), and CI/CD workflows, including secure delivery patterns and secrets handling.
- Excellent communication skills, with a track record of presenting complex technical concepts, trade-offs, and recommendations to engineering and executive audiences.
- Strong threat modeling and security architecture skills, with the ability to anticipate abuse cases and design for resilience.
- Hands-on management, integration, and configuration experience with HSM platforms (Entrust, Thales, etc.), including key ceremonies, partitioning, and role design.
- Experience working with and implementing security standards and frameworks (e.g., FIPS 140-2/3, PCI-DSS, and related controls), and translating them into actionable technical requirements.
Tech Stack
- AWS
- Azure
- Cloud
- Google Cloud Platform
- Kubernetes
- Terraform
- Vault
Benefits
- From day one, we're looking out for your well-being–at work and at home–so you can focus on realizing your ambitions.