Posted Jul 14, 2026

Senior Identity Encryption Engineer (PKI & Secrets Management)

Apply Now
Senior Identity Encryption Engineer (PKI & Secrets Management) • W2 Only role. • Candidates must be authorized to work in the United States. • Sponsorship is not available for this position. Position Summary Seeking a Senior Identity Encryption Engineer with deep expertise in PKI, certificate lifecycle management, and enterprise secrets management. This role will modernize and automate cryptographic services by building scalable, self-service solutions, integrating enterprise security platforms, and implementing best practices across the organization. Key Responsibilities • Design, implement, and optimize enterprise PKI and certificate management solutions. • Build self-service certificate provisioning and lifecycle automation. • Develop API-driven integrations with Keyfactor, HashiCorp Vault, Azure Key Vault, and CI/CD pipelines. • Standardize certificate and secrets management across enterprise environments. • Automate workflows using PowerShell and Infrastructure as Code (IaC). • Deploy and manage HSMs and strengthen platform security through monitoring, patching, and system hardening. • Serve as the senior escalation point for complex PKI and directory services issues. • Collaborate with engineering, security, and DevOps teams to deliver secure, scalable solutions. Required Qualifications • 9+ years of experience with PKI, certificate lifecycle management, and cryptographic platforms. • 5+ years automating PKI, directory services, or secrets management. • Strong PowerShell scripting experience. • Hands-on experience with HSMs, REST APIs, IaC, and CI/CD. • Experience with Azure, AWS, or Google Cloud Platform (Azure Key Vault preferred). • Strong understanding of ITIL processes and enterprise security best practices. • Keyfactor Certificate Lifecycle Automation. • HashiCorp Vault and/or CyberArk. • Enterprise DevOps and secrets management experience.