HID
Join to apply for the
Principal PKI Engineer
role at
HID Location: Salt Lake City, Utah Job ID: 41264 Overview
As a Principal PKI Engineer, you will lead the architecture, implementation, and operations of our Public Key Infrastructure as a Service (PKIaaS) platform. This role is critical to the secure issuance and lifecycle management of digital certificates in a multi-tenant, cloud-first environment. You will design and maintain scalable certificate hierarchies, manage HSMs and cryptographic assets, perform key ceremonies, and advise on cryptographic and operational best practices. Experience with cloud computing in AWS is essential. Responsibilities
Designing and implementing PKI hierarchies (Root, Intermediate, Issuing CAs) to support multi-tenant internal and external PKIaaS customers. Deploying and operating PKI services in AWS, using services such as ECS, EKS, EC2, VPC, CloudWatch, S3, etc. Performing and leading key ceremonies, maintaining strict procedural integrity in accordance with policy, compliance, and regulatory requirements. Configuring and maintaining HSMs for secure storage of private keys and key material backup/recovery. Overseeing the deployment, configuration, and operational lifecycle of CA software platforms (e.g., EJBCA, Microsoft ADCS, etc.). Setting up and monitoring Certificate Revocation Lists (CRLs) and Online Certificate Status Protocol (OCSP) responders for high availability and low latency. Developing and maintaining Business Continuity and Disaster Recovery (BCP/DR) plans for PKI infrastructure, including multi-region failover strategies in AWS. Implementing PKI operational and security best practices, including role-based access controls, audit logging, and secure key lifecycle management. Providing guidance on certificate issuance policies, trusted root management, code signing, S/MIME, and TLS authentication practices. Collaborating with internal teams and external stakeholders to define PKI requirements and guide integration with enterprise systems, cloud platforms, and DevOps pipelines. Defining and enforcing PKI operational and security best practices, policies, and SOPs across the organization. Monitoring and auditing PKI infrastructure, perform root cause analysis on incidents, and lead continuous improvement efforts. Your Experience and Background
Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Information Systems, or related field (or equivalent experience). 7+ years of experience in Public Key Infrastructure (PKI), cryptographic key management, or information security engineering roles. 3+ years in a lead, architect, or principal-level position managing enterprise or cloud-native PKI systems. CISSP, CISM, or equivalent cybersecurity certification Experience designing and operating large scale PKI in either on-premise or cloud environments. Deep expertise in X.509 certificates, certificate lifecycle management, CRLs, OCSP, and PKI protocol standards (SCEP, ACME, EST, CMP, etc.) Hands-on experience with HSMs (Entrust, Thales, Utimaco, etc.) and secure key ceremony procedures. Operational knowledge of CA software platforms (EJBCA, Microsoft ADCS, AWS Private CA, etc.). Strong familiarity with FIPS 140-2/3, WebTrust, FedRAMP, and cryptographic compliance frameworks. Demonstrated ability to design and implement BCP/DR strategies for high-availability PKI services. Proficiency with automation/scripting tools (e.g., Bash, Python, Node, Terraform) for infrastructure and key lifecycle automation. Experience integrating PKI with IAM, MDM, TLS/SSL, S/MIME, code signing, and IoT environments. Excellent written and verbal communication skills, with ability to document processes and train other engineers. What we can offer you
Competitive salary and rewards package Competitive benefits and annual leave offering, allowing for work-life balance A vibrant, welcoming & inclusive culture Extensive career development opportunities and resources to maximize your potential To be a part of a global organization that is pioneering the hardware, software and services that allow people to confidently navigate the physical and digital worlds Why apply?
Empowerment: You’ll work as part of a global team in a flexible work environment, learning and enhancing your expertise. We welcome an opportunity to meet you and learn about your unique talents, skills, and experiences. You don’t need to check all the boxes. If you have most of the skills and experience, we want you to apply. Innovation: You embrace challenges and want to drive change. We are open to ideas, including flexible work arrangements, job sharing or part-time job seekers. Integrity: You are results-orientated, reliable, and straightforward and value being treated accordingly. We want all our employees to be themselves, to feel appreciated and accepted. HID does not accept unsolicited resumes from headhunters, recruitment agencies, or fee-based recruitment services. We are not responsible for any fees related to unsolicited resumes. HID is committed to building a diverse, equitable, and inclusive workforce that reflects the global communities we serve. As an equal opportunity employer, we welcome applications from individuals of all backgrounds, experiences, and perspectives. We evaluate applicants without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, disability, age, veteran status, or any other legally protected characteristic. Our goal is to create a workplace that empowers everyone to thrive and be their authentic selves, fostering an environment of mutual respect and inclusivity. If you have a disability and require assistance or accommodation to participate in the application process or to perform essential job functions, please contact accommodations-ext@hidglobal.com . We make it easier for people to get where they want to go! On an average day, think of how many times you tap, twist, tag, push or swipe to get access, find information, connect with others or track something. HID technology is behind billions of interactions, in more than 100 countries. We help you create a verified, trusted identity that can get you where you need to go – without having to think about it.
#J-18808-Ljbffr
Principal PKI Engineer
role at
HID Location: Salt Lake City, Utah Job ID: 41264 Overview
As a Principal PKI Engineer, you will lead the architecture, implementation, and operations of our Public Key Infrastructure as a Service (PKIaaS) platform. This role is critical to the secure issuance and lifecycle management of digital certificates in a multi-tenant, cloud-first environment. You will design and maintain scalable certificate hierarchies, manage HSMs and cryptographic assets, perform key ceremonies, and advise on cryptographic and operational best practices. Experience with cloud computing in AWS is essential. Responsibilities
Designing and implementing PKI hierarchies (Root, Intermediate, Issuing CAs) to support multi-tenant internal and external PKIaaS customers. Deploying and operating PKI services in AWS, using services such as ECS, EKS, EC2, VPC, CloudWatch, S3, etc. Performing and leading key ceremonies, maintaining strict procedural integrity in accordance with policy, compliance, and regulatory requirements. Configuring and maintaining HSMs for secure storage of private keys and key material backup/recovery. Overseeing the deployment, configuration, and operational lifecycle of CA software platforms (e.g., EJBCA, Microsoft ADCS, etc.). Setting up and monitoring Certificate Revocation Lists (CRLs) and Online Certificate Status Protocol (OCSP) responders for high availability and low latency. Developing and maintaining Business Continuity and Disaster Recovery (BCP/DR) plans for PKI infrastructure, including multi-region failover strategies in AWS. Implementing PKI operational and security best practices, including role-based access controls, audit logging, and secure key lifecycle management. Providing guidance on certificate issuance policies, trusted root management, code signing, S/MIME, and TLS authentication practices. Collaborating with internal teams and external stakeholders to define PKI requirements and guide integration with enterprise systems, cloud platforms, and DevOps pipelines. Defining and enforcing PKI operational and security best practices, policies, and SOPs across the organization. Monitoring and auditing PKI infrastructure, perform root cause analysis on incidents, and lead continuous improvement efforts. Your Experience and Background
Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Information Systems, or related field (or equivalent experience). 7+ years of experience in Public Key Infrastructure (PKI), cryptographic key management, or information security engineering roles. 3+ years in a lead, architect, or principal-level position managing enterprise or cloud-native PKI systems. CISSP, CISM, or equivalent cybersecurity certification Experience designing and operating large scale PKI in either on-premise or cloud environments. Deep expertise in X.509 certificates, certificate lifecycle management, CRLs, OCSP, and PKI protocol standards (SCEP, ACME, EST, CMP, etc.) Hands-on experience with HSMs (Entrust, Thales, Utimaco, etc.) and secure key ceremony procedures. Operational knowledge of CA software platforms (EJBCA, Microsoft ADCS, AWS Private CA, etc.). Strong familiarity with FIPS 140-2/3, WebTrust, FedRAMP, and cryptographic compliance frameworks. Demonstrated ability to design and implement BCP/DR strategies for high-availability PKI services. Proficiency with automation/scripting tools (e.g., Bash, Python, Node, Terraform) for infrastructure and key lifecycle automation. Experience integrating PKI with IAM, MDM, TLS/SSL, S/MIME, code signing, and IoT environments. Excellent written and verbal communication skills, with ability to document processes and train other engineers. What we can offer you
Competitive salary and rewards package Competitive benefits and annual leave offering, allowing for work-life balance A vibrant, welcoming & inclusive culture Extensive career development opportunities and resources to maximize your potential To be a part of a global organization that is pioneering the hardware, software and services that allow people to confidently navigate the physical and digital worlds Why apply?
Empowerment: You’ll work as part of a global team in a flexible work environment, learning and enhancing your expertise. We welcome an opportunity to meet you and learn about your unique talents, skills, and experiences. You don’t need to check all the boxes. If you have most of the skills and experience, we want you to apply. Innovation: You embrace challenges and want to drive change. We are open to ideas, including flexible work arrangements, job sharing or part-time job seekers. Integrity: You are results-orientated, reliable, and straightforward and value being treated accordingly. We want all our employees to be themselves, to feel appreciated and accepted. HID does not accept unsolicited resumes from headhunters, recruitment agencies, or fee-based recruitment services. We are not responsible for any fees related to unsolicited resumes. HID is committed to building a diverse, equitable, and inclusive workforce that reflects the global communities we serve. As an equal opportunity employer, we welcome applications from individuals of all backgrounds, experiences, and perspectives. We evaluate applicants without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, disability, age, veteran status, or any other legally protected characteristic. Our goal is to create a workplace that empowers everyone to thrive and be their authentic selves, fostering an environment of mutual respect and inclusivity. If you have a disability and require assistance or accommodation to participate in the application process or to perform essential job functions, please contact accommodations-ext@hidglobal.com . We make it easier for people to get where they want to go! On an average day, think of how many times you tap, twist, tag, push or swipe to get access, find information, connect with others or track something. HID technology is behind billions of interactions, in more than 100 countries. We help you create a verified, trusted identity that can get you where you need to go – without having to think about it.
#J-18808-Ljbffr