Job Vacancy PKI/HSM Engineer

We are looking for an experienced engineer to design, automate, and operate our cryptographic and certificate management capabilities across a large-scale, mission-critical environment. You will play a key role in securing our hybrid infrastructure (Windows, Linux, Azure cloud-native services) by building resilient PKI, crypto services, and automation pipelines that scale.

Your role

• Design, implement, and automate cryptographic services, PKI infrastructures, and certificate lifecycle management across cloud and on-prem platforms.

• Build secure automation and Infrastructure-as-Code pipelines to support our internal PKI and crypto services.

• Partner with internal engineering teams to advise, design, and integrate cryptographic solutions aligned with our standards.

• Troubleshoot and resolve production issues related to cryptography and certificate services.

• Participate in a Watch Duty rotation (approx. 1 day/week) to ensure operational continuity of critical crypto systems.

Mandatory Technical Skills

• Strong experience with Azure security services, especially Key Vault, HSM integration, and secret/key lifecycle management.

• High proficiency in Terraform, Ansible, and automated configuration/deployment workflows.

• Deep understanding of PKI, certificate management, and modern cryptography (X.509, elliptic curve, key exchange, signing & encryption standards).

• Hands-on experience implementing or integrating cryptographic protocols: CMS, SCEP, ACME, SAML, TLS, etc.

• Proficiency in automation and scripting (Python required; PowerShell and Java are assets).

• Solid understanding of networking and security fundamentals.

• Experience debugging at system level on Windows/Linux (ETW, strace, tcpdump, wireshark, etc.).
  
  Nice to Have
   

• Experience with large, regulated, mission-critical environments.

• Knowledge of cloud-native identity and access patterns beyond PKI.

• Contributions to security automation frameworks or internal tooling.

Soft Skills

• Strong communication skills in English (C1+).

• Ability to collaborate effectively with engineering, architecture, and security teams.

• Proactive problem solver with a structured approach.

• High level of ownership and accountability.

• Ability to identify risks, propose solutions, and challenge the status quo.

• Bachelor’s Degree in Computer Science or equivalent experience.